Cybersecurity

A critical, unpatched security flaw in the open-source Git service Gogs allows authenticated users to execute arbitrary code on the server.The vulnerability, rated 9.4...

Microsoft advocates for Coordinated Vulnerability Disclosure (CVD) following the uncoordinated public release of multiple Windows zero-days.A researcher disclosed six high-severity vulnerabilities, including three already...

A new financially motivated threat actor, tracked as JINX-0164, is actively targeting cryptocurrency organizations with sophisticated social engineering and custom macOS malware.The campaign uses...

A new malicious npm package, "mouse5212-super-formatter," steals files from the Claude AI tool's dedicated upload directory.The malware uploads stolen data to a threat actor-controlled...

Major cybersecurity firms CrowdStrike, Google, and Shadowserver Foundation disrupted a persistent developer-targeting botnet named GlassWorm on May 27, 2026.The botnet used trojanized VS Code...

The Indian Computer Emergency Response Team (CERT-In) mandates a 12-hour patch deadline for critical vulnerabilities where feasible.The directive responds to threat actors increasingly using...

A critical vulnerability (CVE-2026-5426) in the Japanese LMS Digital Knowledge KnowledgeDeliver allowed unauthenticated remote code execution.Attackers exploited this flaw as a zero-day to deploy...

A critical SQL injection flaw (CVE-2026-26980) in Ghost CMS is being actively exploited to hijack website articles.Attackers have compromised over 700 legitimate websites across...