Security Intelligence

Researchers report a maximum‑severity flaw in a Java JWT library

A pac4j-jwt flaw (CVE-2026-29000) allows attackers to bypass authentication by exploiting how encrypted JWTs are...

Security Intelligence

CISA warns of remote code execution risk in VMware Aria Operations

CISA added a VMware Aria Operations flaw (CVE-2026-22719) to its KEV catalog amid reports of active exploitation....

Security Intelligence

Cyber spillover risks amid the February 2026 Middle East escalation

Escalating conflict in the Middle East raises cyber spillover concerns as Canada and the UK warn of potential Iranian...

Security Intelligence

Critical TLS authentication bypass impacts VMware Tanzu

Broadcom patches CVE-2025-68121, a critical TLS flaw in Go affecting multiple VMware Tanzu products, including RabbitMQ...

Security Intelligence

Researchers report FreePBX exploitation: 900+ systems compromised

Zyxel patched a critical UPnP command-injection flaw in the EX3510-B0 router that enables unauthenticated remote...

Security Intelligence

Zyxel patches critical UPnP command‑injection flaw, POC available

Zyxel patched a critical UPnP command-injection flaw in the EX3510-B0 router that enables unauthenticated remote...

Security Intelligence

Maximum‑severity zero day in Cisco Catalyst SD‑WAN now patched

Cisco patches CVE-2026-20127, a critical 10.0 zero-day in Catalyst SD-WAN enabling unauthenticated admin access and...

Security Intelligence

Typosquatting campaign targets npm, CI pipelines, and AI‑driven development

Researchers uncover SANDWORM_MODE, a malicious npm supply-chain campaign abusing AI toolchains to steal credentials...

Security Intelligence

Low‑skill threat actor leverages AI in FortiGate intrusion activity

Over 600 FortiGate devices were compromised as a low-skill actor used AI to automate attacks, highlighting risks from...

Security Intelligence

Predictable credentials generated by AI tools introduce new risks

Research reveals that AI-generated passwords can be predictable and low in entropy, increasing the risk of credential...

Security Intelligence

Chrome and Chromium-based browsers receive fixes for exploited flaw

CISA adds CVE-2026-2441 to KEV following active exploitation. Updated Chrome and Chromium-based browser versions are...

Security Intelligence

End‑to‑end update verification arrives in Notepad++ with version 8.9.2

Notepad++ version 8.9.2 adds XML manifest signature validation, completing end-to-end update verification to close the...