Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data
The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data.
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 cou
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishin
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codename
_Cagkan_Sayin_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Europe's GCVE Raises Concerns Over Fragmentation in Vulnerability Databases
GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.
Hand CVE Over to the Private Sector
How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data
The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data.
Surging Cyberattacks Boost Latin America to Riskiest Region
The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI.
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by
Mass Spam Attacks Leverage Zendesk Instances
The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.