Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]
Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of indiv
Digital Sovereignty Must Not Override Privacy – Daily Sun
India's data protection law is not a rule. It is part of a conversation about our dignity, freedom, and control over our information. Bangladesh's ...
Can India technically afford to go fully remote again? – HR News
With a surge in cybersecurity threats since the pandemic and evolving remote work policies, this article explores whether India can sustain a ...
Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!
A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by a remot
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
The company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Agentic Email Security Platform appeared first on SecurityWeek.
‘They’ll have to verify everyone’: privacy & surveillance implications of age ve
Speaking about the concerns of age verification at scale, the experts highlighted the privacy & surveillance risks of age-assurance systems, as they have to verify everyone, and anonymity is safety. The post ‘They’ll have to verify everyone’: privacy & surveillance implications of age verification a
EMEA Emerges as Global Hotspot for Financial Services DDoS Attacks
The global financial sector is facing a sharp rise in Financial Services DDoS Attacks, with cybercriminals increasingly targeting banks, payment systems, and online financial platforms through larger, longer, and more attacks, according to new research from Akamai. In its latest State of the Interne
Vulnerability Exploitation Overtakes Stolen Credentials in AI-Driven Cyberattack
Vulnerability exploitation has officially become the leading cause of cybersecurity breaches for the first time in nearly two decades, according to the latest Data Breach Investigations Report (DBIR) released by Verizon. The findings highlight how artificial intelligence is rapidly reshaping the thr
World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses
A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set of 79 fraudulent domains has ballooned into a network of at least 222 domains spread across 203 unique IP addresses, making it nearly th
Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control O
Hackers are using telecom networks and hosting providers across the Middle East as a foundation for massive command-and-control operations, turning trusted infrastructure into a launchpad for cyberattacks. A newly released threat intelligence report reveals that more than 1,350 active command-and-co
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trust
The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek.
Ubiquiti patches three max severity UniFi OS vulnerabilities
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. [...]
Why Chargebacks are Just One Piece of the Fraud Puzzle
Fraud losses don't stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broader visibility into risk and customer impact. [...]
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5),
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Steal
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/a
AI-Led VKYC Is Reshaping Digital Onboarding in BFSI – VARIndia.
Security Testing. Mandatory vulnerability assessments, penetration testing, and security audits by CERT-In-approved agencies. System Updates. Regular ...