Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Unpatched Gogs RCE Lets Authenticated Users Run Server Commands
In Gogs—a popular solution for self-hosting Git repositories—a critical remote code execution (RCE) vulnerability with a CVSS 9.4 rating has ...
Mass Infostealer Delivery via FortiClient EMS Vulnerability
The critical vulnerability CVE-2026-35616 in FortiClient Endpoint Management Server (EMS) is being actively exploited by threat actors for mass delivery ...
Inside the Kimwolf DDoS Botnet and the Arrest of Its Alleged Admin
US and Canadian authorities announced the arrest of 23‑year‑old Ottawa resident Jacob Butler (alias Dort), who is accused of administering ...
How Project Glasswing Exposes the Power and Risk of Claude Mythos
Anthropic published the first report on its Project Glasswing program, under which the Claude Mythos AI model scanned more than ...
How Dutch Investigators Dismantled a Sanctions-Evading Hosting Network
The Netherlands Fiscal Information and Investigation Service (FIOD) carried out a large-scale operation to seize more than 800 servers and ...
Unauthenticated Access to Gitea Private Containers (CVE-2026-27771)
A vulnerability CVE-2026-27771 has been discovered in the Gitea version control platform that allows unauthenticated remote attackers to pull private ...
Microsoft Details Cryptojacking Campaign Abusing AI Chatbots and ScreenConnect
The Microsoft Defender Experts and Microsoft Defender Security Research teams have published a report on an active cryptojacking campaign in ...
Iran’s MuddyWater targets global orgs with DLL sideloading and ChromElevator
The Iranian threat group MuddyWater (also known as Seedworm) conducted a large-scale espionage campaign in the first quarter of 2026 ...
Zero-Day Exploitation of KnowledgeDeliver LMS via ASP.NET ViewState
The CVE-2026-5426 vulnerability (CVSS 7.5) in the Digital Knowledge KnowledgeDeliver learning management system, widely used in Japan, was exploited as ...
Mass Ghost CMS compromises via CVE-2026-26980 SQL injection
The critical vulnerability CVE-2026-26980 (CVSS 9.4) in the Ghost CMS platform is being actively exploited by attackers to mass-inject malicious ...
