Browse the latest CVE vulnerability disclosures, CISA KEV alerts, and OSV advisories. Real-time security vulnerability database curated by 10alert.
Threat hunters have shed light on a sophisticated and evolving malware toolkit called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil).
Discover how Tulsi Gabbard, the Director of National Intelligence, is navigating the complex world of surveillance programs she once opposed. Dive into her journey from anti-surveillance advocate to key overseer.
Discover how the Akira ransomware gang used an unsecured webcam to launch encryption attacks, effectively bypassing Endpoint Detection and Response (EDR) systems. Learn about this sophisticated cyber threat and its implications for cybersecurity.
Discover how over 1,000 WordPress sites have been infiltrated by sophisticated JavaScript backdoors, allowing attackers persistent access. Learn about the intricate methods used and how to protect your site.
Microsoft has shut down numerous GitHub repositories involved in a vast malvertising campaign that compromised nearly one million devices globally. Learn about the impact, prevention, and the future of digital security.
Discover how the financially motivated threat actor EncryptHub orchestrates complex phishing campaigns to deploy ransomware and information stealers through trojanized apps and PPI services. Learn about their new product, EncryptRAT, and stay informed with insights from Outpost24 KrakenLabs.
Discover how international law enforcement united to dismantle Garantex, a Russian cryptocurrency exchange favored by ransomware gangs like Conti for money laundering. Learn about the significance of this operation and its impact on cybercrime.
Discover how the U.S. Secret Service, in a joint operation with the FBI and Europol, seized the domain of Garantex, a sanctioned Russian crypto exchange implicated in ransomware activities. Learn about the impact on cybersecurity and the global effort to combat digital crimes.
Discover the shocking extent of the Toronto Zoo's January 2024 cyberattack, where ransomware crooks snatched visitor data dating back to 2000. Learn about the impact and implications of this massive data breach.
Explore the potential expansion of USCIS social media monitoring for all non-citizens and immigrants. Learn about the implications, processes, and controversies surrounding this enhanced vetting initiative. Read this article to understand how this could impact immigration policies and privacy concerns.
Discover the alarming rise of Medusa ransomware in 2025, with over 40 victims in just two months and ransom demands soaring to $100K–$15M. Explore the latest insights and data from Symantec Threat Hunter Team and other authoritative sources.
Elastic addresses a critical vulnerability in Kibana, enabling arbitrary code execution. Learn how this flaw impacts Elasticsearch visualization and how to mitigate risks.
CVEs: CVE-2025-25012
Discover the urgent need for a $75 million investment to bolster cybersecurity in rural US hospitals, protecting them from ransomware attacks and ensuring patient safety. Learn about the escalating threats, the impact on healthcare facilities, and the preventive measures that can save lives.
The U.S. Department of Justice (DoJ) has charged 12 Chinese nationals, including government officers and hackers, for their roles in a global cyber espionage campaign. This coordinated effort involved data theft and suppression of dissent, targeting U.S. critics, Asian governments, and key U.S. agencies. The indictment reveals the intricate web of state-sponsored hacking and the U.S. response to safeguard national security.
A senior software developer has been found guilty of sabotaging his former employer's systems, potentially facing ten years in prison. Learn about the implications and consequences of this cyber attack.
Threat actors have launched a malicious campaign targeting organizations in Japan since January 2025. The attackers exploit the PHP-CGI RCE vulnerability (CVE-2024-4577) to gain access to victim machines.
CVEs: CVE-2024-4577
Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by combining proactive measures with reactive strategies to enhance your security posture.
Mirai-based botnets are exploiting a zero-day flaw in Edimax IP cameras for remote command execution. US CISA warns of the vulnerability, urging organizations to report suspicious activity. Learn more about the impact and mitigation strategies.
CVEs: CVE-2025-1316
Microsoft has unveiled a large-scale malvertising campaign impacting over one million devices worldwide, aimed at stealing sensitive information. Detected in early December 2024, this campaign, dubbed Storm-0408, highlights the evolving threats in online advertising.
The FBI's Internet Crime Complaint Center (IC3) has issued a critical alert about a data extortion scam targeting corporate executives. Cybercriminals, posing as the 'BianLian Group,' send threatening letters demanding payment to prevent the release of sensitive information. Learn how to protect your organization and report incidents to CISA.
Brickcom cameras running firmware version 3.2.3.5.6 are vulnerable to two critical flaws—CVE-2026-50245 and CVE-2026-50005—enabling unauthenticated attackers to access live video feeds and seize administrative control. This affects multiple camera models deployed globally in commercial, healthcare, and manufacturing sectors, posing severe privacy and security risks. Users must mitigate risks immediately due to the lack of vendor response.
CVEs: CVE-2026-50245, CVE-2026-50005
Two critical vulnerabilities (CVE-2026-10557 and CVE-2026-7368) in the Yarbo mobile app and cloud infrastructure allow attackers to extract hard-coded credentials and manipulate robot fleets globally. These flaws expose real-time telemetry data and enable unauthorized command execution, impacting all deployed Yarbo robots worldwide. Users must update to app version 3.17.4 immediately to mitigate risks.
CVEs: CVE-2026-10557, CVE-2026-7368
Six critical vulnerabilities in the Naxclow IoT Platform (CVE-2026-42947, CVE-2026-50108, CVE-2026-50101, CVE-2026-28742, CVE-2026-42932, CVE-2026-50244, CVE-2026-50099) enable unauthorized device takeover, credential theft, and remote access across millions of smart devices globally, including Naxclow Smart Doorbell X3, X Smart Home, V720, and ix cam. Affected users face immediate risk of exploitation due to the absence of patches and Naxclow’s unresponsiveness to coordination efforts.
CVEs: CVE-2026-42947, CVE-2026-50108, CVE-2026-50101, CVE-2026-28742, CVE-2026-42932
CISA has added CVE-2026-10520, a critical OS command injection vulnerability in Ivanti Sentry, to its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation in the wild. The flaw allows unauthorized command execution on affected systems, posing immediate risks to federal agencies and all organizations using vulnerable Ivanti Sentry versions. Immediate patching is required to prevent potential data breaches or system compromise.
CVEs: CVE-2026-10520