12+ hour, 36+ min ago  (319+ words) A significant supply chain attack targeting the Okendo Reviews widget. Threat actors known as Smart Ape SG successfully injected malicious Java Script into this popular e-commerce plugin, potentially exposing millions of online shoppers to malware. Because more than 18, 000 brands use…...

12+ hour, 29+ min ago  (213+ words) Tracked as'CVE-2026-8713'with a CVSS score of'9. 1 (Critical), the flaw allows unauthenticated attackers to delete arbitrary files on the server, potentially enabling a full site takeover via remote code execution (RCE). When a site administrator configures an Avada form to…...

16+ hour, 42+ min ago  (175+ words) The Node. js project has released critical security updates across its 22. x, 24. x, and 26. x release lines, addressing 12 vulnerabilities, including two high-severity flaws that could enable authentication bypass and cause remote processes to crash. This triggers a remote process abort,…...

18+ hour, 27+ min ago  (341+ words) Security researchers have attributed the framework to threat actors backed by the People's Republic of China (PRC) with moderate-to-high confidence. Showboat is not a typical dropper or ransomware; instead, it provides operators with quiet, long-term access to compromised networks. Showboat…...

18+ hour, 40+ min ago  (404+ words) Unlike traditional stealers that rely on standard IP-based command-and-control (C2) servers, this malware uses a portable Tor client and a local SOCKS5 proxy. This turns a financially motivated data stealer into a lightweight, remote backdoor capable of bypassing conventional network defenses. The…...

19+ hour, 19+ min ago  (381+ words) Threat actors exploited a compromised Klue Battlecards integration to silently harvest Salesforce CRM data from enterprise environments in June 2026, leveraging OAuth tokens and automated Python scripts to pull bulk records through legitimate API channels, all while flying under the radar…...

19+ hour, 11+ min ago  (283+ words) A recent threat intelligence assessment by Insikt Group analyzed digital monitoring operations across 193 countries and found that 31 nations pose a high or very high risk to digital privacy. When business professionals or organizations fail to prepare for these monitoring threats…...

19+ hour, 43+ min ago  (600+ words) A new Boot ROM vulnerability, dubbed'usbliter8, affects Apple devices powered by A12, S4/S5, and A13 So Cs. The exploit chains a hardware-level bug in the Synopsys DWC2 USB controller with a firmware configuration flaw to achieve full application processor boot-chain compromise, and because it…...

20+ hour, 7+ min ago  (393+ words) In a sweeping international law enforcement operation, authorities have dealt a significant blow to the'criminal infrastructure behind Soc Gholish, one of the most persistent malware frameworks active since 2017, seizing 106 servers and 101 domains while remediating nearly 15, 000 infected websites worldwide. The coordinated…...

2+ day, 13+ hour ago  (419+ words) Cloud logging services like AWS Cloud Trail and Google Cloud Logging have become the backbone of enterprise security monitoring, but that same criticality makes them a prime target. Research from Palo Alto Networks" Unit 42 team reveals how sophisticated threat actors…...