Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Integrated exposure platforms validate exploitability, correlate paths, and reduce priorities to 2%, improving enterprise ...
CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
Panel patches authentication flaw across supported versions, prompting Namecheap port blocks and temporary access limits.
CISA added two actively exploited CVEs to KEV after confirmed attacks, mandating FCEB patching by May 12, 2026.
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to ...
CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero ...
LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...
Agent ID Administrator enabled service principal takeover before April 9, 2026 patch, exposing privilege escalation risk in ...
CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results