A devastating attack chain that bypasses Microsoft Entra ID (Azure AD) Conditional Access entirely, starting from a...
Year: 2026
An uncovered a sophisticated intrusion campaign, active since at least January 2026, in which a threat actor...
In April 2026, popular video hosting platform Vimeo confirmed a significant data breach affecting approximately 119,200 users,...
An AI-powered autonomous security agent discovered that Schemata, an Andreessen Horowitz-backed Department of Defense contractor, had virtually...
A critical vulnerability in Argo CD’s ServerSideDiff endpoint, tracked as CVE-2026-42880 and scored CVSS 9.6, allows any authenticated user with read-only access...
A high-severity vulnerability in n8n’s Model Context Protocol (MCP) OAuth client registration endpoint allows unauthenticated remote attackers...
A critical buffer overflow vulnerability, CVE-2026-0300, in the User-ID™ Authentication Portal of PAN-OS software, with a CVSS...
Threat actors are increasingly abusing Amazon Simple Email Service (SES) to execute large-scale phishing and Business Email...
Threat actors began actively exploiting CVE-2026-22679, a critical, unauthenticated remote code execution (RCE) vulnerability in Weaver (Fanwei) E-cology...
North Korea-aligned APT group ScarCruft (APT37) has been caught compromising a legitimate gaming platform to deliver a...
