Joomla iCagenda, Balbooa Forms Flaws Exploited as Zero-Days
CISA adds CVE-2026-48939 and CVE-2026-56291 to KEV after attackers weaponized iCagenda and Balbooa Forms file upload bugs before patches existed. Federal deadline is July 13.
CISA adds CVE-2026-48939 and CVE-2026-56291 to KEV after attackers weaponized iCagenda and Balbooa Forms file upload bugs before patches existed. Federal deadline is July 13.
Cybernews researchers discovered 8.3TB of stolen credentials—usernames, passwords, session tokens—in an unprotected database. Data came from 36 sources including infostealer logs and Telegram channels.
Proofpoint tracks UNK_MassTraction exploiting Roundcube flaws to target US and Canadian university physics departments. VShell post-exploitation tool deployed for persistent access.
OpenSSH 10.4 fixes eight security vulnerabilities including sftp/scp file redirection bugs and client-side use-after-free. Experimental ML-DSA post-quantum signatures debut.
University researchers found critical security flaws in 281 popular Google Play VPN apps with 2.4 billion installs. 29 apps leak DNS queries, 61 transmit data in cleartext.
Hackers compromised Injective Labs' GitHub repo to push malicious npm packages that steal cryptocurrency wallet keys. 18 packages affected, detected within an hour.
Group-IB reveals RedHook banking trojan now exploits Android's Wireless Debugging to gain shell privileges without rooting. Active in Southeast Asia with 53 remote commands.
A misconfigured hacker server exposed 22 days of logs revealing a webshell access-brokerage operation that compromised over 25,000 WordPress sites using 27 weaponized CVEs.
Zimbra urges immediate patching for a stored XSS flaw in Classic Web Client that executes malicious code when users open crafted emails. Google TAG reported the vulnerability.
Researchers demonstrate how malicious instructions hidden in PNG images can hijack AI coding assistants to exfiltrate credentials. Claude Code resisted the attack while Cursor and others complied.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.