Security Intelligence

Trivy breach: Modified version tags enabled CI/CD secret theft

A supply-chain attack targeting the widely used Trivy scanner allowed attackers to inject malicious code into trusted...

Security Intelligence

Critical authentication bypass in Aruba AOS-CX impacts CX-series switches

HPE released updates for Aruba AOS-CX switches to fix multiple vulnerabilities, including a critical authentication...

Security Intelligence

Ivanti Endpoint Manager under active exploitation

CISA has added CVE-2026-1603, an actively exploited authentication bypass in Ivanti Endpoint Manager, to the KEV...

Security Intelligence

Fortinet devices under increased targeting as AI-enabled attacks scale in 2026

Field Effect researchers observed increased targeting of Fortinet devices in early 2026, with attackers using...

Security Intelligence

Latest Iranian cyber activity amid Middle East escalation

Iran-linked cyber activity involving Seedworm malware and compromised surveillance cameras highlights how IoT devices...

Security Intelligence

Researchers report a maximum‑severity flaw in a pac4j JWT library

A pac4j-jwt flaw (CVE-2026-29000) allows attackers to bypass authentication by exploiting how encrypted JWTs are...

Security Intelligence

CISA warns of remote code execution risk in VMware Aria Operations

CISA added a VMware Aria Operations flaw (CVE-2026-22719) to its KEV catalog amid reports of active exploitation....

Security Intelligence

Cyber spillover risks amid the February 2026 Middle East escalation

Escalating conflict in the Middle East raises cyber spillover concerns as Canada and the UK warn of potential Iranian...

Security Intelligence

Critical TLS authentication bypass impacts VMware Tanzu

Broadcom patches CVE-2025-68121, a critical TLS flaw in Go affecting multiple VMware Tanzu products, including RabbitMQ...

Security Intelligence

Researchers report FreePBX exploitation: 900+ systems compromised

Zyxel patched a critical UPnP command-injection flaw in the EX3510-B0 router that enables unauthenticated remote...

Security Intelligence

Zyxel patches critical UPnP command‑injection flaw, POC available

Zyxel patched a critical UPnP command-injection flaw in the EX3510-B0 router that enables unauthenticated remote...

Security Intelligence

Maximum‑severity zero day in Cisco Catalyst SD‑WAN now patched

Cisco patches CVE-2026-20127, a critical 10.0 zero-day in Catalyst SD-WAN enabling unauthenticated admin access and...