Tenda Router Backdoor Grants Admin Access — No Patch Available
CERT/CC warns of CVE-2026-11405, an undocumented authentication backdoor in Tenda router firmware. The vendor remains unreachable with no fix in sight.
CERT/CC warns of CVE-2026-11405, an undocumented authentication backdoor in Tenda router firmware. The vendor remains unreachable with no fix in sight.
CVE-2026-10134 enables unauthenticated RCE in Langflow OSS through public flows. Attackers can run arbitrary Python on servers via the build endpoint.
JetBrains fixes CVSS 9.8 account takeover bug in Hub and multiple RCE vulnerabilities across IntelliJ, GoLand, and other IDEs. Update immediately.
Kaspersky uncovers Umbrij, a .NET tool used by APT group ToddyCat to steal Gmail OAuth tokens through browser remote debugging—no credentials needed.
Researchers demonstrate TrojPix, an attack that turns invisible pixel changes into radio signals leaking data at 8.1 Mbps from air-gapped systems up to 208 meters away.
CVE-2026-20191 in Cisco Catalyst Center allows unauthenticated attackers to read arbitrary files through path traversal. Affects version 3.1+ across hardware appliances and cloud deployments.
New threat group Armored Likho targets government agencies and power sectors in Russia, Brazil, and Kazakhstan using BusySnake Stealer—malware with AI-generated loader code and reverse SSH tunneling capabilities.
Opera becomes the first browser to ship native protection against ClickFix attacks with Paste Protect, blocking malicious clipboard content before users can execute it in terminals or command prompts.
Critical authentication bypass in Oracle Payments (CVE-2026-46817) is being actively exploited. Over 900 vulnerable instances exposed online, with attackers achieving system takeover via unauthenticated HTTP requests.
Google releases Chrome 151 fixing 382 vulnerabilities including 15 critical use-after-free and type confusion bugs enabling remote code execution across Windows, macOS, and Linux.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.