Collaborate Disseminate
Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent repo… Continue reading Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by… Continue reading New Mirai variants target routers and DVRs in parallel campaigns
Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Prog… Continue reading Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)
CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploited. Three Cisco Catalyst SD-WAN Manager vulnerabili… Continue reading CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)
Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset of customers”. Advice for affected custom… Continue reading Vercel breached via compromised third-party AI tool
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and when the victim call… Continue reading AI platform ATHR makes voice phishing a one-person job
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escala… Continue reading Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by … Continue reading NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a … Continue reading Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) ch… Continue reading Testing reveals Claude Mythos’s offensive capabilities and limits