Explore

Rapid Read Rapid Read
WordPress Plugins Kirki and Burst Statistics Vulnerable to Cyber Attacks

WordPress Plugins Kirki and Burst Statistics Vulnerable to Cyber Attacks

Security vulnerabilities have been identified in the Kirki and Burst Statistics WordPress plugins, potentially exposing hundreds of thousands of websites to cyber attacks. The Kirki plugin, used for website customization, is affected by a privilege escalation bug that allows attackers to reset passwords and take over accounts. The Burst Statistics plugin, which provides analytics, has an authentication bypass flaw that lets attackers gain administrator access. These vulnerabilities have been actively exploited, prompting security firm Defiant to advise users to update to the latest versions of the plugins to mitigate risks.
Trendline Trendline
Windows Netlogon Vulnerability Exploited for Remote Code Execution, Urgent Patching Advised

Windows Netlogon Vulnerability Exploited for Remote Code Execution, Urgent Patching Advised

Windows Netlogon Vulnerability Exploited for Remote Code Execution, Urgent Patching Advised
Rapid Read Rapid Read
CISA Warns of Exploited Linux Kernel Vulnerability Affecting Container Security

CISA Warns of Exploited Linux Kernel Vulnerability Affecting Container Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a vulnerability in the Linux kernel, specifically affecting container security. The vulnerability, identified as CVE-2022-0492, has a CVSS score of 7.8 and is classified as an improper authentication flaw. It allows attackers to elevate privileges and bypass namespace isolation, which is crucial for container security. The flaw is located in the cgroups feature of the Linux kernel, which is responsible for resource allocation among process groups. Only the first version of cgroups is affected. The vulnerability enables attackers to modify the release_agent file in the cgroup hierarchy, potentially allowing malicious scripts to run as root, leading to container escapes and privilege escalation. Although the technical details of this vulnerability were published three years ago, its active exploitation was only recently reported, prompting CISA to add it to its Known Exploited Vulnerabil...
Trendline Trendline
Hackers Infiltrate Global Stock Exchange, Compromise Executive Email for Espionage

Hackers Infiltrate Global Stock Exchange, Compromise Executive Email for Espionage

Hackers Infiltrate Global Stock Exchange, Compromise Executive Email for Espionage
Rapid Read Rapid Read
Critical Windows Netlogon Vulnerability Actively Exploited by Attackers

Critical Windows Netlogon Vulnerability Actively Exploited by Attackers

A critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, is being actively exploited by threat actors for remote code execution. The vulnerability, a stack-based buffer overflow, was disclosed in May 2026 and affects Windows servers acting as domain controllers. The Centre for Cybersecurity Belgium has issued a warning, urging immediate patching to prevent exploitation. The vulnerability allows attackers to execute arbitrary code with system privileges, posing a significant security risk.
Trendline Trendline
Ultrahuman Data Breach Exposes Wellness Data of Customers

Ultrahuman Data Breach Exposes Wellness Data of Customers

Ultrahuman Data Breach Exposes Wellness Data of Customers
Trendline Trendline
Oracle Releases Monthly Patch to Address 35 Security Flaws, Including Critical Vulnerabilities

Oracle Releases Monthly Patch to Address 35 Security Flaws, Including Critical Vulnerabilities

Oracle Releases Monthly Patch to Address 35 Security Flaws, Including Critical Vulnerabilities
Rapid Read Rapid Read
Russian Hackers Exploit Home Routers Across 23 U.S. States, Prompting Security Measures

Russian Hackers Exploit Home Routers Across 23 U.S. States, Prompting Security Measures

A unit of Russia's military intelligence agency, known as APT28, has been exploiting vulnerabilities in home routers across 23 U.S. states. The group, responsible for previous high-profile cyberattacks, used unpatched firmware and default passwords to compromise thousands of devices, redirecting internet traffic through Russian-controlled servers. This operation, identified as a Domain Name System hijacking, allowed the hackers to intercept and harvest user credentials. Federal agents disrupted the operation in April, but the underlying vulnerabilities remain. Government agencies are urging users to update router firmware and change default login credentials to protect against future attacks.
Rapid Read Rapid Read
Canvas Data Breach Affects CMS Students and Employees

Canvas Data Breach Affects CMS Students and Employees

A recent cybersecurity breach involving Instructure, the third-party vendor of the Canvas learning management system, has impacted Charlotte-Mecklenburg students and employees, along with millions nationwide. The breach, which did not compromise CMS's internal systems, involved personal information but reportedly did not include sensitive data like passwords or financial information. CMS has taken precautionary measures, including reviewing vendor communications and auditing system access, while coordinating with the North Carolina Department of Public Instruction.
Rapid Read Rapid Read
Active Exploitation of Windows Netlogon RCE Vulnerability Prompts Urgent Security Measures

Active Exploitation of Windows Netlogon RCE Vulnerability Prompts Urgent Security Measures

The Centre for Cybersecurity Belgium (CCB) has issued a warning about the active exploitation of a critical Windows Netlogon vulnerability, CVE-2026-41089. This vulnerability, patched by Microsoft in May 2026, involves a stack-based buffer overflow that allows remote code execution on domain controllers. Attackers can exploit this flaw by sending specially crafted network requests, potentially gaining control over affected systems without needing prior access. The vulnerability impacts all supported versions of Windows Server, including the latest release. Despite the patch, the CCB has confirmed that the vulnerability is being exploited in the wild, urging immediate action to patch vulnerable systems.
Rapid Read Rapid Read
Canvas Data Breach Impacts Charlotte-Mecklenburg Students and Employees

Canvas Data Breach Impacts Charlotte-Mecklenburg Students and Employees

A cybersecurity breach involving Instructure, the third-party vendor for Canvas, has affected Charlotte-Mecklenburg Schools (CMS) and millions of users nationwide. Canvas is a learning management system used by students and teachers to access assignments and track grades. The breach occurred within Instructure's system, but CMS's network and internal systems were not compromised. Although personal information may have been involved, there is no indication that sensitive data such as passwords, dates of birth, government identifiers, or financial information were affected. CMS has taken precautionary measures, including reviewing vendor communications and auditing system access, and remains in communication with the North Carolina Department of Public Instruction.
Trendline Trendline
Palo Alto Networks Faces Critical Exploitation of Firewall Vulnerability

Palo Alto Networks Faces Critical Exploitation of Firewall Vulnerability

Palo Alto Networks Faces Critical Exploitation of Firewall Vulnerability