More results...
macOS.Gaslight: DPRK Rust implant for Mac with a prompt injection payload designed to fool AI-based malware analysts. SentinelLabs researchers spotted a Rust-based macOS implant, dubbed macOS.Gaslight, that surfaced in early June after an Apple XProtect update pointed to a VirusTotal sample uploaded on May 22. The binary was undetected by static engines at the time […]
Tata Electronics confirmed a data breach after hackers claimed to steal 630GB of data, including alleged Apple supplier and Tesla documents. Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity breach weeks after stolen data was advertised on a hacker forum. Tata Electronics confirmed a cyberattack affected parts of its IT […]
Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl. Curl maintainers addressed eighteen vulnerabilities with a single update, and one of them goes back 25 years. That’s not a typo, it really sat there since the early 2000s. curl is a widely used open-source […]
Mistic is a stealthy backdoor used by KongTuke-linked actors to keep long-term access in ransomware-targeted networks. Mistic is the kind of backdoor that tells you the operator wants time, not noise. Symantec security researchers say it has shown up in financially motivated attacks against insurance, education, IT, and professional services firms, and they link it […]
Hackers exploited Cisco Catalyst SD-WAN flaw CVE-2026-20245 as a zero-day months before disclosure, enabling privileged command execution. Google-owned Mandiant reported that an unknown threat actor exploited Cisco Catalyst SD-WAN vulnerability CVE-2026-20245 (CVSS base score of 7.8) as a zero-day at least two months before it was publicly disclosed. The flaw allows an authenticated attacker with […]
Third DraftKings hacker gets 18 months in prison for a 2022 credential-stuffing attack that compromised 1,600 accounts and stole $600,000. Nathan Austad, the third person sentenced over the 2022 DraftKings credential-stuffing attack, received 18 months in prison. The group used usernames and passwords stolen from other breaches to access about 1,600 accounts and steal roughly […]
Operation Endgame disrupted malware services like StealC and Amadey that enable ransomware, fraud, and attacks on critical infrastructure. Between June 15 and 19, 2026, Europol coordinated a two-week law enforcement operation involving agencies from Canada, Denmark, Germany, the Netherlands, the UK, and the US, alongside private firms like Microsoft, Bitdefender, IBM X-Force, Proofpoint, Infoblox, Shadowserver, […]
Frontier AI could drive a 10x surge in vulnerabilities. CTEM helps organizations continuously identify, prioritize, and reduce real cyber risk. Your vulnerability management program was not designed for what is coming next. More than 40,000 CVEs were reported in 2025, breaking yet another record. Today, security experts anticipate that frontier AI-powered systems could drive a […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: The first flaw, tracked […]
FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr “Bob” Diachenko found a live, exposed server containing working login credentials for tens of thousands of Fortinet firewalls, a data leak code-named FortiBleed. The headline number, valid remote-access logins for 73,932 devices across 21,632 […]