Security Intelligence

Leaked Shai-Hulud malware fuels wave of npm credential theft campaigns

Threat actors are escalating the Shai‑Hulud campaign by combining leaked malware code with compromised npm packages,...

Security Intelligence

Microsoft Exchange Server flaw actively exploited, no patch available

Microsoft has reported active exploitation of a high-severity vulnerability in on-premises versions of Microsoft...

Security Intelligence

Apache HTTP/2 flaw exposes unpatched servers to possible code execution

Apache HTTP Server vulnerability CVE‑2026‑23918 exposes unpatched systems to denial of service and, in some...

Security Intelligence

Microsoft Office update fixes Word RCE triggered via Outlook emails

Microsoft’s Patch Tuesday updates address a Microsoft Word RCE vulnerability that can be triggered through Outlook when...

Security Intelligence

Critical Exim flaw enables remote code execution on GnuTLS builds

Exim released a security update, 4.99.3, to fix a critical vulnerability that can allow unauthenticated remote...

Security Intelligence

Canvas login portal incident led to widespread disruption

How the Canvas incident disrupted academic operations globally and what institutions should watch for next, including...

Security Intelligence

Dirty Frag Linux kernel flaw disclosed, active exploitation observed

Dirty Frag, a Linux kernel flaw, is being used in post‑compromise scenarios where existing access is leveraged to...

Security Intelligence

OPNsense addresses code execution issue with POC available

OPNsense has released fixes for two vulnerabilities that affect firewall management security, both disclosed with...

Security Intelligence

Palo Alto firewall zero-day allows unauthenticated root access

Palo Alto Networks has disclosed an actively exploited zero-day allowing threat actors to take full control of affected...

Security Intelligence

Instructure data breach exposes education sector to extortion

Instructure has disclosed a breach affecting users at selected educational institutions after extortion group...

Security Intelligence

Critical authentication bypass in Progress MOVEit Automation

Progress Software has disclosed a critical authentication bypass vulnerability in MOVEit Automation that enables...

Security Intelligence

Copy Fail: Linux kernel privilege escalation flaw publicly disclosed

A deterministic Linux kernel privilege escalation flaw affecting most distros since 2017. Local attackers can gain...