Squidbleed: 1997 Squid Proxy Bug Leaks HTTP Credentials
Security researchers have uncovered a nearly three-decade-old vulnerability in Squid Proxy that lets anyone sharing the same proxy silently steal oth…
Security
6 Strategies to Reduce the Risk of Targeted Attacks in a Digital-First World
In a world where nearly every aspect of life is connected to technology, personal and professional security has become more complex than ever. Digita…
BitLocker Bypass GreatXML: Using Defender Offline Scan Against You
If you have ever run Windows Defender's Offline Scan, your BitLocker encryption may already be compromised — before an attacker even logs in. Sec…
Microsoft Defender Zero-Day PoC Gives SYSTEM Access on Fully Patched Windows
A researcher who has turned Microsoft's vulnerability disclosure process into a public battleground has released another working exploit — this t…
ServiceNow API Flaw Exploited for Two Months Before Patch
A single misconfigured checkbox quietly exposed enterprise IT data across multiple ServiceNow customer instances for weeks — and if community reports…
OpenAI's Codex AI Discovers "HTTP/2 Bomb" That Can Crash Major Web Servers in Seconds
An AI model just found a decade-old attack that human security researchers somehow missed — and it works against almost every major web server on the…
An AI Security Tool Dug Up a 2-Year-Old Redis Bug That Lets Attackers Take Over Servers
A flaw that sat undetected in Redis for over two years — silently present in every stable release since version 7.2.0 — has been patched after an AI-…
Researcher Drops PoC for 1-Click GitHub Token Theft via VSCode Bug — Skips MSRC Entirely
Security researcher Ammar Askar has publicly released a fully working proof-of-concept (PoC) exploit that can steal a victim's GitHub OAuth token…
Red Hat Cloud Services npm Packages Hijacked to Steal Developer Secrets in Sophisticated Supply Chain Attack
Attackers compromised the official Redhat cloud services npm namespace on June 1, 2026, injecting a sophisticated credential-harvesting worm into 95 …
Instagram Accounts Are Being Stolen via Chat With Meta AI
Hundreds of Instagram accounts — including the dormant Obama White House profile, the official Sephora page, and the Instagram of U.S. Space Force Ch…
A Forged Kernel Key and a Rootful Helper: Inside the CIFSwitch Linux Privilege Escalation
A security researcher has disclosed a Linux local privilege escalation — dubbed CIFSwitch — that lets any unprivileged user silently escalate to roo…
BadHost (CVE-2026-48710): One Rogue Header Line Unlocks Your Entire AI Stack
A single, malformed HTTP header is all it takes to walk past the front door of thousands of Python-powered AI applications — no credentials, no token…
Malicious Packages on npm, PyPI, and Crates.io Steal Crypto Wallets, SSH Keys, and Cloud Credentials
Security researchers at Socket have uncovered an active supply chain attack that poisoned 34 packages and more than 384 versions across three major …
LiteSpeed cPanel Plugin Flaw Lets Any Shared Hosting User Take Over the Entire Server
A critical privilege escalation bug in LiteSpeed's user-end cPanel plugin — now confirmed as actively exploited in the wild — can hand any ordina…
NGINX Hit by Second Unauthenticated RCE —'nginx-poolslip'
F5 has rushed out a security advisory for a second critical heap overflow vulnerability in NGINX's URL rewriting engine this month — and this one…
Trend Micro's Own Security Tool Turned Against Enterprises — Apex One Zero-Day Actively Exploited
The endpoint security software meant to protect enterprise networks from attackers has itself become a target. Trend Micro has patched a zero-day vul…
Windows Kernel Bug Breaks Every Browser Sandbox — And It Almost Stayed Secret Until Pwn2Own
A security researcher prepared a devastating Windows kernel exploit for Pwn2Own Berlin 2026 — then had to watch it go public days before the contest …
PoC Exploit Released for Drupal's Critical SQL Injection CVE-2026-9082
A day after Drupal's emergency patches landed , security researchers at Searchlight Cyber have published a full technical breakdown of CVE-2026-9…
Nine-Year-Old Linux Kernel Flaw CVE-2026-46333 Lets Attackers Steal SSH Keys, Shadow Passwords, and Root Access
The Qualys Threat Research Unit (TRU) has released the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's __ptrace_may_access()…
Drupal Patches Highly Critical SQL Injection That Lets Anonymous Attackers Hijack PostgreSQL-Backed Sites
Drupal has pushed emergency security updates for a highly critical SQL injection vulnerability in its core database abstraction layer — the kind of f…