A critical authentication bypass vulnerability, CVE-2026-0257, affects Palo Alto Networks PAN-OS GlobalProtect Portal and Gateway deployments. The vulnerability allows a remote, unauthenticated attacker to establish an unauthorized VPN connection by exploiting weaknesses in the handling of authentication override cookies.
Read more →The second Tuesday of June 2026 marked Microsoft's largest Patch Tuesday release on record, delivering security updates for a massive range of vulnerabilities affecting Windows, Microsoft Office, Azure, Exchange, Hyper-V, Active Directory, Remote Desktop, BitLocker, and numerous core operating system components.
Read more →Two Russia-aligned threat groups, Gamaredon and UAC-0226, are actively exploiting CVE-2025-8088, a high-severity WinRAR path traversal vulnerability, against Ukrainian government, military, and critical infrastructure organizations. Nearly a year after a patch was made available, both groups continued to operate unimpeded.
Read more →A newly identified Gafgyt botnet variant, C0XMO, is actively targeting internet-exposed devices through a combination of vulnerability exploitation, weak-credential attacks, and automated lateral movement. Unlike traditional Gafgyt campaigns, C0XMO separates its propagation logic into a dedicated Python-based scanner, enabling it to compromise a wider range of architectures and device types while scaling infections more efficiently.
Read more →Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb.
Read more →AI-driven vulnerability discovery is getting attention because of Anthropic’s Project Glasswing and Claude Mythos Preview. This raises a practical question: once a model like Mythos finds a vulnerability, what happens next?
Read more →We looked at the gap between vulnerability discovery and enterprise action. Finding a vulnerability is important, but enterprise risk is reduced only when that vulnerability is understood, prioritized, remediated, and verified. That leads to the next question: if remediation is what reduces risk, why does it still move slowly in enterprises?
Read more →What happens after a vulnerability becomes known? Finding vulnerabilities faster is important, but from an enterprise point of view, it is only the beginning. A vulnerability reduces enterprise risk only when it can be turned into action.
Read more →Modern cyber-espionage campaigns are increasingly shifting away from loud exploitation techniques and toward stealth-focused, persistence-driven operations that abuse trusted infrastructure. Rather than relying on chains of zero-day vulnerabilities or commodity malware, advanced threat actors are no...
Read more →Anthropic’s Claude Mythos Preview (Project Glasswing) has pushed a new question into the center of security discussions. Anthropic says Mythos has already identified thousands of zero-day vulnerabilities across critical infrastructure, and that in testing it was able to identify and exploit zero-day...
Read more →Researchers have uncovered an active Mirai botnet campaign exploiting CVE-2025-29635, a command-injection vulnerability in legacy D-Link DIR-823X routers, to recruit internet-exposed devices into a distributed denial-of-service (DDoS) botnet. Attackers deploy a Mirai malware variant known as “tuxnok...
Read more →Researchers have uncovered an active IoT botnet campaign exploiting two known command-injection vulnerabilities to recruit surveillance cameras and home routers into a distributed denial-of-service (DDoS) army. Dubbed Nexcorium, this new Mirai variant uses CVE-2024-3721, an OS command-injection flaw...
Read more →Threat actors are increasingly moving faster than ever in ransomware operations, shrinking the time between initial compromise and ransomware deployment to maximize impact before defenders can respond. Instead of relying on prolonged persistence, modern ransomware groups are rapidly exploiting newly...
Read more →
