Latest Tech News

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now (No image available)

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates. [...]
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of around 200. Those two live bugs are the ones to grab first. Microsoft credits incident responders for both. Both are
Spanish Police take down €140 million cyber fraud ring, arrest four (No image available)

Spanish Police take down €140 million cyber fraud ring, arrest four

The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks. [...]
Nearly 300 GitHub repos pose as legit software to push malware (No image available)

Nearly 300 GitHub repos pose as legit software to push malware

A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. [...]
Microsoft releases Windows 10 KB5099539 extended security update (No image available)

Microsoft releases Windows 10 KB5099539 extended security update

Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, along with additional security fixes. [...]
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days (No image available)

Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. [...]
Windows 11 KB5101650 & KB5099414 cumulative updates released (No image available)

Windows 11 KB5101650 & KB5099414 cumulative updates released

Microsoft has released Windows 11's June 2026 Update for version 25H2, 24H2, and 23H2, bringing fixes for over 570 security issues. [...]
Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic restricted the arbitrary-prompt path in May as part of its response to the 
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today. "Once deployed, it can profile the host,
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown (No image available)

Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown

Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw. [...]
YouTube and X Have Become ‘Gateways’ to Nudify Apps (No image available)

YouTube and X Have Become ‘Gateways’ to Nudify Apps

A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually explicit deepfakes for as little as $1 an image.
LastPass, Bitwarden users targeted with fake security alerts (No image available)

LastPass, Bitwarden users targeted with fake security alerts

LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. [...]
You Don't Have to Run an Exploit to Know If You're Vulnerable (No image available)

You Don't Have to Run an Exploit to Know If You're Vulnerable

Many vulnerabilities cannot be safely validated with live exploits, either because no exploit exists or the affected systems are too critical to test. Picus explains how TTP chaining helps organizations determine exploitability by validating the attack techniques an exploit depends on, without launching the exploit itself. [...]
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth