The Cybersecurity and Infrastructure Security Agency (CISA) has officially closed ten Emergency Directives after determining that required remediation actions have been completed or are now enforced through broader federal vulnerability management policies. The directives, which span incidents and vulnerabilities disclosed…
Trend Micro has rolled out security updates to fix several serious flaws affecting on-premise deployments of Apex Central for Windows. Among them is a critical vulnerability that could allow attackers to execute malicious code with the highest system privileges. The…
As organizations prepare for 2026, cybersecurity predictions are everywhere. But many of these outlooks are shaped by headlines and speculation rather than solid evidence. The real challenge is no longer finding predictions. It is figuring out which ones point to…
Researchers uncovered a phishing setup that relies on a concealed HTML form element containing a webhook[.]site URL. JavaScript embedded in the page quietly sends a “page opened” signal, captures any credentials entered by the victim, and forwards them to the…
If you’re using the @adonisjs/bodyparser npm package, you should update to the latest version. A newly disclosed high-severity vulnerability could allow a remote attacker to write arbitrary files on your server if they can reach a file upload endpoint. The…
n8n recently introduced a task runner-based native Python option to improve security isolation. This feature first appeared in version 1.111.0 as an optional setting and could be turned on using the environment variables N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER. With the release of…
Several popular AI-driven code editors built on Visual Studio Code are raising new supply-chain security concerns after researchers found they recommend extensions that don’t actually exist in the Open VSX registry. The affected tools include VS Code forks such as…
There was a time when identity lived in one place. A single LDAP directory, an HR database, or one IAM portal handled who could access what. That reality is gone. Today, identities are scattered across SaaS platforms, on-prem systems, cloud…
I want to draw attention to a new malware campaign security researchers are tracking under the name PHALT#BLYX, which is actively targeting organizations in the European hospitality sector. According to findings from Securonix, the campaign relies on ClickFix-style social engineering…
I want to flag a serious security issue affecting the TOTOLINK EX200 wireless range extender that hasn’t received a fix and could leave devices fully exposed. The vulnerability was disclosed by the CERT Coordination Center and allows a remote attacker…
