Ameriprise – 502,597 breached accounts
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group...
Delta Electronics DIAView Patch Bypass
Delta Electronics DIAView Patch Bypass There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)An unauthenticated remote attacker can access...
Welcoming the AWS Customer Incident Response Team
May 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence...
Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks
A set of high-severity vulnerabilities has been identified in the Angular Language Service Visual Studio Code extension (Angular.ng-template), potentially exposing developers to remote code...
Well-architected best practices for software supply chain security
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recently axios. Thanks...
Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets - Read more
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine...
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CWE added. Informational change only. - Read more
How Security Leaders Cut Through Complexity to Drive Better Outcomes
Security leaders are operating in an environment that is only getting more complex. Expanding attack surfaces, rapid AI adoption, growing toolsets, and increasing pressure...
ABB Ability Camera Connect
View CSAF
Summary
ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with...
Latest article
Check Point VPN Authentication Bypass Vulnerability
What is the Vulnerability? A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS...
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows...
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online,...
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports...
