New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Published on: June 4, 2026
OverviewSecurity researchers have identified a newly disclosed Denial-of-Service (DoS) attack technique, dubbed HTTP/2 Bomb, which targets systems using the HTTP/2 protocol and can rapidly exhaust server memory, leading to service...
Windows Netlogon 0?Click RCE Vulnerability Actively Exploited in the Wild (CVE?2026?41089)
Published on: June 2, 2026
OverviewA critical vulnerability in the Windows Netlogon service, tracked as CVE?2026?41089, is now being actively exploited in the wild, posing a significant risk to enterprise environments. |This vulnerability allows unauthenticated...
Active Exploitation of Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2026-0257)
Published on: June 1, 2026
OverviewA critical authentication bypass vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2026-0257, is being actively exploited in the wild. The vulnerability allows unauthenticated attackers to bypass authentication mechanisms and...
Microsoft SharePoint Server Vulnerability Enables Remote Code Execution (CVE?2026?45659)
Published on: May 29, 2026
OverviewA critical vulnerability in Microsoft SharePoint Server, tracked as CVE?2026?45659, allows attackers to execute arbitrary code remotely, posing a significant risk to enterprise environments. The vulnerability stems from improper deserialization of...
Mandatory Patching for Linux Kernel Vulnerability CVE-2026-31431
Published on: May 20, 2026
OverviewA critical Local Privilege Escalation (LPE) vulnerability, identified as CVE-2026-31431 and commonly referred to as “Copy Fail,” affects multiple Linux kernel versions released since 2017. The vulnerability allows an authenticated...
Windows BitLocker Zero-Day Allows Access to Protected Drives
Published on: May 7, 2026
Overview:A New Windows BitLocker zero-day vulnerability could allow attackers to bypass disk encryption protections and access data stored on encrypted drives. The issue affects systems using Microsoft BitLocker full-disk encryption...
GitHub fixes RCE flaw that gave access to millions of private repos
Published on: April 30, 2026
Overview:A critical security vulnerability was identified in GitHub that could allow attackers to execute code on GitHub’s internal systems. This issue could potentially give access to millions of private repositories....
Multiple Vulnerabilities in Google Chrome for Desktop
Published on: April 18, 2026
Overview:Multiple vulnerabilities have been reported in Google Chrome for Desktop (Windows, macOS, Linux) that could allow a remote attacker to execute arbitrary code, manipulate data, or take control of the...
Device Code Phishing Hits 340+ Microsoft 365 Orgs via OAuth Abuse
Published on: March 26, 2026
Overview:A large-scale phishing campaign has been identified targeting Microsoft 365 (O365) users by abusing the OAuth device authentication process. This attack known as Device Code Phishing, tricks users into logging...
Critical Oracle Identity Manager RCE Vulnerability (CVE-2026-21992)
Published on: March 22, 2026
Overview:A critical vulnerability has been identified in Oracle products, specifically Oracle Identity Manager and Oracle Web Services Manager.The vulnerability, tracked as CVE-2026-21992, allows attackers to execute remote code on affected...
Microsoft Azure Monitor Alerts Abused for Callback Phishing Attacks
Published on: March 20, 2026
Overview:A new phishing campaign has been identified where attackers are misusing Microsoft Azure Monitor to send fake security and billing alert emails.These emails appear to come from legitimate Microsoft systems...
Attackers Hijacking Legitimate Websites to Target Microsoft Teams Users
Published on: March 17, 2026
Overview:Security researchers from KnowBe4 Threat Labs have identified a large-scale phishing campaign where attackers compromise legitimate websites and use them to steal user credentials.Instead of using fake domains, attackers inject...
Middle East Conflict-Themed Cyber Campaigns
Published on: March 11, 2026
Overview:Security researchers have observed an increase in cyber threats that use the ongoing Middle East geopolitical conflict as a lure to trick users. Threat actors are creating malicious files, fake news...
Iranian Cyber Retaliation Risk & Increased Cyber Threat Level
Published on: March 3, 2026
Overview:Due to the recent geopolitical escalation involving the U.S., Israel, and Iran, global threat intelligence reports indicate a heightened short-term cyber risk.Historically, during periods of tension involving Iran, there has...
Windows Notepad Vulnerability Allows Attackers to Execute Malicious Code Remotely
Published on: February 23, 2026
OverviewMicrosoft has patched a critical Remote Code Execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE?2026?20841, disclosed during the February 10, 2026 Patch Tuesday release. The flaw arises from...
Hackers target Microsoft Entra accounts in device code vishing attacks
Published on: February 22, 2026
OverviewThreat actors are actively targeting organizations using device code phishing combined with vishing (voice phishing) to exploit the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. These attacks differ from...
Google Patching the First Chrome Zero?Day Exploited in Attacks This Year (CVE?2026?2441)
Published on: February 19, 2026
Overview On February 16, 2026, Google released emergency updates to address CVE?2026?2441, the first actively exploited Chrome zero?day vulnerability discovered this year. This high?severity flaw is a use?after?free vulnerability in the CSS component...
Advisory on Notepad++ Update Servers Hijacked to Redirect Users to Malicious Servers
Published on: February 2, 2026
OverviewNotepad++ disclosed a targeted supply?chain compromise involving its software update infrastructure. Forensic analysis conducted by independent security experts and the former hosting provider confirmed that the incident resulted from an infrastructure?level...
Advisory on Microsoft Office Zero-Day Vulnerability (CVE-2026-21509)
Published on: January 28, 2026
Overview: Microsoft has released an out-of-band emergency security update to address a high-severity zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509. The vulnerability is actively exploited in the wild and allows attackers...
Google Chrome for Desktop Vulnerability
Published on: January 23, 2026
Overview:A high-severity vulnerability has been identified in Google Chrome for Desktop, which could allow a remote attacker to execute arbitrary code on an affected system. The issue arises from a...