Three critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are under active exploitation. All carry CVSS 9.1 scores and allow unauthenticated remote code execution.
CVE-2026-48907 in Joomla Content Editor allows unauthenticated attackers to upload and execute PHP code. CISA added it to the KEV catalog after active exploitation deploying web shells.
Malicious JetBrains IDE plugins disguised as AI coding assistants exfiltrated OpenAI and DeepSeek API keys from developers. All 15 plugins have been removed and publisher accounts terminated.
Russian-speaking threat group harvested plaintext credentials for 73,000+ Fortinet firewalls across 194 countries. Samsung, Oracle, and NATO contractor among victims.
CVE-2026-24155 allows local privilege escalation in NVIDIA's AI framework across Windows, Linux, and macOS. The CVSS 7.8 flaw affects multi-tenant ML environments where isolation is critical.
UNC1151 phishing campaign steals 2FA codes using fake Google security alerts. CERT Polska reports new domains appearing daily as attackers target government officials and their families.
CVE-2026-54420 exploits symlink mishandling to escalate privileges on shared hosting servers. CISA mandates federal patching within 48 hours as attackers target multi-tenant environments.
CVE-2026-20262 joins CVE-2026-20245 on CISA's exploited vulnerabilities list. Attackers deploy malicious .war files via path traversal to gain root access on Catalyst SD-WAN Manager.
144 packages in the Mastra AI framework compromised via hijacked maintainer account. The malicious easy-day-js dependency deploys a crypto-stealing RAT affecting 1.1M weekly downloads.
Kaspersky uncovers malware campaign using Wallpaper Engine's Steam Workshop to distribute DarkKomet, Lumma, and Vidar. China-focused attacks stole Steam accounts and deployed cryptominers.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.