Latest IntelligencePage 54
Search by keyword →
PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NG...
Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities
Two critical memory-safety vulnerabilities in PHP’s image-processing functions could allow attackers to leak sensitive heap memory or to execute denial-of...
Linux Kernel Vulnerability “ssh-keysign-pwn” Lets Attackers Read SSH Keys and Shadow Passwords
A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, ...
Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords
A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, ...
Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero r...
Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address
A newly disclosed flaw in Android 16 is raising serious privacy concerns after researchers revealed that malicious apps can bypass VPN protections and expose a ...
Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own
Pwn2Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385,750 for 15 unique vulnera...
A Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level...
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkou...
Mullvad VPN exit IP patterns could enable user fingerprinting
A researcher has disclosed a privacy weakness in Mullvad VPN that could allow users to be probabilistically identified across different VPN servers by correlati...
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple pro...
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chai...
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's ...
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and ext...
Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker
Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is ...
OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack
A chain of four critical vulnerabilities discovered in OpenClaw, one of the fastest-growing open-source platforms for autonomous AI agents, has left an estimate...
Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers
A dangerous new piece of malware called Shai-Hulud has emerged as one of the most alarming supply chain threats of 2026. It is a self-propagating worm that quie...
Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens
Hackers are exploiting a little-known feature of Microsoft’s authentication system to steal account credentials at scale. Device code phishing campaigns n...
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters ...
Microsoft backpedals: Edge to stop loading passwords into memory
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it...