Stay ahead of emerging threats with expert analysis from 100+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week: a massive ad-tech surveillance network quietly tracks 500 million devices, CPUID's website breach turns trusted CPU-Z downloads into malware delivery, and Fortinet warns of a persistent access technique that survives even after patching.
Cisco released patches for four critical vulnerabilities affecting Identity Services Engine and Webex. CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user, while three ISE flaws enable remote code execution and root privilege escalation.
CVE-2026-33032 is a critical vulnerability in nginx-ui that allows unauthenticated attackers to take complete control of nginx services. The flaw exists because one MCP endpoint forgot to check authentication while another requires it. CISA has added it to the KEV catalog.
Read moreScattered Spider, the group behind the MGM and Caesars attacks, has hit Marks & Spencer, Co-op, and Harrods in a coordinated campaign deploying DragonForce ransomware. The attacks relied on social engineering help desk staff rather than technical exploits.
Read moreCVE-2024-9486 is a critical CVSS 9.8 vulnerability in Kubernetes Image Builder that leaves default SSH credentials baked into VM images. The builder account with a well-known password persists in finished images, giving attackers root access to deployed nodes.
Read moreCitizen Lab revealed that law enforcement agencies worldwide are using Webloc, a tool built by Israeli intelligence company Cobwebs Technologies, to track 500 million mobile devices through advertising data without warrants. Clients include ICE, US military, and police departments across America.
Read moreThe official CPUID website was compromised for 19 hours, redirecting users to malicious downloads of CPU-Z and HWMonitor that delivered STX RAT. Over 150 victims identified across retail, manufacturing, telecom, and individual users in Brazil, Russia, and China.
Read moreFortinet has disclosed that threat actors are using a symlink-based technique to maintain read-only access to FortiGate devices even after security patches are applied. The method exploits the SSL-VPN language files directory to create persistent filesystem access.
Read moreAttackers hijacked Smart Slider 3 Pro update system, pushing a backdoor to 800K+ WordPress sites in 6 hours. Creates hidden admins and steals credentials.
Read moreA sophisticated zero-day in Adobe Reader has been exploited in the wild since at least December 2025. Malicious PDFs disguised as invoices automatically execute JavaScript to harvest data and download additional payloads. No patch is currently available.
Read moreDPRK-linked threat actors have infected over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist since January 2025. The Contagious Interview campaign delivers infostealers and RATs through developer tooling that looks completely legitimate until activated.
Read moreCVE-2025-59528 is a CVSS 10.0 RCE flaw in Flowise AI agent builder with 12,000 exposed instances. Here is who is affected, how to check, and what to patch.
Read moreNorth Korean hackers spent six months building trust with Drift Protocol contributors before stealing $285 million. The operation involved fake personas, conference appearances, and a million-dollar deposit to establish credibility before exploiting VS Code and TestFlight attack vectors.
Read moreSecurity researchers discovered 36 malicious npm packages impersonating Strapi CMS plugins. The packages exploit Redis and PostgreSQL databases, deploy reverse shells, harvest credentials, and target cryptocurrency platforms with hard-coded database credentials.
Read moreNorth Korean hackers drained $285 million from Solana-based Drift Protocol using social engineering to compromise multi-signature approvals. The attack involved no code exploits, just patient manipulation of human trust over several weeks.
Read moreGoogle patched CVE-2026-5281, a high-severity use-after-free vulnerability in Chrome's Dawn WebGPU implementation that is being actively exploited in the wild. This marks the fourth Chrome zero-day of 2026, and CISA has already added it to the Known Exploited Vulnerabilities catalog.
Read moreCheck Point researchers discovered a ChatGPT vulnerability allowing silent data exfiltration via DNS queries from the code execution sandbox. Separately, BeyondTrust found a critical command injection flaw in OpenAI Codex that enabled GitHub token theft through malicious branch names.
Read moreCensys discovered CTRL, a Russian RAT using named pipes and RDP tunneling to evade network monitoring. Built to stay hidden while maintaining full network access.
Read moreIran-linked Handala Hack breached FBI Director Kash Patel email and unleashed wiper malware on Stryker. First destructive attack on US Fortune 500.
Read moreThree critical vulnerabilities in LangChain and LangGraph let attackers steal files from filesystems, siphon API keys and environment secrets, and pillage conversation histories. With 84 million weekly downloads, most enterprise AI deployments are affected.
Read moreSecurity researchers at Cyera disclosed three vulnerabilities in LangChain and LangGraph affecting millions of AI applications. Path traversal, deserialization, and SQL injection flaws expose filesystem contents, environment secrets, and conversation histories.
Read moreOur CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.
Subscribe to our newsletter and get the latest security insights delivered to your inbox.