Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal… Read More »Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. “The group wields a wide array of tools mostly… Read More »China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as… Read More »Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat… Read More »Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply… Read More »Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The… Read More »Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API… Read More »Toxic Combinations: When Cross-App Permissions Stack into Risk
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus… Read More »Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score… Read More »Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the… Read More »Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape