23+ hour, 45+ min ago  (268+ words) PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any code execution flaws highly concerning. These specific bugs reside in the'Perforce Version Control…...

1+ day, 45+ min ago  (538+ words) A sophisticated cyber campaign bearing strong operational similarities to the Muddy Water threat group has been caught sweeping more than 12, 000 internet-exposed systems across multiple regions before launching focused attacks on high-value targets in the Middle East. The operation targeted critical…...

1+ day, 1+ hour ago  (612+ words) A group of trusted Word Press plugins quietly carried a hidden backdoor for eight full months, and nobody noticed until the damage had already been done. The attack, uncovered in April 2026, did not begin with a dramatic breach. It started…...

1+ day, 21+ hour ago  (247+ words) Threat actors are actively exploiting a critical vulnerability in Show Doc, a popular online document-sharing and collaboration tool used by IT teams worldwide. Because Show Doc often houses sensitive internal documentation and API specifications, a successful breach can give attackers…...

2+ day, 4+ hour ago  (719+ words) APT41 is once again pushing its Linux capabilities forward, this time by quietly turning cloud servers into powerful credential theft platforms. The group's latest Winnti-family backdoor is a zero'detection ELF implant designed specifically for Linux workloads running on AWS, Google Cloud,…...

1+ day, 21+ hour ago  (365+ words) Synology reveals two severe SSL VPN Client flaws that could let remote attackers steal sensitive files and intercept network traffic. The vulnerabilities affect users running older versions of the software and require immediate patching to prevent potential network compromise. Virtual…...

2+ day, 1+ hour ago  (390+ words) The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet products. On April 13, 2026, the agency added a severe SQL injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms…...

1+ day, 21+ hour ago  (403+ words) Fortinet has disclosed two critical security vulnerabilities affecting its Forti Sandbox platform, both carrying a CVSSv3 score of 9. 1. The flaws, published on April 14, 2026, could allow unauthenticated remote attackers to execute arbitrary commands and bypass authentication entirely, posing a serious risk to…...

2+ day, 2+ hour ago  (621+ words) Cybercriminals are changing the way they break into organizations. Instead of sending malicious emails and waiting for someone to click a link, attackers are now picking up the phone and calling their way into corporate systems. This shift is one…...

5+ day, 10+ hour ago  (390+ words) A single threat actor compromised nine Mexican government agencies and stole hundreds of millions of citizen records in a highly sophisticated cyberattack. The campaign, which ran from late December 2025 through mid-February 2026, highlights a dangerous shift in the modern threat landscape....