CVE-2026-27960 in OpenCTI 6.6.0-6.9.12 allows unauthenticated API access as any user, including admin. Upgrade to 6.9.13 or disable the default admin account.
CVE-2026-23918 in Apache 2.4.66 lets attackers crash servers or achieve code execution with just two HTTP/2 frames. Upgrade to 2.4.67 immediately.
CVE-2026-0300 allows unauthenticated attackers to execute code as root on PA-Series and VM-Series firewalls. Patches coming May 13—here's how to mitigate now.
The FTC settled with data broker Kochava, barring the sale of geolocation data that tracked visits to reproductive health clinics, addiction facilities, and domestic violence shelters.
M-Trends 2026 reveals attackers now outpace patches, with AI accelerating exploitation and ransomware handoffs dropping to 22 seconds. Defenders are losing ground.
New infostealer MicroStealer evades major antivirus while stealing browser credentials, crypto wallets, and Discord tokens from US and German organizations.
Operation First Light 2026 dismantles nine scam centers across Asia, arrests 276 suspects, and seizes $701M in assets. FBI identifies 9,000 victims.
Progress patches CVE-2026-4670, a critical authentication bypass in MOVEit Automation that could give attackers admin control. No workarounds available.
Three malicious versions of the xinference AI inference library were uploaded to PyPI, targeting cloud credentials and SSH keys from 680K+ users. TeamPCP claims a copycat is responsible.
CTM360 exposes FEMITBOT, a large-scale fraud operation abusing Telegram Mini Apps to run crypto scams, impersonate brands like Apple and NVIDIA, and distribute Android malware.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.