CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

PhantomCore exploited three TrueConf flaws since September 2025, enabling remote access and lateral movement across Russian ...

Cybersecurity experts warn that complete Australian identity packages, including bank logins and personal data, are selling for around $200 on the dark web, far higher than US equivalents. The data’s ...

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or ...

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are ...

FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices ...

Hackers have been unsuccessfully targeting CVE-2023-33538, a vulnerability in discontinued TP-Link routers, for a year.

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

PCWorld reports on the ‘BlueHammer’ zero-day vulnerability that allows attackers to potentially take over Windows computers through privilege escalation. A frustrated security researcher published the ...

Microsoft is dealing with a newly disclosed zero-day vulnerability in Windows that could allow attackers to gain full system control, with no official fix available yet. The flaw, called BlueHammer, ...