One of the most trusted HTTP client libraries in the JavaScript ecosystem was weaponized by a North Korea-nexus actor to […]
North Korean UNC1069 attributed to Axios npm supply chain compromise Read More »
A critical pre-authentication remote code execution vulnerability in the Marimo reactive notebook framework is currently being exploited to compromise AI
Critical Marimo AI notebook pre-auth RCE vulnerability under active exploitation Read More »
Attackers are industrializing the exploitation of a memory overread flaw to hijack enterprise sessions and bypass multi-factor authentication. This vulnerability
Active exploitation of Citrix NetScaler memory disclosure flaw surging globally Read More »
A critical pre-authentication remote code execution vulnerability in the Marimo reactive notebook framework is currently being exploited to compromise AI
Critical Marimo AI notebook pre-auth RCE vulnerability under active exploitation Read More »
Attackers have significantly ramped up exploitation of a critical zero-day vulnerability in endpoint management infrastructure. This improper access control flaw
Fortinet FortiClient EMS zero-day exploitation surges as hotfix deployment lags Read More »
A large-scale automated campaign is currently exploiting a critical pre-authentication RCE in Next.js applications to siphon credentials from cloud-native environments.
React2Shell campaign achieves industrial scale with NEXUS Listener command center Read More »
State-sponsored threat actors are bypassing endpoint security controls by compromising legacy network hardware to steal cloud authentication tokens. This campaign
Russian Forest Blizzard APT hijacks 18,000 routers to siphon Microsoft Office tokens Read More »
A critical supply chain compromise has impacted the official distribution site for @[CPUID](urn:li:organization:12345) utilities. Attackers successfully weaponized an internal API
CPUID API compromise leads to malware distribution via CPU-Z and HWMonitor Read More »
A critical remote code execution vulnerability has been identified in a legacy management component of Apache ActiveMQ Classic. Automated scanning
Decade-old Apache ActiveMQ RCE vulnerability targeted in mass scanning campaign Read More »
A sophisticated zero-day vulnerability in @[Adobe](urn:li:organization:1480) Reader is being weaponized in a targeted campaign that has remained active and undetected
Adobe Reader zero-day exploit used in targeted energy sector espionage since 2025 Read More »
