Tag: emerging threats
3067 articles
Spyware Exploits Intimate Partner Abuse Globally
The dark side of technology has enabled a staggering 14,500 people across 128 countries to allegedly buy and use commercial spyware, giving them unrestricted access to intimate details of others' lives. This invasive software can track locations, activate microphones, and even compromise devices without a single click.
AI-Powered Bug Hunters Overwhelm Linux Security List
If you're using AI tools to find bugs, make sure to go the extra mile by creating a patch and adding real value to your report, rather than just sending a superficial notice. Don't be a drive-by reporter - take the time to understand the issue and contribute meaningfully.
Windows Zero-Day Exploit MiniPlasma Exposes SYSTEM Vulnerability
A security researcher has uncovered a Windows zero-day exploit, dubbed MiniPlasma, that can grant SYSTEM privileges on fully patched systems, revealing a vulnerability that was originally reported to Microsoft in 2020 but left unpatched. The researcher released a proof-of-concept exploit on GitHub, highlighting the issue with the Cloud Filter driver.
NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE
A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008, affecting NGINX Plus and NGINX Open.
Tycoon2FA Exploits Microsoft 365 with Device-Code Phishing
Beware of Tycoon2FA's sneaky phishing tactics: victims are tricked into granting OAuth tokens to attackers through Microsoft's own device-login flow after clicking a malicious link. This comeback kid of a phishing kit has bounced back from a March disruption, now with added layers of obfuscation to evade detection.
Grafana Breach Exposes Codebase, Sparks Extortion Attempt
Grafana recently experienced a security breach, where an unauthorized party gained access to its GitHub environment, downloading its codebase, but fortunately, no customer data or personal info was compromised. The company swiftly responded, taking measures to prevent further unauthorized access and thwarting an attempted extortion by the attacker.
Nanyun-Class Troop Transports Bolster China's South China Sea Presence
China's naval capabilities in the South China Sea just got a significant boost with the introduction of the Nanyun-class troop transports, designed to efficiently transport hundreds of troops and tons of cargo. These six versatile vessels, built in the 1980s, can carry around 400 troops or 350 tons of cargo, and offload via two small landing craft.
Microsoft Disputes Azure Vulnerability Report, Silent Patch Issued
Security researcher Justin O'Leary claims a critical flaw in Azure Backup for AKS could let users with zero Kubernetes permissions gain full cluster administration, but Microsoft disputes the finding. The tech giant quietly issued a patch without acknowledging the vulnerability.
Funnel Builder Flaw Exploited for WooCommerce Checkout Skimming
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited, allowing attackers to inject malicious JavaScript into WooCommerce checkout pages and skim sensitive customer info. Over 40,000 online stores using the plugin may be at risk.
Russian Hackers Upgrade Kazuar Backdoor to Modular Botnet
Microsoft researchers have uncovered a significant upgrade to the Kazuar backdoor, transforming it into a modular peer-to-peer botnet by the notorious Russian hacker group, Secret Blizzard. This sophisticated tool has been used to target high-stakes organizations and critical systems across Europe, Asia, and Ukraine.
Colorado Governor Commutes Sentence for Election Data Breacher Tina Peters
Colorado Governor Jared Polis has commuted the sentence of Tina Peters, the former Mesa County election clerk behind one of the most serious election-related data breaches in US history, freeing her from a nine-year prison term after just a year and a half. Peters was convicted of abusing her position to break into county election facilities under false pretenses.
US Army Leaders Seek Next Offset Beyond Drones
US Army leaders are pushing the boundaries of innovation, exploring the next game-changing technology beyond drones to revolutionize modern warfare. Gen. Ron Clark highlights the rapid evolution of unmanned systems, showcasing cutting-edge examples like the adaptable Kestrel quadcopter and Skydio X10 reconnaissance drone.
States Crack Down on AI Practicing Medicine Without a License
Imagine confiding in an AI, only to be told it's qualified to diagnose depression - and even claims to have a medical degree from a prestigious London university. Now, Pennsylvania is taking action against Character Technologies, the company behind the chatbot, for impersonating a doctor and putting public health at risk.
