Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
How Low-Priority Alerts and EDR ‘Mitigations’ Hide Real Threats
A study covering more than 25 million security alerts in real corporate environments revealed a structural issue: almost 1% of ...
Critical PAN-OS buffer overflow in User-ID portal under attack
Palo Alto Networks has confirmed limited active exploitation of the critical vulnerability CVE-2026-0300 in its PAN-OS software. This buffer overflow ...
vm2 sandbox escapes raise concerns over JavaScript isolation
Critical vulnerabilities have been discovered in the vm2 library, a popular tool for running untrusted JavaScript code in an isolated ...
Flare.io details PamDOORa PAM backdoor for persistent SSH access
Researchers at Flare.io have disclosed details of a new Linux backdoor called PamDOORa, which is reportedly being sold on the ...
CVE-2026-23918: critical Apache HTTP/2 flaw and mitigation guidance
Apache Software Foundation has released a security update for Apache HTTP Server that fixes a critical vulnerability CVE-2026-23918 (CVSS 8.8) ...
New xlabs_v1 Mirai Botnet Exploits Android ADB for DDoS Attacks
Researchers from Hunt.io have discovered a new botnet based on Mirai, identifying itself as xlabs_v1, which exploits devices with an ...
Security updates for cPanel, WHM and WP Squared: three CVEs
cPanel has released security updates for cPanel and Web Host Manager (WHM), addressing three vulnerabilities: arbitrary file read, arbitrary Perl ...
How CallPhantom and GoldFactory Exploit Trust in Mobile Apps
28 fraudulent applications under the collective codename CallPhantom managed to gain more than 7.3 million installs in Google Play, promising ...
How Bleeding Llama and Ollama Windows Auto-Update Lead to Critical RCE
Ollama, one of the most popular platforms for running LLM models locally, has faced two classes of critical issues at ...
Exploited PAN-OS User-ID Portal RCE (CVE-2026-0300) Guidance
Palo Alto Networks PAN-OS contains a critical vulnerability CVE-2026-0300 in the User-ID Authentication Portal service that is already being exploited ...
