44+ min ago  (393+ words) The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initial access…...

1+ hour, 52+ min ago  (467+ words) The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict Mode, a restrictive security configuration that limits network access, prevents out-of-workspace writes, and ensures all commands…...

5+ hour, 51+ min ago  (265+ words) The U. S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows…...

19+ hour ago  (335+ words) A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9. 8 out of 10. 0. It has been described as a…...

1+ day, 8+ hour ago  (430+ words) Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context. ai, a third-party artificial intelligence (AI) tool, that was used…...

2+ week, 17+ hour ago  (600+ words) An'Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U. A. E. amid'ongoing conflict in the Middle'East. The'activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on…...

1+ week, 4+ day ago  (356+ words) Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for Word Press and Joomla to push a poisoned version containing a'backdoor. The'incident impacts Smart Slider 3 Pro version 3. 5. 1. 35'for Word Press, per Word Press security company…...

1+ week, 1+ day ago  (213+ words) The North Korean hacking group tracked'as APT37 (aka Scar Cruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building…...

5+ day, 8+ hour ago  (360+ words) A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency'sectors. The…...

3+ week, 1+ day ago  (584+ words) Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using. NET and includes various executables" to…...