Aggregator

There is no one-size-fits-all cybersecurity laptop. We’ll examine real-world work scenarios, tool compatibility, and trade-offs that impact a security professional’s day-to-day work.

The nonprofit Human Rights Watch obtained export licensing records covering 2018 through 2023, which show the Bulgarian government allowed the surveillance firm Circles to peddle the tech to law enforcement and intelligence agencies in several countries known for human rights abuses.

The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.

International law enforcement dismantled TA569's SocGholish infrastructure, taking down over 100 C2 servers and remediating nearly 15,000 compromised websites.

USB .lnk malware steals crypto via clipboard hijack, replaces wallet addresses, steals seed phrases, and screenshots. Microsoft Threat Intelligence has been tracking a clipboard-stealing malware (Clipper) campaign since February 2026 that targets cryptocurrency wallets. A clipper is a type of malicious software that monitors and manipulates your clipboard, the temporary memory where data is stored […]

Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...]

A hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.

Достаточно было открыть привычный ярлык, чтобы сценарий пошёл не по плану.

We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.

A vulnerability classified as problematic was found in Saad Iqbal WP EasyPay Plugin up to 4.4.0 on WordPress. This impacts an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-56024. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in Grav grav-plugin-api 1.7.52. This affects an unknown function of the component Admin2 Pages API. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-11982. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability described as problematic has been identified in Webmin up to 2.640. The impacted element is an unknown function. The manipulation results in use of single-factor authentication. This vulnerability was named CVE-2026-56022. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Webmin Director. The affected element is an unknown function. The manipulation leads to incorrect regular expression. This vulnerability is uniquely identified as CVE-2026-56021. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in mcdope pam_usb up to 0.9.1 on Linux. Impacted is the function usb_get_process_parent_id of the component Removable Media Handler. Executing a manipulation can lead to infinite loop. This vulnerability is handled as CVE-2026-48986. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.