CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2009-0556 Microsoft Office PowerPoint Code Injection...
How Cisco Talos powers the solutions protecting your organization
Cisco Talos is Cisco’s threat intelligence and security research organization that powers Cisco’s product portfolio with that intelligence. While we are well known for the security research...
International Threats: Themes for Regional Phishing Campaigns
By: Max Gannon, Intelligence TeamCofense Intelligence relies on over 35 million trained employees from around the world, therefore a considerable number of analyzed campaigns...
Decoding the GitHub recommendations for npm maintainers
This blog post explores the rationale and implementation behind GitHub's security recommendations for npm maintainers following numerous high-profile supply-chain incidents. It details how hardening...
GRU-Linked BlueDelta Evolves Credential Harvesting
The analysis cut-off date for this report was September 11, 2025 Executive Summary Between February and September 2025, Recorded Future’s Insikt Group identified...
Columbia Weather Systems MicroServer
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to redirect connections to an attacker controlled device, gain admin access to the web...
WhiteDate – 20,363 breached accounts
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique...
WhiteDate – 6,076 breached accounts
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses. The breach exposed...
MongoBleed Unauthenticated Memory Leak
What is the Vulnerability? A critical vulnerability in MongoDB Server’s handling...
Latest article
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands...
Check Point VPN Authentication Bypass Vulnerability
What is the Vulnerability? A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS...
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...
