Gogs – Authentication Bypass via Unvalidated Reverse Proxy Headers
Gogs - Authentication Bypass via Unvalidated Reverse Proxy Headers When 'ENABLE_REVERSE_PROXY_AUTHENTICATION' is enabled, Gogs accepts the configured authentication header (default: 'X-WEBAUTH-USER') directly from client...
FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems
Last updated on 19 June. A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls has been...
Ralph Lauren – 139,903 breached accounts
In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes...
Operation Endgame 4.0 – 4,160,519 breached accounts
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...
Operation Endgame 4.0 – 153,527 breached accounts
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...
Accelerate security investigations with Kiro CLI
When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual...
Close Encounters of the Human Kind
Welcome to this week’s Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he’s in a...
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the...
Spring 2026 SOC 1 and 2 reports are now available in OSCAL format
Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format...
Fake GitHub Stars and AI Videos Mask a Crypto Clipper
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos - Read more






