The signal
through the noise.

CISA has added CVE-2026-31431, also known as "Copy Fail," to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. This local privilege escalation (LPE) vulnerability allows...

A software supply chain attack campaign attributed to the GitHub account "BufferZoneCorp" has been identified using malicious Ruby gems and Go modules. The attack utilizes "sleeper" packages to deploy payloads designed...

Two cybercrime groups, Cordial Spider (CL-CRI-1116, O-UNC-045, UNC6671) and Snarky Spider (O-UNC-025, UNC6661), are conducting rapid SaaS extortion attacks by abusing Single Sign-On (SSO) environments. The groups...

A coordinated supply chain attack targeting the PyPI, npm, and Packagist ecosystems has been identified, involving the compromise of PyTorch Lightning and Intercom-client packages. The campaign, associated with the...

DEEP#DOOR is a Python-based backdoor framework designed for persistent access, surveillance, and credential exfiltration. The malware utilizes a batch script to extract an embedded Python payload at runtime, leveraging...

CVE-2026-31431, codenamed "Copy Fail," is a high-severity (CVSS 7.8) local privilege escalation (LPE) vulnerability within the Linux kernel's cryptographic subsystem. It allows an unprivileged local user to gain root...

Google has patched a critical remote code execution (RCA) vulnerability in the Gemini CLI and its associated GitHub Actions workflow, which previously allowed attackers to execute commands on host systems....

A sophisticated malware campaign, identified in March 2026, uses SEO poisoning and a dual-stage GitHub distribution architecture to deliver malicious MSI installers to enterprise administrators. The campaign leverages...

A supply chain attack campaign, identified as "Mini Shai-Hulud," has compromised several npm packages within the SAP JavaScript and cloud development ecosystem to steal developer credentials and cloud secrets. The...

The North Korean threat actor Famous Chollima (also known as Shifty Corsair) is executing a sophisticated, multi-stage malware campaign targeting the Web3 and open-source developer ecosystem. The attack utilizes...

A critical SQL injection vulnerability, tracked as CVE-2026-42208 (CVSS 9.3), was identified in the LiteLLM Python package, allowing unauthenticated attackers to read from and modify the proxy database. The flaw was...

A critical authentication bypass vulnerability, identified as CVE-2026-41940, affects all currently supported versions of cPanel and WebHost Manager (WHM). This flaw allows unauthenticated remote attackers to gain...

CISA has added two actively exploited vulnerabilities—affecting ConnectWise ScreenConnect and Microsoft Windows—to its Known Exploited Vulnerabilities (KEV) catalog. These additions follow confirmed reports of...

VECT 2.0 is a ransomware-as-a-service (RaaS) operation that functions as a data wiper for files exceeding 131KB. Due to a critical flaw in its encryption implementation, the malware permanently destroys the majority of...

CVE-2026-3854 is a critical command injection vulnerability affecting GitHub.com and GitHub Enterprise Server that allows authenticated users with push access to achieve remote code execution (RCE) via a single `git...

Microsoft patched a vulnerability in the Entra ID "Agent ID Administrator" role that allowed for unauthorized service principal takeover. The flaw enabled users assigned this role to gain ownership of arbitrary service...

Microsoft has confirmed the active exploitation of CVE-2026-32202, a high-severity spoofing vulnerability within the Windows Shell. The flaw allows unauthorized attackers to access sensitive information by leveraging an...

A critical unauthenticated remote code execution (RCE) vulnerability, identified as CVE-2026-25874, has been discovered in Hugging Face's LeRobot robotics platform. The flaw allows an attacker to execute arbitrary...

Researchers have identified a campaign of 73 malicious or "sleeper" VS Code extensions on the Open VSX repository linked to the GlassWorm v2 malware. The campaign uses typosquatting and visual mimicry to distribute...

Anthropic's Claude Mythos Preview introduces an AI-driven system capable of large-scale vulnerability identification. This advancement significantly accelerates the discovery phase of the security lifecycle, potentially...

Checkmarx has confirmed that data from its GitHub repository was leaked on the dark web following a supply chain attack on March 23, 2026. While the company asserts that its customer production environments are isolated...

The threat actor Tropic Trooper is deploying the AdaptixC2 Beacon agent through a trojanized version of the SumatraPDF reader. The campaign leverages GitHub as a command-and-control (C2) platform and utilizes Microsoft...

A high-severity Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2026-33626, has been identified in the LMDeploy toolkit. The flaw allows attackers to exploit the vision-language module to access...

A new Linux ELF-based backdoor named FIRESTARTER has been identified targeting Cisco Firepower and Adaptive Security Appliance (ASA) devices. The malware exploits critical vulnerabilities to establish persistent remote...

Vercel has identified additional compromised customer accounts following a security breach that originated from a third-party compromise of Context.ai. The incident involved an attacker leveraging a hijacked Google...

This update details a series of high-impact security incidents involving the compromise of decentralized finance (DeFi) infrastructure, widespread npm supply chain attacks, and emerging vulnerabilities in AI agents and...

Anthropic's Project Glasswing, powered by the Mythos model, has demonstrated advanced capabilities in autonomously discovering and exploiting complex software vulnerabilities across major operating systems and browsers....

The Bitwarden CLI package `@bitwarden/cli@2026.4.0` was compromised as part of the Checkmarx supply chain campaign, leading to the distribution of a malicious npm package. The attack leveraged a compromised GitHub...

Microsoft's April 2026 update addresses 167 vulnerabilities, including active zero-day exploits in SharePoint Server and Windows Defender. Concurrent emergency patches for Google Chrome and Adobe Reader address critical...

The threat actor Forest Blizzard (also known as APT28 or Fancy Bear) is exploiting vulnerabilities in legacy and unpatched SOHO routers to perform large-scale DNS hijacking. This technique allows attackers to intercept...

The proliferation of autonomous AI agents, such as OpenClaw, introduces significant security risks including credential exposure, supply chain attacks, and automated lateral movement. Because these agents possess...