Category: News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. Tracked as CVE-2026-48172, this privilege escalation vulnerability is related to the mishandling of Redis enable/disable features and was found […]

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems from the use of a shared hardcoded machine key in the web portal configuration across all […]

U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter Communications is one of the largest broadband providers in the United States, serving tens of millions of residential and business customers through its Spectrum brand. In a […]

Varonis announced an integration with the Claude Compliance API, bringing Claude Enterprise and Claude Platform activity into Varonis’ Atlas AI Security Platform.  Organizations across industries rely on Claude Enterprise for day-to-day knowledge work and analysis, and Claude Platform to build, deploy, and operate applications, tools, and AI agents. Varonis Atlas provides the visibility and oversight that enterprises need to adopt AI […]

Network incidents often force IT teams to move between monitoring dashboards, infrastructure tools, ticketing platforms, identity systems, and communication platforms just to understand what happened and coordinate a response. On June 2, 2026, BleepingComputer will host a live webinar titled “From alert to resolution: Fixing the gaps in network incident response” with Edgar Ortiz, a […]

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. Founded in 1927, 7-Eleven now operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 stores in the U.S. and […]

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA, Kali365 first emerged in April 2026 and is distributed via Telegram channels for cybercriminals seeking an easier […]

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was discovered by XLab threat intelligence researchers at Chinese cybersecurity company Qianxin, who confirmed impact on more than 700 domains, including university portals, AI/SaaS companies, media outlets, fintech firms, […]