Vulnerabilities

Seven vulnerabilities patched in OpenSSL, including moderate-severity data leakage flaw.

13-year-old RCE vulnerability in Apache ActiveMQ Classic can be chained with authentication bypass flaw.

Anthropic's Claude Mythos AI model discovers thousands of zero-day vulnerabilities across major systems.

Legitimate signed WinWord.exe used to load malicious AppvIsvSubsystems64.dll

Daily dark web threat intelligence digest covering breaches, CVEs, and threat actor activity.

Tech giants launch Project Glasswing, an AI initiative to identify critical software vulnerabilities before malicious

Russia's GRU-linked Forest Blizzard hacks routers to mass-harvest Microsoft Office authentication tokens from 18,000

Max-severity RCE vulnerability CVE-2025-59528 in Flowise AI platform actively exploited.

Android security updates patch critical DoS flaw and high-severity StrongBox keystore vulnerability.

UK NCSC exposes APT28 exploiting vulnerable routers for DNS hijacking operations.

Medusa ransomware group exploits zero-days and fresh vulnerabilities to breach 300+ organizations within days.

Flowise AI platform CVE-2025-59528 (CVSS 10.0) RCE under active exploitation; 12,000+ instances exposed.

Fortinet FortiClient EMS zero-day CVE-2026-35616 actively exploited; hotfix released, full patch pending.

Fortinet releases emergency patch for FortiClient authentication bypass zero-day CVE-2026-35616.

Security researcher leaks unpatched BlueHammer Windows privilege escalation zero-day exploit code.

CVE-2026-35616: FortiClient EMS pre-auth API bypass actively exploited in the wild.

CVE-2026-35616 FortiClient EMS pre-auth API bypass actively exploited in the wild.

Storm-1175 exploits recently disclosed vulnerabilities to deploy Medusa ransomware in high-velocity campaigns.

Google DeepMind researchers identify six classes of web-based attacks against autonomous AI agents.

Fortinet patches critical zero-day RCE in FortiClient EMS allowing unauthenticated remote code execution.

Fortinet releases emergency patch for actively exploited FortiClient EMS pre-auth RCE flaw.

Hackers exploit React2Shell CVE in Next.js apps to steal credentials from 766 compromised hosts.

Fortinet patches actively exploited CVE-2026-35616 zero-day in FortiClient EMS.

SentinelOne AI EDR blocks zero-day; Axios supply chain attack hits npm/PyPI; Chrome zero-day exploited.

Unit 42 discovers privilege escalation flaw in GCP Vertex AI allowing compromised agents to exfiltrate data.

Chinese hackers exploit TrueConf zero-day in Asian government attacks via compromised update server.

SecurityWeek roundup: Android rootkit, ChatGPT data leak, water facility ransomware, FBI breach.

UAT-10608 exploits React2Shell vulnerability to compromise 766 systems and harvest credentials at scale.

Akira ransomware group achieves initial access to encryption in under one hour with polished attack lifecycle.

Residential proxies evaded IP reputation checks in 78% of 4B malicious sessions over three months.

Cisco patches critical 9.8 CVSS flaws in IMC and SSM allowing unauthenticated remote system compromise.

Cisco patches two critical and six high-severity vulnerabilities across multiple products.

Google researchers reveal Coruna, sophisticated iPhone hacking toolkit allegedly developed by US government contractor

Alleged US government iPhone hacking tool reportedly leaked online.

Over 14,000 F5 BIG-IP APM instances exposed to actively exploited RCE vulnerability CVE-2025-53521.

Apple expands iOS 18.7.7 availability to block actively exploited DarkSword exploit kit.

Hackers exploit TrueConf zero-day to push malicious software updates via fake updates.

Apple releases iOS 18 patch to block DarkSword exploit affecting older iPhones.

Google patches CVE-2026-5281, an actively exploited use-after-free in Chrome's WebGPU layer.

Chrome zero-day CVE-2026-5281 use-after-free vulnerability discovered in Dawn WebGPU layer.

FulcrumSec breaches three AI/insurance firms via unpatched CVE, exposes 23K policyholders and $797M in premiums.

Threat actor FulcrumSec claims breach of Unique Computing LLC via unpatched CVE-2025-55182.

Google patches Chrome 146 with 21 vulnerabilities including exploited zero-day CVE-2026-5281.

US charges Maryland man for exploiting smart contract bugs to steal $55M from Uranium Finance in 2021.

Google patches actively exploited Chrome zero-day CVE-2026-5281 use-after-free in WebGPU Dawn.

ImageMagick zero-day enables RCE via crafted image uploads on Linux and WordPress servers.

Google patches fourth Chrome zero-day (CVE-2026-5281) exploited in active attacks in 2026.

Palo Alto researchers weaponize Google Vertex AI agents, exposing excessive service account permissions and insider

Apple backports iOS 18 patches for DarkSword exploit after widespread abuse by multiple threat actors.

Palo Alto researchers reveal over-privileged Vertex AI agents could enable data theft and cloud infrastructure