Get the daily digest
A compact daily briefing of the highest-signal cybersecurity stories, in your inbox. Email digest is coming soon.
Daily cybersecurity intelligence
The latest unpatched intel.
Raw, actionable daily security news for defenders tracking exploited vulnerabilities, ransomware, breaches, malware, cloud risk, supply-chain security, and practical detection guidance.
Latest stories
/
Firefox for iOS 151.2 Fixes Reader View JavaScript Execution Bugs
Firefox for iOS 151.2 patches two high-severity Reader View bugs that could lead to arbitrary JavaScript execution.
GitHub Enterprise Server Signing Key Rotation Follows Internal Repository Breach
GitHub is rotating the GitHub Enterprise Server signing key after a breach tied to a poisoned VS Code extension and says GHES administrators need to update trusted public keys now.
VS Code Zero-Day Exposes GitHub Tokens to Theft via Malicious Links
A zero-day vulnerability in Visual Studio Code (VS Code) allows attackers to steal GitHub OAuth tokens with just one click.
Actively Exploited Linux and Android Flaws Prompt Urgent Patching by CISA
Two vulnerabilities have been actively exploited: a Linux kernel flaw allowing unexpected namespace isolation bypasses (CVE-2022-0492) and an Android issue enabling local privilege escalation without
Critical Oracle WebLogic Flaw Enables Unauthorized Data Access; Urgent Patching Recommended
An unauthenticated vulnerability in Oracle WebLogic Server has been exploited in the wild, allowing attackers to gain unauthorized access to critical data.
Critical Zero-Days Expose Acer Wave 7 Routers to Credential Theft and Backdoor Access
Acer's Wave 7 mesh routers are under threat from two critical zero-day vulnerabilities that could allow attackers to access plaintext credentials and gain persistent backdoor access.
Gamaredon Exploits WinRAR Zero-Day: Urgent Patch Needed for Windows Users
The WinRAR vulnerability (CVE-2025-8088) has been actively exploited by Gamaredon to execute arbitrary code through malicious archive files, posing a significant threat to systems using the Windows ve
Hackers Exploit Critical WordPress Plugin Flaw for Admin Account Takeovers
A critical vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress has been actively exploited by hackers to hijack user accounts, including admin accounts.
Microsoft Faces Legal Threats After Public Disclosure of Exploited Zero-Days
A researcher known as Nightmare Eclipse publicly disclosed several unpatched Microsoft vulnerabilities, leading to legal threats from Microsoft.
Palo Alto GlobalProtect CVE-2026-0257 Is No Longer Theoretical, Exploitation Has Reached Unpatched VPN Edges
CVE-2026-0257 is a PAN-OS GlobalProtect authentication bypass that can let an unauthenticated attacker establish an unauthorized VPN connection when authentication override is configured unsafely.
Red Hat Cloud Services npm Compromise Shows How Trusted Frontend Packages Can Become A Build Pipeline Risk
Red Hat says a supply chain compromise affected multiple packages in the `@redhat-cloud-services` npm namespace after a compromised GitHub account pushed unauthorized commits.
Windows 10 Snipping Tool Vulnerability Enables Network Spoofing by Attackers
An unpatched vulnerability in Microsoft's Windows 10 Version 1607 Snipping Tool allows unauthorized actors to spoof over a network, posing medium severity risks.