Latest IntelligencePage 39
Search by keyword →
LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access
LiteSpeed has disclosed and patched a critical 0‑day privilege escalation flaw in its user-end cPanel plugin that is already being actively exploited to gain ro...
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post...
Proton VPN vows to resist Canadian surveillance demands under Bill C-22
Proton VPN General Manager David Peterson said the Swiss-based VPN provider will not comply with any Canadian surveillance demands stemming from the country’s p...
NordVPN wins early court victory against LaLiga’s VPN blocking campaign
A Spanish court has rejected LaLiga’s request to fine NordVPN over alleged failures to comply with a controversial anti-piracy blocking order. The decision was ...
CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Expl...
Deleted Google API Keys Continue Accessing Gemini, BigQuery, and Maps APIs
A newly disclosed issue with Google Cloud API keys reveals that deleted credentials may remain usable for up to 23 minutes, exposing projects to potential abuse...
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures re...
McDonald’s France resets accounts after customer data breach
McDonald’s France has confirmed that attackers accessed customer loyalty account information after a breach affecting partners tied to its McDo+ rewards program...
CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilitie...
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
When Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios....
Former US execs plead guilty to aiding tech support scammers
Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals w...
.webp)
Android Malware Silently Subscribes Victims to Premium Services Without Consent
A newly uncovered Android malware campaign has been quietly draining money from mobile users across four countries by signing them up for paid services they nev...
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
A newly uncovered cyber operation has raised concerns among security professionals after a coordinated wave of attacks targeted government institutions in Pakis...
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw trigg...
Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices
Canadian and U.S. authorities have arrested and charged a 23‑year‑old Ottawa resident for allegedly operating “KimWolf,” a massive Internet‑of‑Things (IoT) DDoS...
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]...
Canadian arrested for operating KimWolf botnet tied to record DDoS attack
Canadian authorities have arrested a 23-year-old Ottawa man who is accused of operating the DDoS-for-hire KimWolf IoT botnet platform. The arrest follows a broa...
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
Ransomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector...
Drupal: Critical SQL injection flaw now targeted in attacks
Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]...
Why Chargebacks are Just One Piece of the Fraud Puzzle
Fraud losses don't stop at chargebacks. False declines, account takeovers, and abuse also damage revenue and trust. IPQS breaks down why fraud teams need broade...