Collaborate Disseminate
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escala… Continue reading Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by … Continue reading NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a … Continue reading Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) ch… Continue reading Testing reveals Claude Mythos’s offensive capabilities and limits
“Unauthorized third parties may have been able to access certain booking information associated with your reservation,” email alerts sent out by Booking.com over the weekend warn. The online travel agency did not say which system(s) were ac… Continue reading Booking.com data breach: Customer reservation data exposed
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approxim… Continue reading Hackers hijacked CPUID downloads, served STX RAT to victims
Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About CVE-2026-34621 CVE-2026-34621 is a critical prototype pollution vulnerabilit… Continue reading Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for eve… Continue reading ClickFix campaign delivers Mac malware via fake Apple page
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malverti… Continue reading Poisoned “Office 365” search results lead to stolen paychecks
In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the cod… Continue reading Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)