Security

2 min read 262 views

CISA Adds SmarterMail RCE Flaw to KEV Catalog After Warlock Ransomware Exploits It

CISA added CVE-2026-24423, a critical unauthenticated remote code execution flaw in SmarterMail, to its Known Exploited Vulnerabilities catalog after the Warlock ransomware group breached SmarterTools' own network through an unpatched instance.

Feb 19

2 min read 448 views

Chinese Hackers Exploited Dell RecoverPoint Zero-Day for 18 Months

A maximum-severity hardcoded credential vulnerability in Dell RecoverPoint for Virtual Machines was silently exploited by a suspected Chinese threat actor since mid-2024, with attackers deploying novel backdoors and ghost network interfaces to evade detection inside VMware environments.

Feb 18

2 min read 445 views

CISA Flags Five-Year-Old GitLab SSRF Flaw as Actively Exploited

CISA has added CVE-2021-39935, a server-side request forgery vulnerability in GitLab's CI Lint API originally patched in December 2021, to its Known Exploited Vulnerabilities catalog after observing renewed active exploitation against unpatched internet-exposed instances.

Feb 18

2 min read 419 views

Secure Boot Certificates from 2011 Begin Expiring in June 2026: What IT Teams Must Do Now

The original Secure Boot certificates installed on Windows PCs since 2011 will start expiring in June 2026, and without action devices will lose the ability to receive boot-component security updates and trust newly signed third-party software.

Feb 18

2 min read 225 views

Notepad++ Discloses Full Details of 2025 Supply Chain Attack by Chinese APT Lotus Blossom

Notepad++ published a full retrospective of a June–December 2025 supply chain compromise in which Chinese state-sponsored group Lotus Blossom hijacked the WinGUp update mechanism to deliver Cobalt Strike and a custom backdoor to selectively targeted users.

Feb 17

2 min read 528 views

Windows Admin Center CVE-2026-26119 Lets Low-Privilege Users Silently Escalate to Admin

A CVSS 8.8 improper authentication flaw in Windows Admin Center version 2.6.4 allows any authenticated low-privilege user to craft API calls that the server incorrectly processes as fully authorized, granting admin-level control over managed servers.

Feb 17

2 min read 489 views

SmartLoader Trojanizes Oura Ring MCP Server to Steal Developer Credentials

Attackers cloned a legitimate Oura Health MCP server on GitHub, built a fake contributor network to manufacture credibility, and used the trojanized package to deploy the StealC infostealer against developers.

Feb 17

2 min read 349 views

Google Patches First Chrome Zero-Day of 2026: CVE-2026-2441 Under Active Exploitation

Google has issued an emergency Chrome 145 update to fix CVE-2026-2441, a use-after-free vulnerability in CSS font handling that is actively being exploited in the wild.

Feb 16

2 min read 594 views

CISA and NSA Warn of BRICKSTORM Backdoor Targeting VMware vCenter and Windows Systems

CISA, NSA, and the Canadian Centre for Cyber Security have updated their advisory on BRICKSTORM, a sophisticated backdoor used by PRC state-sponsored actors to maintain persistent access to VMware vCenter and Windows environments.

Feb 16

2 min read 371 views

ThreatLocker Announces Zero Trust World 2026 Conference

ThreatLocker's sixth annual Zero Trust World conference takes place March 4-6, 2026 in Orlando, featuring hands-on hacking labs, expert speakers including Adam Savage, and onsite Cyber Hero certification exams.

Feb 15

2 min read 474 views

npm Supply Chain "Shai-Hulud" Worm Continues to Threaten Ecosystem

GitLab's Vulnerability Research team has identified an ongoing large-scale supply chain attack affecting tens of thousands of repositories, with evolved "Shai-Hulud" malware featuring worm-like propagation and a destructive "dead man's switch."

Feb 15

1 min read 400 views

MongoDB Patches MongoBleed Vulnerability Across All Versions

MongoDB released critical security patches addressing CVE-2025-14847, a memory leak vulnerability under active exploitation that affects over 87,000 servers worldwide.

Feb 14