Latest vulnerabilities & cves news, vulnerabilities, CVEs, and threat intelligence from 50+ trusted cybersecurity sources.
Threat actors have launched a malicious campaign targeting organizations in Japan since January 2025. The attackers exploit the PHP-CGI RCE vulnerability (CVE-2024-4577) to gain access to victim machines.
CVEs: CVE-2024-4577
Important cybersecurity news update
Important cybersecurity news update
Important cybersecurity news update
Important cybersecurity news update
Important cybersecurity news update
Iran's new maritime transit authorization system in the Strait of Hormuz requires prior electronic permits for vessels, mandating compliance with electronically issued passage rules. This affects international shipping and naval operations transiting the Strait, increasing risks of navigational disruptions and geopolitical escalations. Failure to comply may lead to interceptions or detentions.
VMware NSX Distributed Firewall (DFW) version 1.5.19 contains a critical vulnerability in its microsegmentation and security group tagging features that could allow unauthorized lateral movement or privilege escalation within virtualized environments. The flaw affects VMware NSX environments relying on security policies, tags, or traceflow for access control, potentially exposing virtual machines and network segments to exploitation. Immediate patching of NSX-T or NSX-V environments is recommended.
Scammers are impersonating job recruiters on LinkedIn, with one in three recruiters affected by fraudulent accounts. This phishing-like scheme targets job seekers, who risk financial loss, identity theft, or malware exposure by engaging with fake listings. Immediate vigilance and verification are critical to avoid falling victim.
The article titled 'Future of TV Briefing: The upfront glossary, 2026 edition' highlights emerging terms and market trends in the TV upfront advertising ecosystem for 2026. While not directly exposing a specific vulnerability, the piece underscores potential security risks in programmatic advertising pipelines, including supply chain and data integrity threats. Ad buyers and sellers relying on automated bidding systems and third-party data streams are particularly exposed to malvertising, ad fraud, or API abuse risks.
A legal battle over $300 million in frozen Ethereum tokens is underway after the Kelp DAO hack in April, with Aave seeking to lift a restraining notice to release the funds to hack victims. The funds, amounting to 30,766 ETH, remain locked as a New York court decides whether to uphold the freeze or allow victim restitution.
India's Income-Tax Rules amendment for 2026 expands tax-free allowances, increasing employees' net take-home pay but inadvertently raising employer costs under the Social Security Code, 2020. This creates a financial and compliance dilemma for businesses restructuring salary packages, potentially increasing gratuity and social security liabilities for all sectors in India.
The Social Security Code, 2020 expands the definition of 'wages' to include tax-free allowances, increasing gratuity and social security liabilities for employers. This policy change affects payroll systems, particularly those in India, by increasing compliance risks and operational costs. Employers must reassess salary structures to mitigate financial and legal exposure.
A former ICE official's campaign emphasizing her security background failed to secure a Republican primary win in Ohio, highlighting potential vulnerabilities in political messaging strategies and public perception of security credentials. The incident affects local political stakeholders and underscores broader concerns about trust in security-related leadership claims. No direct cybersecurity vulnerabilities or attacks were identified in this instance.
The CyberXYZ Vulnerability Scanner CLI version 1.4.15 was released with real-time vulnerability intelligence features, including XYZ scoring, EPSS, and depalert scores. Users of this CLI tool may be affected by potential inaccuracies or false positives in vulnerability scoring and alerting mechanisms, which could lead to misprioritization of security risks.
Arista Networks Inc. reported strong Q1 FY2026 earnings and revenue but saw its stock decline due to unspecified security concerns. While no CVE is listed, investors may be reacting to potential undisclosed vulnerabilities or market anxiety over enterprise network security risks.
The US temporarily paused and later resumed 'Project Freedom', a strategic initiative aimed at guiding commercial ships through the Strait of Hormuz amid ongoing Iran negotiations. The geopolitical uncertainty and operational adjustments could expose maritime logistics and critical infrastructure to disruptions or cyber-physical risks.
