Google patches actively exploited CVE-2025-48595 affecting Android 14+ alongside 123 additional vulnerabilities. Pixel devices get immediate updates—others must wait.
New threat actor uses fake recruiter profiles to deploy AUDIOFIX and MINIRAT malware against cryptocurrency organizations. npm supply chain also compromised.
A SpaceX security engineer discovered a privilege escalation bug hidden in the Linux kernel since 2007. Proof-of-concept exploit published—major distributions now patching.
Critical CVSS 9.4 vulnerability in Gogs self-hosted Git service allows authenticated users to achieve RCE via argument injection. Maintainers unresponsive since March disclosure.
32+ Red Hat Cloud Services npm packages compromised with Mini Shai-Hulud credential-stealing malware. 80K weekly downloads affected—here's what developers need to know.
New macOS infostealer SHub Reaper impersonates Apple, Microsoft, and Google software to steal passwords, crypto wallets, and iCloud data. Bypasses Tahoe 26.4 mitigations.
Critical Windows Netlogon vulnerability CVE-2026-41089 enables zero-click RCE on domain controllers. Active exploitation confirmed—patch immediately.
Microsoft Exchange Server zero-day CVE-2026-42897 enables session hijacking via malicious emails. Active exploitation confirmed with no permanent fix available.
Oracle REST Data Services vulnerability CVE-2026-46840 earns maximum CVSS 10.0 score. Unauthenticated attackers can achieve complete system compromise via HTTPS.
CVE-2026-8732 in WP Maps Pro allows unauthenticated attackers to create administrator accounts. Over 3,600 attacks blocked in 24 hours. Patch to 6.1.1 now.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.