Security Intelligence

UNC6783 Uses Fake Zendesk and Okta Pages to Bypass MFA and Steal Data

Google warns that financially motivated actor UNC6783 is exploiting helpdesk workflows to bypass MFA through fake...

Security Intelligence

POC Published for Remote Code Execution in Apache ActiveMQ

A public exploit chain for Apache ActiveMQ has been disclosed, abusing exposed Jolokia JMX management interfaces to...

Security Intelligence

Storm‑1175 exploits web‑facing vulnerabilities in Medusa ransomware operations

Storm-1175, a threat actor tied to Medusa ransomware, exploits new vulnerabilities within hours and uses admin tools to...

Security Intelligence

Fortinet Releases FortiClient EMS Hotfix After Reported Attacks

Critical FortiClient EMS vulnerability actively exploited, allowing authentication bypass and admin control. Apply...

Security Intelligence

Chained CVEs in ShareFile SZC enable pre-authentication compromise

Chained vulnerabilities in Progress ShareFile Storage Zones Controller enable unauthenticated attackers to achieve...

Security Intelligence

Axios npm package compromise attributed to North Korea

Axios supply chain compromise exposed organizations after attackers published malicious versions using a compromised...

Security Intelligence

TeamPCP expands supply chain intrusions into cloud and enterprise environments

A supply chain attack tied to TeamPCP is escalating, with stolen credentials used to access AWS, compromise CI/CD...

Security Intelligence

CISA adds updated F5 BIG‑IP APM vulnerability to the KEV catalog

Actively exploited F5 BIG-IP APM vulnerability (CVE-2025-53521) enables unauthenticated RCE on exposed...

Security Intelligence

TeamPCP expands multi‑ecosystem supply chain intrusions targeting developers

TeamPCP is targeting open-source ecosystems with a large-scale supply chain attack, using stolen credentials to...

Security Intelligence

Critical NetScaler ADC and NetScaler Gateway vulnerabilities disclosed

Critical Citrix NetScaler vulnerabilities could enable session hijacking and authentication bypass—patch now to reduce...

Security Intelligence

Threat actors leverage 2025 Quest KACE SMA vulnerability

A critical authentication bypass vulnerability in Quest KACE SMA is being actively exploited, enabling attackers to...

Security Intelligence

Internet‑exposed Langflow deployments targeted hours after patch release

Critical Langflow vulnerability under active exploitation allows unauthenticated remote code execution, putting exposed...