CVE-2026-31635 exploits a missing copy-on-write guard in RxGK to corrupt privileged file caches. Fedora, Arch, and openSUSE at risk. Here's who's affected.
ShinyHunters claims responsibility for Carnival breach exposing names, passport numbers, and driver's licenses. Company offering two years of credit monitoring.
Daemon Tools, TanStack, and Nx Console all compromised via supply chain attacks. CVSS scores up to 9.5. CISA mandates federal remediation by June 10.
CVE-2026-43284 and CVE-2026-43500 chain together for deterministic root access. PoC exploit is public, patches still rolling out. Here's how to detect and mitigate.
CVE-2026-20182 lets unauthenticated attackers gain admin access to Cisco Catalyst SD-WAN controllers. CISA adds to KEV with federal deadline. Here's what you need to know.
Attackers weaponize CVE-2026-35616 to deploy EKZ infostealer via FortiClient EMS management features. Fake Fortinet patch harvests browser passwords and cookies.
Malicious repository impersonating OpenAI's Privacy Filter reached 244,000 downloads before removal. Infostealer targeted Windows users via trending Hugging Face page.
Silent Ransom Group escalates from vishing to physical infiltration. FBI FLASH alert warns 38+ law firms already breached, with operatives plugging USB drives into office computers.
Microsoft warns of active campaign using AI chatbot recommendations to distribute GPU mining malware. Attackers target high-end graphics card owners through fake utility downloads.
Malicious npm package mouse5212-super-formatter stole files from Claude AI's working directory. The attacker's own GitHub token was exposed in the code, allowing researchers to trace exfiltration.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.