9+ hour, 9+ min ago  (379+ words) Active since at least 2020, this long-running operation relies on custom backdoors and credential-stealing tools to gather critical military intelligence. Analysts assess with moderate confidence that a China-aligned threat actor operates this persistent network. Rather than executing large-scale data theft, the…...

9+ hour, 15+ min ago  (385+ words) Linux environments are the backbone of modern enterprise infrastructure, hosting critical servers and virtualization platforms. Despite its importance, Linux-focused ransomware remains one of the least documented threats in public research. However, cybercriminals are rapidly adapting to this blind spot. Threat…...

13+ hour, 42+ min ago  (313+ words) The update, published on March 24, 2026, upgrades the Long-Term Support (LTS) branch to version 20.20.2, codenamed "Iron," and patches seven distinct security flaws affecting core components such as TLS, HTTP/2, V8, and the permission model. The most severe vulnerability, tracked as CVE-2026-21637, is…...

7+ hour, 47+ min ago  (323+ words) NVIDIA has released its March 2026 security bulletins, warning of multiple vulnerabilities across its AI and infrastructure products that could allow remote code execution (RCE) and denial-of-service (DoS) attacks. The disclosure highlights growing risks in machine learning environments, where widely used…...

7+ hour, 38+ min ago  (345+ words) The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, both carry a CVSS score of 9.8 and pose a severe risk to enterprise environments relying on EPMM for mobile device management. According to incident response findings from WithSecure's STINGR Group, attackers leveraged these…...

10+ hour, 53+ min ago  (442+ words) A newly disclosed vulnerability in the IDrive Cloud Backup Client for Windows is raising serious security concerns, as it enables local attackers to escalate privileges to the highest level on affected systems. Tracked as CVE-2026-1995, the flaw allows authenticated users…...

11+ hour, 46+ min ago  (276+ words) The incident, tracked as CVE-2026-33634, highlights how trusted security tools can be weaponized to compromise downstream environments at scale. The attack was attributed to a threat group known as TeamPCP, which exploited weaknesses in Trivy's CI/CD pipeline. In a…...

12+ hour, 53+ min ago  (339+ words) Database breaches are typically discovered weeks or months after they happen. Forensic teams spend days reconstructing events, and affected users eventually receive notifications. However, infostealer malware works on a drastically shorter timeline. An employee might download cracked software on a…...

13+ hour, 3+ min ago  (416+ words) Cisco has issued urgent security updates to fix a critical vulnerability in its Secure Firewall Management Center (FMC) software that could allow attackers to take full control of affected systems. The flaw, tracked as CVE-2026-20131, carries a maximum CVSS score…...

14+ hour, 1+ min ago  (340+ words) Security researchers have uncovered a targeted supply chain attack aimed at cryptocurrency developers. Fivemalicious npm packages published by the account "galedonovan" were found to be typosquatting legitimate Solana and Ethereum libraries. Once installed, these packages secretly steal private keys and…...