Targeted
Threat Intelligence

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code ex...

Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites

A new and growing wave of phishing attacks is making credential theft easier than ever before. Threat actors are now using Vercel, a legitimate AI-powered web d...

Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges

A series of newly discovered vulnerabilities in Zoom’s software ecosystem could hand local attackers the keys to your system. As organizations continue to rely ...

White Circle Raises $11 Million for AI Control Platform

The startup will invest in accelerating product development, hiring new talent, and expanding its customer base. The post White Circle Raises $11 Million for AI...

New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials

A new and highly stealthy campaign distributing Vidar Stealer has surfaced, targeting Windows users with a sophisticated attack chain designed to slip past endp...

SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA

On May 12, 2026, SAP released its highly anticipated monthly Security Patch Day updates, addressing numerous severe security flaws across its entire enterprise ...

Mullvad shares workaround for Android 16 VPN leak that remains unfixed

Mullvad has warned that a recently disclosed Android 16 flaw can allow malicious applications to bypass VPN protections and leak a device’s real IP address, eve...

Hackers Hijack Microsoft Teams Accounts to Deliver ModeloRAT

A new wave of cyberattacks is putting Microsoft Teams users on high alert across organizations worldwide. Hackers have been found hijacking Teams accounts to im...

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major ...

BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months

Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests. The post BWH Hotels Says Hackers Had Access to Reservation...

Hugging Face Packages Weaponized With a Single File Tweak

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data....

Canvas owner reaches agreement with ShinyHunters, says user data was deleted

Instructure says it reached an agreement with the threat actors behind the recent cyberattack targeting its Canvas learning platform. The company stated that st...

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free OnlyF...

Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform

The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos ...

North Korean Hackers Weaponize Git Hooks to Deploy Cross-Platform Malware

North Korean hackers have found a new way to hide malware inside the tools that software developers rely on every single day. Instead of sending phishing emails...

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware. The post West Pharmaceutical Services Hit by D...

Apple Patches Dozens of Vulnerabilities in macOS, iOS

The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS. The post Apple Patches Dozens of Vulnerabilities in...

Critical “Cline” AI Agent Vulnerability Enables RCE Attacks

A critical security flaw has been identified in the Cline Kanban server that allows threat actors to exfiltrate workspace data and execute arbitrary code silent...

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce ...

Malicious Chrome MV3 Extension Impersonates TronLink to Steal Crypto Wallet Credentials

A fake Chrome browser extension pretending to be the popular TronLink crypto wallet has been caught stealing sensitive wallet credentials from unsuspecting user...