World Cup security preparations in the U.S., Canada, and Mexico highlight increased physical and cyber threats targeting major event venues like Seattle and Los Angeles. High-profile venues and large crowds amplify risks of terrorism, data breaches, and infrastructure disruptions. Officials emphasize proactive measures to mitigate evolving threats.
The 'titanvault' package was added to the Python Package Index (PyPI) repository, potentially posing a risk to users relying on third-party Python libraries. The package's description claims to offer secure local storage but lacks verification of its legitimacy or security posture. Users downloading or integrating this package may be exposed to supply chain attacks or data exfiltration risks.
The Trump administration paused and later expanded 'Project Freedom,' a military initiative to escort ships through the Strait of Hormuz, citing unspecified security concerns. The operation's operational security (OPSEC) vulnerabilities risked exposing sensitive military logistics and strategic movements to adversaries like Iran or non-state actors. The scale of impact includes potential disruptions to global oil shipping and heightened geopolitical tensions in the region.
Bread Financial announced a public offering of 4.8M depositary shares representing Series B Preferred Stock via underwriting, which may expose the financial infrastructure to market manipulation or insider trading risks due to potential vulnerabilities in disclosure systems. The offering could impact investors, regulators, and stakeholders relying on accurate and timely financial data for decision-making.
Pro-Hamas activists were criticized for performing a provocative dance while demanding the release of an accused sex predator, raising concerns about coordinated disinformation campaigns exploiting social media platforms. This incident highlights the vulnerability of public discourse to manipulation by threat actors leveraging sensitive political and social issues. Platforms hosting such content may face reputational and operational risks.
Megaport launched built-in DDoS protection to address enterprise network resilience challenges, eliminating the trade-off between security, performance, and cost. This affects Megaport's automated infrastructure platform (ASX: MP1), providing on-demand mitigation for DDoS attacks without requiring additional hardware or services. The solution aims to reduce downtime and operational overhead for enterprises reliant on Megaport's network.
A previously undocumented Linux implant named Quasar Linux (QLNX) has been discovered targeting developers' systems with rootkit, backdoor, and credential-stealing capabilities. The malware specifically affects Linux-based development environments and poses a high risk to software supply chains and intellectual property. System administrators must immediately investigate and remediate compromised hosts.
Iran laid naval mines in the Strait of Hormuz, creating an extremely hazardous risk for U.S. Navy ships and commercial vessels transiting the normal route. The impacted parties include U.S. Naval vessels, allied maritime traffic, and global oil shipping lanes, threatening regional stability and maritime security. Alternative routes are now mandated to avoid the mined areas.
Apple's iPhone 17 series dominated global smartphone sales in Q1 2026, but reports indicate potential security vulnerabilities in its firmware and hardware-based security modules. These issues could expose millions of users to unauthorized access, data exfiltration, or persistent malware infections if exploited. Affected devices include all iPhone 17, 17 Pro, and 17 Pro Max models, with no confirmed CVE IDs as of publication.
Somali-based terror groups have increased piracy operations in the Bab el-Mandeb Strait, threatening global maritime trade routes by disrupting critical shipping lanes. The escalation directly impacts international shipping companies, governments, and regional stability, risking economic losses and heightened geopolitical tensions.
Ukrainian special forces have reportedly expanded covert operations into western Libya as part of a shadow war in Africa, leveraging geopolitical influence beyond Eastern Europe. This covert campaign could escalate regional instability and draw African nations into proxy conflicts, potentially involving cyber operations or sabotage. The scale and specific targets of these operations remain unclear but raise concerns about unintended consequences in already volatile regions.
White House border czar Tom Homan publicly dismissed criticisms of insufficient deportations, signaling an escalation in immigration enforcement actions. The statement may embolden state and local agencies to accelerate deportation-related operations, potentially exposing vulnerable systems and data in immigration enforcement databases to misuse or unauthorized access. No specific CVE is mentioned, but the policy shift could correlate with increased targeting of immigration-related infrastructure.
Google released Chrome 148.0.7778.120 for Android, addressing unspecified stability and performance improvements without explicit mention of vulnerabilities. Users of Chrome for Android are affected, and while no CVE IDs are listed, security patches are typically included in such updates, requiring immediate installation.