Latest IntelligencePage 85
Search by keyword →
Jenkins Patches High-Severity Plugin Flaws Including Path Traversal and Stored XSS
Jenkins project published a security advisory detailing patches for seven plugin vulnerabilities, including high-severity path traversal and Stored Cross-Site S...
“Copy Fail” gives root access to all Linux systems via 732-byte exploit
A new Linux kernel vulnerability dubbed “Copy Fail” enables unprivileged users to gain root access across nearly all major distributions using a tiny, highly re...
WordPress Plugin Hacked Since 2020 to Inject Malicious Code Silently
A massive supply chain attack has been uncovered in the Quick Page/Post Redirect Plugin, a popular WordPress plugin with over 70,000 active installations. Secur...
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
An attacker could have planted a malicious configuration to execute commands outside the sandbox. The post Critical Gemini CLI Flaw Enabled Host Code Execution,...
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution. The post EnOcean SmartServer Flaws Expos...
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in...
Police dismantles 9 crypto scam centers, arrests 276 suspects
A joint international operation involving U.S. and Chinese authorities arrested at least 276 suspects and shut down nine cryptocurrency investment fraud centers...
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited...
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail̵...
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense
OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered ...
Critical cPanel zero-day auth bypass exploited since February
A critical authentication bypass vulnerability in cPanel & WHM is being actively exploited, allowing remote attackers to gain full administrative access to...
CVE MCP Server Turns Claude Into a Full-Spectrum Security Analyst With 27 Tools Across 21 APIs
A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic’s Claude AI into a fully c...
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs
A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic’s Claude AI into a fully c...
Claude-Generated Commit Adds PromptMink Malware to Crypto Trading Agent
A new threat has quietly taken root in the software development world, using an AI coding assistant as an unknowing participant in a supply chain attack. A mali...
Sandhills Medical Says Ransomware Breach Affects 170,000
It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom. The post Sandhills Medical Says Rans...
Qinglong Task Scheduler RCE Vulnerabilities Exploited in the Wild
In early 2026, two critical authentication bypass vulnerabilities in the popular open-source Qinglong task scheduler were actively exploited by hackers. Accordi...
Novel KarstoRAT RAT Enables Webcam Monitoring, Audio Recording, and Remote Payload Execution
A newly identified remote access trojan called KarstoRAT has been found in sandbox analyses and malware repositories since early 2026. The malware gives attacke...
CISA Warns of ConnectWise ScreenConnect Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe vulnerability in ConnectWise ScreenConnect. On ...
ProFTPD’s SQL Injection Vulnerability Enables Remote Code Execution Attacks
A critical SQL injection vulnerability in ProFTPD, one of the Internet’s most widely deployed FTP servers. Tracked as CVE-2026-42167, this flaw carries a ...
Malicious npm Package Brand-Squats TanStack Exfiltrate Developer Secrets
A fake npm package has been caught silently stealing sensitive developer credentials by impersonating the widely trusted TanStack library. The package, publishe...