Live Feeds
-
Chrome extensions turned malicious after ownership transfer, pushing code injection and fake updates
Two Chrome extensions, QuickLens and ShotBird, turned malicious after ownership changes, enabling attackers to inject arbitrary code, strip security headers, display fake Chrome update prompts, and steal sensitive data from downstream users.
-
AppsFlyer Web SDK hijacked to deliver crypto-stealing JavaScript in supply-chain attack
The AppsFlyer Web SDK was temporarily hijacked to deliver malicious JavaScript that replaced cryptocurrency wallet addresses with attacker-controlled ones, in what AppsFlyer says was a domain registrar incident affecting the Web SDK on a segment of customer websites.
-
Critical Vulnerability Triage Playbook: How SOCs Prioritize and Patch Critical CVEs
Vulnerability triage: Practical steps SOCs use to prioritize critical CVEs, assign risk, and speed safe patching.
-
Pulse Secure network hacked via backdoor embedded in its VPN software
Pulse Secure network was breached after attackers planted a backdoor in the vendor’s VPN code, according to a Bloomberg report. The intrusion affected 119 customer organizations and underscores recurring Ivanti VPN flaws.
-
UMMC ransomware attack forces closure of 35 Mississippi clinics
UMMC ransomware attack: University of Mississippi Medical Center closed all 35 statewide clinics after a ransomware infection took information systems offline, forcing cancellations of appointments and non‑urgent care.
-
Critical BeyondTrust Remote Support flaw abused by ransomware gangs
BeyondTrust Remote Support vulnerability CVE-2026-1731 is under active exploitation by ransomware operators, CISA confirms. The flaw allows pre-auth command execution and has been used to stage web shells and exfiltrate data.
-
Critical Ivanti Vulnerability Exploited Since Last Summer in Attacks
Critical Ivanti EPMM vulnerability actively exploited since last summer.
-
Critical RCE in Grandstream GXP1600 VoIP phones enables silent eavesdropping (CVE-2026-2329)
Grandstream GXP1600 vulnerability (CVE-2026-2329): critical unauthenticated RCE affecting GXP1600 series; Rapid7 provides PoC and vendor patch 1.0.7.81 is available—apply immediately.
-
Amnesty finds Predator spyware on Angolan journalist’s iPhone
Predator spyware: Amnesty’s Security Lab confirms a 2024 infection of an Angolan journalist’s iPhone, documenting data access and repeated re-infection attempts. The report links the incident to known exploitation chains and highlights the human-rights risks of unregulated surveillance technology.
-
Belgian hospital restores systems a month after ransomware attack
AZ Monica ransomware recovery: Systems at AZ Monica are largely restored a month after a ransomware attack; the hospital says no ransom was paid and there are no confirmed indications of data exfiltration.