More results...
Security researchers at The Shadowserver Foundation have identified a massive internet-facing attack surface, discovering more than 511,000 End-of-Life Microsoft Internet Information Services (IIS) instances currently active online. This widespread dep…
Security Researchers have detected active exploitation targeting unpatched Quest KACE Systems Management Appliance (SMA) instances. Starting the week of March 9, 2026, threat actors began leveraging a critical authentication bypass vulnerability, ident…
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Craft CMS to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-32432, this code injection flaw is currently being e…
QNAP has released an urgent security advisory regarding a critical vulnerability affecting its QVR Pro application, a widely deployed network video surveillance solution. Disclosed on March 21, 2026, under the security advisory identifier QSA-26-07, th…
Recent threat research reveals a severe security crisis affecting low-cost IP-KVM devices. Security experts discovered nine vulnerabilities across four popular vendors, transforming these cheap management tools into powerful attack platforms. Compromis…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding three critical security flaws affecting the Apple ecosystem. Officially added to the Known Exploited Vulnerabilities (KEV) catalog on March 20, 2026, th…
A major data breach has reportedly compromised Crunchyroll, the popular Sony-owned anime streaming service. Threat actors claim to have successfully stolen 100 GB of personally identifiable information (PII) from the platform. The breach allegedly took…
The notorious hacking collective known as LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving multinational pharmaceutical giant AstraZeneca. The threat actors are reportedly attempting to sell a compressed…
Oracle recently issued an urgent security alert regarding a critical Remote Code Execution (RCE) flaw that impacts both Oracle Identity Manager and Oracle Web Services Manager. Tracked as CVE-2026-21992, this vulnerability allows attackers to compromis…
A highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security…