- MOVEit automation flaws could enable full system compromise
Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access
- Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South
- U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. Recently, Xint Code researchers warned of a serious Linux
- AI speeds flaw discovery, forcing rapid updates, UK NCSC warns
The UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities, increasing the risk of large-scale exploitation. CTO Ollie Whitehouse says skilled attackers
- Bluekit phishing kit enables automated phishing with 40+ templates and AI tools
Bluekit is a new phishing kit with AI features, automated domain setup, and tools like spoofing, voice cloning, and 40+ attack templates. Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain registration. According to Varonis, it offers over 40 website templates along
- Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses
April 2026 breach at Sistemi Informativi (IBM Italy) raises concerns over Chinese-linked cyber ops in Europe, including Salt Typhoon. In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned by IBM Italy that provides IT infrastructure management for key public and private institutions. The
- Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
English 
Français