Stolen and abused credentials remain one of the most reliable and widely used initial access vectors in cyber attacks, despite the growth of advanced threats such as zero‑day exploits, software supply chain compromises and AI‑enhanced malware. For a large portion of real‑world intrusions, attackers need nothing more than a valid username and password to quietly … Read more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added eight new entries to its Known Exploited Vulnerabilities (KEV) catalog, confirming that threat actors are actively abusing these flaws in real-world attacks. The update notably includes three vulnerabilities in Cisco Catalyst SD-WAN Manager, directly impacting large enterprises and service providers that rely on SD-WAN for … Read more
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of the critical vulnerability CVE-2026-34197 in Apache ActiveMQ Classic and added it to the Known Exploited Vulnerabilities (KEV) catalog. This classification means the flaw is no longer a theoretical weakness but a proven attack vector already used in real-world intrusions, demanding urgent remediation … Read more
International law enforcement agencies have carried out a large‑scale crackdown on commercial DDoS‑for‑hire platforms, also known as booter or stresser services. Under the coordinated initiative Operation PowerOFF, authorities seized 53 domains, arrested four suspects and gained access to data on more than 3 million user accounts allegedly involved in launching distributed denial‑of‑service (DDoS) attacks for … Read more
The U.S. National Institute of Standards and Technology (NIST) has announced a radical change to how the National Vulnerability Database (NVD) processes Common Vulnerabilities and Exposures (CVE) records. From now on, full enrichment of CVEs in NVD—such as CVSS scoring, categorization, and additional analysis—will be reserved only for vulnerabilities that meet defined priority criteria. All … Read more
A new botnet dubbed PowMix has been observed targeting employees and job seekers in the Czech Republic, according to Cisco Talos researchers. The campaign combines phishing emails, Windows shortcut (LNK) files, and in-memory PowerShell malware to evade detection, highlighting how attackers are refining both social engineering and technical stealth. Targeted phishing against employees and job … Read more
Vercel, one of the leading providers of web infrastructure and hosting for modern front‑end frameworks, has disclosed a security incident in which attackers gained unauthorised access to selected internal systems. The intrusion was enabled by a compromise of the third‑party AI service Context.ai, which had OAuth access to a Vercel employee’s Google Workspace account, and … Read more
The Kyrgyz cryptocurrency exchange Grinex, already under UK and US sanctions, has suspended operations following a large‑scale cyberattack. According to the company, attackers stole around $13.74 million in user funds, exceeding 1 billion rubles. The exchange publicly blamed “Western intelligence services”, a claim that has intensified debate among cybersecurity and sanctions experts about the real … Read more
A critical vulnerability in nginx-ui, a popular open-source web interface for managing Nginx, is being actively exploited and allows attackers to gain near-total control over affected web servers. The flaw, tracked as CVE-2026-33032 and dubbed MCPwn by Pluto Security, carries a CVSS score of 9.8, underscoring its severity for any internet-exposed deployment. What nginx-ui Does … Read more
Microsoft is rolling out an accelerated account recovery process for participants in the Windows Hardware Program after a wave of automated account suspensions hit prominent security and networking projects. The outage temporarily blocked affected vendors from signing Windows drivers and shipping critical security updates, raising concerns about software supply chain resilience and operational risk for … Read more
