AWS Graviton4 instances now available on Elastic Cloud Hosted
Elastic Cloud now supports AWS Graviton4-powered ARM hardware profiles. CPU Optimized ARM delivers up to 15% better price-performance, while Storage Optimized ARM delivers up...
CarGurus – 12,461,887 breached accounts
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion,...
Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices
A financially motivated threat actor exploited various commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January...
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a...
Information published. - Read more
CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file...
Information published. - Read more
CVE-2025-21846 acct: perform last write from workqueue
Information published. - Read more
SQL injection in forward module
- Read more
Chromium: CVE-2026-2649 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. -...
Compromised npm package silently installs OpenClaw on developer machines
A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered...
PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months
PayPal disclosed a software error in its Working Capital platform that exposed sensitive customer data, including Social Security numbers, for months in 2025.
The post...
Latest article
Operation Endgame 4.0 – 153,527 breached accounts
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...
Accelerate security investigations with Kiro CLI
When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual...
Close Encounters of the Human Kind
Welcome to this week’s Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he’s in a...
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the...
