Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.

Russian-linked phishing hits thousands of messaging accounts via fake support tactics, enabling impersonation and data access.

Outdated iOS exploited via Coruna, DarkSword kits through web attacks, enabling mass data theft on unpatched devices.

Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device compromise risk.

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...

Claude Code bypasses security controls by acting locally before monitoring, exposing data risks and audit gaps.

CISA adds 5 exploited flaws (CVSS up to 10.0) to KEV, mandates April 3, 2026 patching to prevent malware and espionage attacks.

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

DoJ disrupts IoT botnets behind 31.4 Tbps DDoS attacks using 3M devices, reducing global extortion-driven outages.

Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.

CSMA links siloed security tools into attack paths to crown jewels, exposing hidden risks and enabling faster remediation.

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...