1+ day, 1+ hour ago  (270+ words) A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9. 8 flaw allows unauthenticated remote attackers to bypass c Panel and WHM login mechanisms, granting them full administrative control over servers. The…...

5+ hour, 26+ min ago  (280+ words) Anthropic has officially launched the public beta of Claude Security, an advanced vulnerability detection and remediation tool now available to Claude Enterprise customers. Powered by the highly capable Claude Opus 4. 7 model, this platform shifts application security testing from basic pattern…...

5+ hour, 42+ min ago  (362+ words) A newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does…...

3+ hour, 57+ min ago  (472+ words) Deep#Door is a stealthy Python-based Remote Access Trojan (RAT) that uses an obfuscated batch loader to deploy a persistent surveillance and credential-stealing implant on Windows systems. It aggressively turns off security controls, hides its traffic behind the bore.]pub…...

3+ hour, 8+ min ago  (473+ words) Ransomware attacks surged dramatically in 2025, with global victims reaching 7, 831. The sharp rise highlights how cybercrime has evolved into a highly organized, AI-driven ecosystem in which attackers operate at speed, with automation and scale. This surge is largely fueled by the…...

1+ day, 1+ hour ago  (453+ words) A long-dormant backdoor has been uncovered in the "Quick Page/Post Redirect Plugin," a popular Word Press add-on with over 70, 000 active installations. First, it featured a passive content injection mechanism. On every page viewed by a logged-out user, the plugin…...

1+ day, 5+ hour ago  (470+ words) A newly disclosed flaw in Pro FTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the…...

1+ day, 2+ hour ago  (356+ words) Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as Team PCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. They modified these libraries…...

1+ day, 21+ hour ago  (664+ words) Lazarus Group is abusing "Click Fix" social engineering to push a new mac OS malware kit dubbed'Mach-O Man, giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by…...

1+ day, 21+ hour ago  (676+ words) The "new" VECT 2. 0 ransomware is essentially a cross'platform data wiper that permanently destroys most enterprise files rather than encrypting them for recovery. For any file larger than 131, 072 bytes (128 KB), VECT processes four separate chunks using four different randomly generated Cha…...