CVE-2026-21517 Windows App for Mac Installer Elevation of Privilege Vulnerability
Download links fixed - Read more
CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability
Updated information to include CVSS scores. This is an informational change only. - Read more
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
G7 countries ranked cyber-attacks as the top risk, while BICS members placed cyber threats only as the eighth most pressing risk - Read...
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX -...
Critical Apple Flaw Exploited in ‘Sophisticated’ Attacks, Company Urges Rapid Patching
Apple urges users to update after patching CVE-2026-20700, a zero-day flaw exploited in sophisticated targeted attacks across multiple devices.
The post Critical Apple Flaw Exploited...
Hand over the keys for Shannon’s shenanigans
Welcome to this week’s edition of the Threat Source newsletter. Last week, yet another security AI tool made the rounds on social media: Shannon, a fully autonomous...
[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability
Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40
A vulnerability has been identified where weak file...
Carding-as-a-Service: The Underground Market of Stolen Cards
Rapid7 software engineer Eliran Alon also contributed to this post.IntroductionDespite sustained efforts by the global banking and payments industry, credit card fraud continues to...
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns - Read more
Siemens Siveillance Video Management Servers
View CSAF
Summary
The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve...
Latest article
‘Agents of Chaos’: New Study Shows AI Agents Can Leak Data, Be Easily Manipulated
As enterprise AI agent adoption accelerates, a new study exposes a governance gap that leaves most organizations unable to stop their own systems
The post...
Rapid7 Detection Coverage for Iran-Linked Cyber Activity
The tension arising out of the conflict in Iran is beginning to show signs of expanding beyond a strictly regional crisis. Following our recent...
France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025
French small and medium businesses remained the organizations most targeted by ransomware in 2025 - Read more
Stryker Cyber Attack – Hackers Claim System Breach and Device Wipe
On March 11, 2026, the global medical technology giant Stryker experienced a severe cyberattack when Iranian-linked hackers used wiper malware to permanently erase data...
