Gogs – Authentication Bypass via Unvalidated Reverse Proxy Headers

Gogs - Authentication Bypass via Unvalidated Reverse Proxy Headers When 'ENABLE_REVERSE_PROXY_AUTHENTICATION' is enabled, Gogs accepts the configured authentication header (default: 'X-WEBAUTH-USER') directly from client...

FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems

Last updated on 19 June. A dataset containing valid administrative and VPN credentials for tens of thousands of Fortinet FortiGate firewalls has been...

Ralph Lauren – 139,903 breached accounts

In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes...

Operation Endgame 4.0 – 4,160,519 breached accounts

On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...

Operation Endgame 4.0 – 153,527 breached accounts

On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems...

Accelerate security investigations with Kiro CLI

When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual...

Close Encounters of the Human Kind

Welcome to this week’s Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he’s in a...

New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise

A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the...

Spring 2026 SOC 1 and 2 reports are now available in OSCAL format

Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format...

Fake GitHub Stars and AI Videos Mask a Crypto Clipper

A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos - Read more

Latest article

Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely

The Indian government has directed Google and Apple to take down three mobile applications, BAT-BMS, Lossigy, and Epoch-i-ion, after they were allegedly misused to...

Microsoft 365 users fall victim to one-in-a-million password spray attack

Microsoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients...

Apple’s ‘Hide My Email’ Privacy Flaw Exposes Real Email Addresses

Researchers say Apple’s Hide My Email flaw may expose real addresses, despite two fixes. Here’s what users should know about the privacy risk. The post...

Catan and Mouse

Welcome to this week’s edition of the Threat Source newsletter.  “I do not know everything; still many things I understand.” ― Madeleine L'Engle, A Wrinkle...