Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch...
One of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day...
Google Cloud Platform (GCP) BigQuery Cross Tenant Data Sources Exfiltration through Canvas Assistant
Google Cloud Platform (GCP) BigQuery Cross Tenant Data Sources Exfiltration through Canvas Assistant The vulnerability stems from a flaw in how Gemini in BigQuery...
You have to invite them in
Welcome to this week’s edition of the Threat Source newsletter. I found myself watching the Oscars ceremony in its entirety for the first time in...
CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks
CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security...
Ransomware Affiliate Exposes Details of ‘The Gentlemen’ Operation
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics - Read more
Preemptive and Proactive: An enhanced CNAPP available with Exposure Command
Earlier this year, we made a significant announcement: Rapid7 partnered with ARMO to add AI-powered cloud application detection and response (CADR) – or cloud...
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. - Read more
New Apple Hack: Up to 270M iPhones Vulnerable to ‘DarkSword’ Exploit
Researchers uncover “DarkSword,” a powerful iPhone exploit targeting millions via compromised websites. Learn how it works and how to protect your device.
The post New...
Cisa tells US organisations to harden endpoint management after Stryker attack
Last week’s cyber attack on the systems of a US medical services company by Iranian hacktivists has prompted an alert from Cisa, urging organisations...
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
View CSAF
Summary
Successful exploitation of this vulnerability may risk a Cross-site Scripting or an open redirect attack which could result in an account takeover scenario...
Latest article
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface...
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack...
Readers reply: Experts say we should use passkeys, but can a smartphone pin really...
The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical conceptsThis...
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published. - Read more
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on...
