3+ hour, 21+ min ago  (689+ words) A nation-state malware known as Kazuar has resurfaced with a far more dangerous design than anyone expected. What once started as a relatively standard backdoor has now grown into a fully modular, peer-to-peer botnet specifically engineered for long-term, covert espionage…...

2+ hour, 13+ min ago  (456+ words) Microsoft issued an urgent security alert regarding a newly discovered vulnerability in Exchange Server that is currently being exploited in the wild. Tracked as CVE-2026-42897, this critical spoofing flaw carries a high CVSS 3. 1 severity score of 8. 1 and directly impacts on-premises…...

4+ hour, 52+ min ago  (306+ words) Threat actors can now exploit a Server-Side Request Forgery (SSRF) flaw to silently steal cloud credentials, harvest API keys, and access sensitive internal admin panels. The vulnerability, tracked as CVE-2026-44578, originates in how the built-in Next. js Node. js server…...

3+ hour, 50+ min ago  (273+ words) Tracked as CVE-2026-41702, the flaw was privately reported to Broadcom and patched on May 14, 2026, under security advisory VMSA-2026-0003. The vulnerability stems from a TOCTOU (Time-of-Check Time-of-Use) race condition that occurs during an operation performed by a SETUID binary within VMware…...

4+ hour, 38+ min ago  (259+ words) Google has rolled out a massive security update for its Chrome browser, sealing a staggering 79 vulnerabilities before threat actors can exploit them. With 14 of these flaws rated as critical, browsing the web on an outdated version leaves your entire system…...

4+ hour, 10+ min ago  (653+ words) A state-aligned hacking group known as Frosty Neighbor has resurfaced with a fresh wave of cyberattacks targeting government organizations in Ukraine, using a carefully designed infection chain that is harder than ever to detect. The group, active since at least…...

8+ hour, 12+ min ago  (403+ words) Two employee devices at Open AI were compromised in a sweeping software supply chain attack targeting Tan Stack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched…...

9+ hour, 44+ min ago  (389+ words) Tracked as CVE-2026-20182 with a CVSS score of 10. 0, the flaw puts SD-WAN deployments across on-premises, cloud, and government environments at critical risk. Discovered by Rapid7 Labs researchers Stephen Fewer and Jonah Burgess while investigating a prior SD-WAN vulnerability (CVE-2026-20127), the new…...

16+ hour ago  (660+ words) A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead,…...

20+ hour, 49+ min ago  (398+ words) Imagine locking your organization's sensitive data behind a heavy vault door, only to realize the locking mechanism is entirely missing. Security researchers at Fog Security recently uncovered a severe authorization bypass in Amazon Quick's AI Chat Agents. Compounding the issue,…...