​A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the… Read More »DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

​The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution… Read More »Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

​A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe… Read More »China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

​Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is… Read More »MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

​Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic… Read More »The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

​While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses… Read More »We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

​The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely… Read More »ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

​Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains… Read More »Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

​A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8)… Read More »Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API