Grafana disclosed an unauthorized party accessed its GitHub environment and downloaded its codebase via a token.

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days ...

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...

CISA added CVE-2026-20182, a CVSS 10.0 Cisco Catalyst SD-WAN Controller authentication bypass flaw, to its KEV catalog.

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...

CVE-2026-20182 bypasses Cisco SD-WAN auth via DTLS port 12346, enabling admin access after May 2026 exploitation.

Trusted-tool abuse hit 84% of 700,000 incidents, driving 45-day assessments that reduce attack surface by 30%+.

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft ...