Security Intelligence

CISA adds updated F5 BIG‑IP APM vulnerability to the KEV catalog

Actively exploited F5 BIG-IP APM vulnerability (CVE-2025-53521) enables unauthenticated RCE on exposed...

Security Intelligence

TeamPCP expands multi‑ecosystem supply chain intrusions targeting developers

TeamPCP is targeting open-source ecosystems with a large-scale supply chain attack, using stolen credentials to...

Security Intelligence

Critical NetScaler ADC and NetScaler Gateway vulnerabilities disclosed

Critical Citrix NetScaler vulnerabilities could enable session hijacking and authentication bypass—patch now to reduce...

Security Intelligence

Threat actors leverage 2025 Quest KACE SMA vulnerability

A critical authentication bypass vulnerability in Quest KACE SMA is being actively exploited, enabling attackers to...

Security Intelligence

Internet‑exposed Langflow deployments targeted hours after patch release

Critical Langflow vulnerability under active exploitation allows unauthenticated remote code execution, putting exposed...

Security Intelligence

Trivy breach: Modified version tags enabled CI/CD secret theft

A supply-chain attack targeting the widely used Trivy scanner allowed attackers to inject malicious code into trusted...

Security Intelligence

Critical authentication bypass in Aruba AOS-CX impacts CX-series switches

HPE released updates for Aruba AOS-CX switches to fix multiple vulnerabilities, including a critical authentication...

Security Intelligence

Ivanti Endpoint Manager under active exploitation

CISA has added CVE-2026-1603, an actively exploited authentication bypass in Ivanti Endpoint Manager, to the KEV...

Security Intelligence

Fortinet devices under increased targeting as AI-enabled attacks scale in 2026

Field Effect researchers observed increased targeting of Fortinet devices in early 2026, with attackers using...

Security Intelligence

Latest Iranian cyber activity amid Middle East escalation

Iran-linked cyber activity involving Seedworm malware and compromised surveillance cameras highlights how IoT devices...

Security Intelligence

Researchers report a maximum‑severity flaw in a pac4j JWT library

A pac4j-jwt flaw (CVE-2026-29000) allows attackers to bypass authentication by exploiting how encrypted JWTs are...

Security Intelligence

CISA warns of remote code execution risk in VMware Aria Operations

CISA added a VMware Aria Operations flaw (CVE-2026-22719) to its KEV catalog amid reports of active exploitation....