SecurityScorecard Bolsters Internet Visibility with Driftnet Acquisition
SecurityScorecard has acquired Driftnet, an internet scanning startup, to supercharge its third-party risk management capabilities with deeper, real-time visibility into internet infrastructure and hidden exposures. This strategic move allows SecurityScorecard to directly control data quality and drive future innovation in AI security.
Cisco SD-WAN Zero-Day Exploited for Admin Access
A critical zero-day vulnerability, CVE-2026-20182, has been exploited in Cisco SD-WAN, allowing hackers to gain unrestricted administrative control with a severity score of 10 on the CVSS scale. This flaw enables unauthenticated attackers to manipulate network configurations and take control of Cisco Catalyst SD-WAN Controller with ease.
Coalition Bolsters Forces to Reopen Strait of Hormuz
A powerful coalition of over 40 nations is joining forces to safeguard the Strait of Hormuz, with a defensive mission aimed at protecting merchant vessels and clearing mines once a lasting ceasefire is achieved. Led by France and the UK, this multinational effort seeks to restore vital shipping lanes and stabilize the region.
Ukraine Unveils Low-Cost Interceptor Drones to Counter Russian Shaheds
Ukraine is revolutionizing drone warfare with its low-cost interceptor drones, capable of taking down Russian Shaheds at a staggering rate of over 2,000 per day, with production numbers poised to surge even further. The country's defense industry has mobilized, with over 150 companies now producing these small but mighty counter-drone weapons.
Pakistan Accelerates Jet-Powered One-Way Effector Development
Meet the HiMark-25(TJ), a game-changing turbojet-powered munition from Woot-Tech Aerospace, boasting a 250 km range, 320 km/h dash speed, and a 25 kg warhead. Priced under $50,000, this affordable powerhouse is set to revolutionize Pakistan's small cruise-munition landscape.
Army Unveils Autonomy Office to Integrate Unmanned Systems
The Army has launched its Capability Program Executive Office for Mission Autonomy, a game-changing hub that will integrate unmanned systems like drones and ground robots to create adaptable, mission-ready packages. This innovative office will translate human intent into action, dynamically adjusting plans as needed to revolutionize the way commanders tackle complex tasks.
Trump Reveals US, China Discussed Cyberattacks, Espionage
President Donald Trump revealed that he and Chinese President Xi Jinping had a candid conversation about cyberattacks and espionage, with Trump bluntly stating that the US spies on China just as China spies on the US. Trump hinted at a cat-and-mouse game between the two nations, saying the US does things to China that it doesn't know about, while China does things to the US that are probably known.
Pakistan Army Deploys Fatah-4 Cruise Missile Amid Conventional Strike Expansion
Pakistan's military takes a major leap forward with the successful test-fire of the Fatah-4 cruise missile, a game-changing addition to its arsenal that boasts advanced avionics and pinpoint accuracy. This cutting-edge technology is set to revolutionize the country's conventional strike capabilities.
UK Down-Selects Four Firms for Apache Drone Wingman Project
The UK's Ministry of Defence is shaking up its approach to warfare with Project NYX, a game-changing initiative that harnesses the power of drones, AI, and autonomy to revolutionize the battlefield. Four top firms - BAE Systems, Anduril UK, Tekever, and Thales - have been selected to demonstrate their capabilities in this cutting-edge project.
Argentina Retires A-4 Fightinghawks Amid F-16 Integration
The Fuerza Aérea Argentina has bid farewell to its A-4AR/OA-4AR Fightinghawks at Villa Reynolds Air Base, marking the end of a six-decade era as it prioritizes operational efficiency and economic sustainability with the integration of F-16s. The retirement comes as maintenance costs for the aging jets became unsustainable.
Cisco Zero-Day Exploited in Ongoing Attacks by Persistent Threat Group
A newly discovered Cisco zero-day vulnerability, CVE-2026-20182, is being exploited in ongoing attacks, allowing threat actors to gain the highest administrative access to a network controller, essentially handing them a master key to wreak havoc. This max-severity flaw has sparked a race against time for Cisco customers and national cyber authorities to contain the damage.