CVE-2026-31431 exploited in Linux since 2017, enabling root access via simple PoC, increasing container and cloud risks.

Trellix reports source code breach with partial repository access, no exploitation found, raising security concerns.

China-linked hackers exploit Exchange flaws since Dec 2024 across 8 countries, enabling espionage and credential theft ...

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.

Facebook accounts hacked via AppSheet phishing emails, exploiting Meta lures, leading to large-scale account theft and resale ...

Two cybersecurity experts got 4-year sentences after enabling 2023 BlackCat attacks, exposing insider abuse and $1.2M ransom ...

CVE-2026-31431 CVSS 7.8 flaw since 2017 enables root via 732-byte exploit, impacting major Linux distributions.

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...