Microsoft Exchange is back in the defender hot seat, and this time the entry point is not a classic server-side takeover. CVE-2026-42897 turns Outlook Web Access into the exposure point, using a...
In a notable cybersecurity incident that underscores the vulnerabilities of the industrial sector, Baytech A/S, a prominent Danish provider of material handling and logistics solutions, has been...
In early May 2026, a trusted name in the download management space became the victim of a sophisticated supply chain attack. JDownloader, the popular open-source download manager used by millions...
Microsoft has patched a Word vulnerability that defenders should treat like an Outlook problem. CVE-2026-40361 is officially listed as a Critical Microsoft Word remote code execution flaw, but...
Fortinet has shipped fixes for two critical flaws that sit in exactly the wrong places: identity infrastructure and malware analysis infrastructure. The vulnerabilities affect FortiAuthenticator...
May 13, 2026 — In a significant development highlighting the persistent vulnerabilities in open-source software ecosystems, RubyGems.org, the primary package repository for the Ruby programming...
The enterprise authentication paradigm has a critical structural flaw: it assumes that a successfully authenticated session remains secure on the endpoint. As organizations have scaled up...
Škoda’s latest breach is not a vehicle takeover story, but it still matters to automotive security. The weak point was the online shop, not the car — and that is exactly why defenders should pay...
AI-assisted exploit development has crossed a line defenders can no longer treat as theoretical. Google Threat Intelligence Group says it has observed a criminal threat actor using a zero-day...
The electronics manufacturing giant Foxconn is reportedly back in the crosshairs of the ransomware ecosystem. Unverified claims appearing on threat tracking platforms suggest that the Nitrogen...
In a stark reminder of how quickly threat actors can weaponize security flaws in widely used infrastructure tools, a critical vulnerability in cPanel and Web Host Manager (WHM) has triggered...
Counterfeit medicine is not just fraud with a pharmacy label. It is a public-health attack surface - and INTERPOL’s latest global operation shows how aggressively criminals are exploiting online...
The Zara breach is not a story about stolen passwords or payment cards. It is a story about customer context — and that is exactly what makes it useful to attackers. Have I Been Pwned has added a...
A GeForce NOW breach that first looked like a direct hit on NVIDIA now appears to be something more specific — and operationally just as important: a compromise inside partner-run regional...
In a notable cybersecurity development affecting the manufacturing industry, the Akira ransomware group has claimed responsibility for an attack on Alkegen, a global leader in high-performance...
The Canvas incident has moved beyond a quiet data-theft claim into a visible pressure campaign against schools, students, and administrators. By defacing login portals instead of only posting on a...
Ivanti EPMM is back in the attacker spotlight, and this time the issue is not theoretical. A newly patched vulnerability in Ivanti Endpoint Manager Mobile allows remote code execution when the...
Dirty Frag is the kind of Linux flaw defenders cannot treat as routine kernel noise. It is local, not remote. But that distinction becomes thin on shared servers, Kubernetes nodes, CI runners,...
The danger in vm2 is not just another vulnerable dependency. It is a failure mode at the exact point where applications expect isolation to hold. A dozen newly disclosed vulnerabilities in the vm2...
Vimeo’s breach is not large by mega-leak standards, but it is exactly the kind of exposure defenders should not dismiss: a trusted platform, a third-party analytics path, and enough user context to...