Security Intelligence

Critical nginx-ui vulnerability enabling full server takeover exploited

Critical nginx-ui flaw (CVE-2026-33032) enables auth bypass and full admin control. Active exploitation reported....

Security Intelligence

Microsoft April 2026 Patch Tuesday fixes two zero days, including BlueHammer

Microsoft patches 163 vulnerabilities, including two zero days affecting SharePoint and Defender. One is actively...

Security Intelligence

Dependency interactions turn Axios into a network-layer exposure threat

Critical Axios vulnerability (CVE-2026-40175) enables header injection via prototype pollution chains, risking SSRF and...

Security Intelligence

Researcher Reports on Potential Adobe Reader Zero-Day

A security researcher reports potential Adobe Acrobat Reader zero-day involving JavaScript access to privileged APIs,...

Security Intelligence

UNC6783 Uses Fake Zendesk and Okta Pages to Bypass MFA and Steal Data

Google warns that financially motivated actor UNC6783 is exploiting helpdesk workflows to bypass MFA through fake...

Security Intelligence

POC Published for Remote Code Execution in Apache ActiveMQ

A public exploit chain for Apache ActiveMQ has been disclosed, abusing exposed Jolokia JMX management interfaces to...

Security Intelligence

Storm‑1175 exploits web‑facing vulnerabilities in Medusa ransomware operations

Storm-1175, a threat actor tied to Medusa ransomware, exploits new vulnerabilities within hours and uses admin tools to...

Security Intelligence

Fortinet Releases FortiClient EMS Hotfix After Reported Attacks

Critical FortiClient EMS vulnerability actively exploited, allowing authentication bypass and admin control. Apply...

Security Intelligence

Chained CVEs in ShareFile SZC enable pre-authentication compromise

Chained vulnerabilities in Progress ShareFile Storage Zones Controller enable unauthenticated attackers to achieve...

Security Intelligence

Axios npm package compromise attributed to North Korea

Axios supply chain compromise exposed organizations after attackers published malicious versions using a compromised...

Security Intelligence

TeamPCP expands supply chain intrusions into cloud and enterprise environments

A supply chain attack tied to TeamPCP is escalating, with stolen credentials used to access AWS, compromise CI/CD...

Security Intelligence

CISA adds updated F5 BIG‑IP APM vulnerability to the KEV catalog

Actively exploited F5 BIG-IP APM vulnerability (CVE-2025-53521) enables unauthenticated RCE on exposed...