Contractor’s public GitHub account exposed GovCloud and CISA credentials
Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity...
Microsoft Confirms Windows Update Bug Blocking Security Fixes
Microsoft confirmed that KB5089549 can fail with error 0x800f0922 on Windows 11 devices with low EFI partition space, and shared workarounds are available.
The post...
Vulnerability exploitation now primary origin of data breaches
Verizon’s annual cyber report reveals a major change in how data breaches originate, highlighting the impact of artificial intelligence. - Read more
TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton...
Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders
Security teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global...
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group - Read more
Kieback & Peter DDC Building Controllers
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser.
The following versions of Kieback & Peter DDC...
Chatwoot – Second Order Time-Based Blind SQL Injection via Custom Attribute Key
Chatwoot - Second Order Time-Based Blind SQL Injection via Custom Attribute Key The custom attribute definition API allows creating attributes with arbitrary attribute_key values...
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published. - Read more
CTT – 468,124 breached accounts
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique...
Latest article
Unpatched ChromaDB flaw leaves servers open to remote code execution
Researchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and...
[R1] Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities
Sensor Proxy Version 1.4.0 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/21/2026 - 16:00
Sensor Proxy leverages third-party software to help provide underlying functionality....
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture....
Hackers Use Fake Microsoft Teams Downloads to Deploy ValleyRAT Malware
Hackers have been caught running a deceptive campaign that uses fake Microsoft Teams download websites to trick users into installing ValleyRAT, a remote access...
