Security Intelligence

Chained CVEs in ShareFile SZC enable pre-authentication compromise

Chained vulnerabilities in Progress ShareFile Storage Zones Controller enable unauthenticated attackers to achieve...

Security Intelligence

Axios npm package compromise attributed to North Korea

Axios supply chain compromise exposed organizations after attackers published malicious versions using a compromised...

Security Intelligence

TeamPCP expands supply chain intrusions into cloud and enterprise environments

A supply chain attack tied to TeamPCP is escalating, with stolen credentials used to access AWS, compromise CI/CD...

Security Intelligence

CISA adds updated F5 BIG‑IP APM vulnerability to the KEV catalog

Actively exploited F5 BIG-IP APM vulnerability (CVE-2025-53521) enables unauthenticated RCE on exposed...

Security Intelligence

TeamPCP expands multi‑ecosystem supply chain intrusions targeting developers

TeamPCP is targeting open-source ecosystems with a large-scale supply chain attack, using stolen credentials to...

Security Intelligence

Critical NetScaler ADC and NetScaler Gateway vulnerabilities disclosed

Critical Citrix NetScaler vulnerabilities could enable session hijacking and authentication bypass—patch now to reduce...

Security Intelligence

Threat actors leverage 2025 Quest KACE SMA vulnerability

A critical authentication bypass vulnerability in Quest KACE SMA is being actively exploited, enabling attackers to...

Security Intelligence

Internet‑exposed Langflow deployments targeted hours after patch release

Critical Langflow vulnerability under active exploitation allows unauthenticated remote code execution, putting exposed...

Security Intelligence

Trivy breach: Modified version tags enabled CI/CD secret theft

A supply-chain attack targeting the widely used Trivy scanner allowed attackers to inject malicious code into trusted...

Security Intelligence

Critical authentication bypass in Aruba AOS-CX impacts CX-series switches

HPE released updates for Aruba AOS-CX switches to fix multiple vulnerabilities, including a critical authentication...

Security Intelligence

Ivanti Endpoint Manager under active exploitation

CISA has added CVE-2026-1603, an actively exploited authentication bypass in Ivanti Endpoint Manager, to the KEV...

Security Intelligence

Fortinet devices under increased targeting as AI-enabled attacks scale in 2026

Field Effect researchers observed increased targeting of Fortinet devices in early 2026, with attackers using...