Cisco issues emergency patches for critical firewall vulnerabilities
Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two...
AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns
Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast - Read more
Nginx UI – Unauthenticated Backup Download with Encryption Key Disclosure
Nginx UI - Unauthenticated Backup Download with Encryption Key Disclosure The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to...
Delta Electronics CNCSoft-G2
View CSAF
Summary
Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device.
The following versions of Delta Electronics CNCSoft-G2...
UAT-9244 targets South American telecommunication providers with three new malware implants
Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat (APT) actor closely associated with Famous Sparrow.Since...
Spyware suppliers exploit more zero-days than nation states
Exploitation of zero-days by commercial surveillance and spyware developers outpaced exploitation by nation-state actors last year, according to a report - Read more
2025 ISO and CSA STAR certificates are now available with one additional service and...
Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019,...
Why AI, Zero Trust, and modern security require deep visibility
AI. Automation. Zero Trust. They dominate every security strategy document. But there’s a truth sitting underneath all three: none of them...
Samsung MagicINFO Server Multiple Vulnerabilities
Samsung MagicINFO Server Multiple Vulnerabilities MagicINFO User Credential Disclosure (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)NOTE: Samsung mentioned this item may have been fixed with version 21.1090.1, but we were...
Google Cloud Platform (GCP) Eventarc PE to Service Agent with Pipelines
Google Cloud Platform (GCP) Eventarc PE to Service Agent with Pipelines Tenable Research has identified and responsibly disclosed a critical privilege escalation vulnerability in...
Latest article
Security posture improvement in the AI era
It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other...
Metasploit Wrap-Up 05/01/2026
MCP serverThis release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications...
Windows shell spoofing vulnerability puts sensitive data at risk
Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability...
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
Torrance, United States / California, May 1st, 2026, CyberNewswire Criminal IP partners with Securonix to integrate Criminal IP’s Threat Intelligence into ThreatQ, allowing organizations...
