Cybersecurity

A critical vulnerability (CVE-2026-8732) in the WP Maps Pro WordPress plugin allows attackers to create admin accounts.The flaw affects versions prior to 6.1.1 and...

Dutch authorities dismantled a massive botnet of at least 17 million infected devices.The botnet's backend infrastructure included over 200 servers based in the Netherlands.The...

A threat actor used an LLM agent to automate post-exploitation actions after breaching a public-facing Marimo notebook via the critical CVE-2026-39987 vulnerability.The automated agent...

A critical, unpatched security flaw in the open-source Git service Gogs allows authenticated users to execute arbitrary code on the server.The vulnerability, rated 9.4...

Microsoft advocates for Coordinated Vulnerability Disclosure (CVD) following the uncoordinated public release of multiple Windows zero-days.A researcher disclosed six high-severity vulnerabilities, including three already...

A new financially motivated threat actor, tracked as JINX-0164, is actively targeting cryptocurrency organizations with sophisticated social engineering and custom macOS malware.The campaign uses...

A new malicious npm package, "mouse5212-super-formatter," steals files from the Claude AI tool's dedicated upload directory.The malware uploads stolen data to a threat actor-controlled...

Major cybersecurity firms CrowdStrike, Google, and Shadowserver Foundation disrupted a persistent developer-targeting botnet named GlassWorm on May 27, 2026.The botnet used trojanized VS Code...