AWS Graviton4 instances now available on Elastic Cloud Hosted
Elastic Cloud now supports AWS Graviton4-powered ARM hardware profiles. CPU Optimized ARM delivers up to 15% better price-performance, while Storage Optimized ARM delivers up...
CarGurus – 12,461,887 breached accounts
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion,...
Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices
A financially motivated threat actor exploited various commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January...
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a...
Information published. - Read more
CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file...
Information published. - Read more
CVE-2025-21846 acct: perform last write from workqueue
Information published. - Read more
Chromium: CVE-2026-2649 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. -...
Compromised npm package silently installs OpenClaw on developer machines
A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered...
PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months
PayPal disclosed a software error in its Working Capital platform that exposed sensitive customer data, including Social Security numbers, for months in 2025.
The post...
Latest article
Looking at the SmarterMail API Vulnerability CVE-2026-24423
Sensor Intel Series: February 2026 CVE Trends - Read more
Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk
A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in.
The...
Medical giant Stryker crippled after Iranian hackers remotely wipe computers
A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a...
This one’s for you, Mom
Welcome to this week’s edition of the Threat Source newsletter. I am the product of a single parent, my mom, who along with my grandparents...
