A series of newly discovered vulnerabilities in Zoom’s software ecosystem could hand local attackers the keys to your system. As organizations continue to rely heavily on virtual meetings, threat actors are constantly hunting for ways to exploit these communication tools. Zoom has rapidly released p
A new and growing wave of phishing attacks is making credential theft easier than ever before. Threat actors are now using Vercel, a legitimate AI-powered web development platform, to build convincing fake login pages that closely mirror real websites. The ease and low cost of this approach has open
A single click can allow attackers to exploit a critical, unpatched flaw in Open WebUI to seize control of AI workspaces, execute remote code, hijack accounts, and steal sensitive chat histories. Discovered by security researcher Metin Yunus Kandemir, the vulnerability stems from a Stored Cross-Site
While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution. The post Adobe Patches 52 Vulnerabilities in 10 Products appeared first on SecurityWeek.
Exaforce has raised a total of $200 million and plans on using the latest investment for product development and international expansion. The post Exaforce Raises $125 Million for Agentic SOC Platform appeared first on SecurityWeek.
West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems.
Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include a
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerabi
Sanjay Bahl, Director General, CERT-In. Shri VTV Ramana, Head of Government, NIC. Ms. Savita Utreja, Group Coordinator, Cyber Security Division ...
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the intellig
CERT-In's high-severity advisories to Indian MSMEs on AI-driven cyber threats, citing the potential for automated reconnaissance and multi-stage ...
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek.
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the
In a massive, internationally coordinated operation, the Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime (ZIT) and the Federal Criminal Police Office (BKA) have successfully dismantled the relaunched “Crimenetwork” platform. Law enforcement officers arreste
The infamous hacking group ShinyHunters has struck again, this time targeting Instructure, the company behind Canvas Learning Management System (LMS). In early May 2026, Instructure confirmed unauthorized activity on its Canvas platform after detecting suspicious access on April 29, 2026. The breach
A widely used Go library called fsnotify has found itself at the center of a supply chain security scare after a sudden change in maintainer access triggered alarm across the open source community. The project provides cross-platform filesystem notifications for applications running on Windows, Lin
The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Repository Hack appeared first on SecurityWeek.
The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring appeared first on SecurityWeek.
The issue was found in the same area of the Linux kernel that produced last month’s Copy Fail bug, and also allows anyone with a basic account on an affected computer to seize full administrative control.