The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP ...

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.

UAT-8302 targets governments since 2024 using shared China-linked malware, enabling persistent access and cross-group cyber ...

ScarCruft spreads BirdCall via sqgame.net since late 2024, targeting Android users, enabling surveillance and data theft.

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.

Microsoft disclosed a credential theft campaign targeting 35,000+ users at 13,000+ organizations across 26 countries.

DAEMON Tools supply chain attack since April 8, 2026 infects signed installers, enabling targeted malware delivery globally.

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.

AI infrastructure exposes 1M services from 2M hosts due to weak defaults, increasing risk of data leaks and system compromise ...

MOVEit Automation flaws (CVE-2026-4670, CVE-2026-5174) enable bypass and escalation, risking enterprise data exposure.

Global crackdown arrests 276 suspects in crypto scams, saving $562M via FBI alerts, disrupting fraud networks targeting ...

Silver Fox spreads ABCDoor via 1,600 phishing emails in 2026 targeting India and Russia, enabling data theft and remote ...