Latest IntelligencePage 16
Search by keyword →
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "...
Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections
A critical vulnerability in Apache ActiveMQ has been disclosed, allowing attackers to inject malicious HTTP security headers through improperly handled message ...
Hackers Target Global Stock Exchange in Espionage Operation
The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Es...
Ivanti ITSM Vulnerability Lets Attackers Gain Admin Privilege
Ivanti has disclosed a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow attackers with valid credentials to escalate privile...
Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
A high-severity CRLF injection vulnerability in the Laravel framework, tracked as CVE-2026-48019, could allow attackers to interfere with outbound email process...
IMA Diligence Services Data Breach Impacts 525,000 People
The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525...
Verizon VoLTE network found missing IPsec protections for SIP signaling
The CERT Coordination Center (CERT/CC) has disclosed a security issue affecting Verizon's Voice over LTE (VoLTE) infrastructure, warning that SIP signaling traf...
Malicious Notifications Could Trick Google Gemini Users
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more....
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragme...
Organizations Warned of Exploited Linux Kernel Vulnerability
An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vuln...
Hackers Use YouTube and SEO Poisoning to Spread WeedHack Minecraft Malware
Hackers are hiding dangerous malware inside what look like popular Minecraft mods and game clients, using YouTube videos and search engine tricks to pull unsusp...
Acer working to patch max severity zero-days in Wave 7 routers
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]...
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop be...
Citizen Lab urges Canada to withdraw parts of Bill C-22 over privacy concerns
Citizen Lab and the Canadian Civil Liberties Association (CCLA) are urging lawmakers to withdraw key provisions of Canada's proposed lawful access legislation, ...
New “HTTP/2 Bomb” attack can exhaust server memory in seconds
Researchers have disclosed a new denial-of-service (DoS) technique dubbed HTTP/2 Bomb, a memory-exhaustion attack that can render major web servers inaccessible...
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘...
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the ca...
Police dismantles 9 crime groups in illegal streaming crackdown
European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streami...
Global Stock Exchange Hit by Monthslong Email Campaign
A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools....
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft has responded to backlash over its initial threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coordina...