CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability
CVE-2009-1537...
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
Introduction
ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a...
Surecart – SQL Injection
Surecart - SQL Injection SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the...
NextGEN Gallery – SQL Injection
NextGEN Gallery - SQL Injection NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST...
Steganography Secrets: Malware Hidden in Plain Sight
By: Jacob Malimban, Intelligence TeamThreat actors are abusing image file hosting websites and file sharing services to deliver malware while evading enterprise security controls....
Stanford’s AI Index Report 2026 meets the security reality in financial services
AI is becoming core to financial services. But as adoption scales, so does risk. Without secure, real-time data, strong governance, and cyber resilience, AI...
Microsoft Exchange ProxyShell Scanning Doubles in April 2026 as Two Distinct Campaign Clusters Emerge
Sensor Intel Series: April 2026 CVE Trends - Read more
macOS Malware Installs Fake Google Software Update LaunchAgent for Persistence
macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a...
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team...
Latest article
GreatXML zero-day BitLocker bypass doesn’t seem to work, yet
A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit...
New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact.
The post New Windows Zero-Day Claims BitLocker...
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as...
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
Domain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and others - Read...
