SonicWall SMA1000 Zero-Days Under Active Attack: Perfect-10 Flaw Chained for Root Access
Attackers were exploiting a maximum-severity SonicWall SMA1000 flaw before the vendor's advisory even landed, chaining it with a privilege-escalation bug to seize root and pivot into corporate Active...
Critical 7-Zip Flaw Lets Booby-Trapped Archives Hijack Your System
A newly patched 7-Zip vulnerability lets attackers achieve remote code execution simply by getting a victim to open a maliciously crafted compressed file. With 7-Zip installed on millions...
CISA Sounds Alarm as Attackers Exploit Critical FortiSandbox Command Injection Flaws
CISA has confirmed active exploitation of two OS command injection vulnerabilities in Fortinet's FortiSandbox product line, adding both to its Known Exploited Vulnerabilities catalog and giving federal agencies...
Scattered Spider Duo Sentenced Over £29 Million Transport for London Cyberattack
Two young members of the Scattered Spider hacking collective have been jailed for over five years each after a 2024 breach knocked out 148 Transport for London systems...
Accenture Data Breach: Hackers Claim Theft of 35 GB of Source Code and Azure Credentials
A threat actor known as "888" claims to have stolen 35 GB of Accenture source code, RSA/SSH keys, and Azure access tokens, offering the data for sale in...
The Gentlemen Ransomware: Custom EDR/AV Killers Fuel Rapid Global Expansion
The Gentlemen ransomware group, tracked by Microsoft as Storm-2697, has claimed over 500 victims in 70+ countries using a custom EDR/AV-killing toolkit called GentleKiller and a self-propagating worm...
GitLost: How a Single GitHub Issue Can Trick AI Agents Into Leaking Private Repos
Researchers at Noma Labs disclosed GitLost, a prompt-injection flaw that let a single crafted GitHub Issue trick AI-powered Agentic Workflows into leaking private repository contents publicly, using a...
Rogue Agent: Critical GCP Dialogflow Flaw Let Attackers Inject Malicious Code Into AI Chatbots
Varonis Threat Labs disclosed a critical Dialogflow CX flaw, dubbed Rogue Agent, that let attackers with a single edit permission inject persistent malicious code into shared chatbot execution...