Cisco Patches Critical CVE-2026-20223 Vulnerability in Secure Workload Allowing Site Admin Privilege Compromise via REST API

279/69 Friday, May 22, 2026 Cisco has released security updates to address a maximum-severity vulnerability in Cisco Secure Workload, tracked as CVE-2026-20223 (CVSS 10.0). The vulnerability is caused by insufficient authentication and authorization validation in an internal REST API, allowing unauthenticated remote attackers to send specially crafted API requests to affected endpoints. If successfully exploited, […]

sittisak mintaboon

May 22, 2026

Verizon DBIR Report Reveals AI Assisted Exploitation and Cyberattacks in 31% of Recent Data Breaches

278/69 Friday, May 22, 2026 The Verizon Data Breach Investigations Report 2026 (DBIR 2026) reveals that artificial intelligence (AI) is playing an increasingly significant role in accelerating cyberattacks, particularly in the discovery, analysis, and exploitation of software vulnerabilities. According to the report, attackers are now able to compromise systems within hours instead of the months […]

sittisak mintaboon

May 22, 2026

Attackers Exploit SonicWall VPN Vulnerability to Bypass MFA After Incomplete Security Configuration Updates

277/69 Friday, May 22, 2026 Reports indicate that threat actors are actively exploiting CVE-2024-12802 in SonicWall Gen6 SSL-VPN appliances to bypass multi-factor authentication (MFA). The attacks primarily affect organizations that updated their firmware to patch the vulnerability but failed to fully complete the required manual configuration changes. The flaw allows attackers who already possess valid […]

sittisak mintaboon

May 22, 2026

Anthropic Patches Claude Code Vulnerability That Could Bypass Sandbox Restrictions

276/69 Thursday, May 21, 2026 Security researchers have disclosed that Anthropic has patched a vulnerability in Claude Code that could allow attackers to bypass network sandbox restrictions. The issue affected the mechanism responsible for controlling outbound network connections in Claude Code. Under normal conditions, all outbound traffic is forced through a local allowlist proxy, automatically […]

sittisak mintaboon

May 21, 2026

GitHub Confirms Data Breach Caused by Malicious VS Code Extension, Impacting Over 3,800 Repositories

275/69 Thursday, May 21, 2026 GitHub has confirmed a cybersecurity incident involving unauthorized access to the company’s internal repositories after an employee installed a malicious extension on Visual Studio Code (VS Code). According to the company, the attacker was able to access and exfiltrate data from approximately 3,800 internal repositories. GitHub stated that the malicious […]

sittisak mintaboon

May 21, 2026

Critical ChromaDB Vulnerability Could Allow Attackers to Take Over Servers

274/69 Thursday, May 21, 2026 Cybersecurity researchers from HiddenLayer have disclosed a critical vulnerability tracked as CVE-2026-45829 affecting ChromaDB, a popular open-source vector database widely used in artificial intelligence (AI) and large language model (LLM) applications. The vulnerability could allow unauthenticated attackers to execute arbitrary code on internet-exposed servers running vulnerable instances of ChromaDB. Due […]

sittisak mintaboon

May 21, 2026

INTERPOL Launches Operation Ramz to Dismantle Phishing and Malware Infrastructure Across 13 Countries

273/69 Wednesday, May 20, 2026 INTERPOL has announced the results of Operation Ramz, a major cybercrime crackdown targeting phishing, malware, and online fraud infrastructure across the Middle East and North Africa (MENA) region. Conducted between October 2025 and February 28, 2026, the operation led to the arrest of 201 suspects and the identification of an […]

sittisak mintaboon

May 20, 2026

7-Eleven U.S. Confirms Data Breach After ShinyHunters Claims Theft of Salesforce Data

272/69 Wednesday, May 20, 2026 7-Eleven (United States) has confirmed a cybersecurity incident after the cybercriminal group ShinyHunters claimed it had accessed and stolen more than 600,000 records from the company’s Salesforce systems. The allegedly stolen data reportedly includes personally identifiable information (PII) and internal corporate information. The attackers stated on their Tor-based data leak […]

sittisak mintaboon

May 20, 2026

New Reaper Malware Variant Targets macOS Users Using Fake Domains to Steal Credentials and Deploy Persistent Backdoors

271/69 Wednesday, May 20, 2026 Cybersecurity researchers from SentinelLABS have discovered a new macOS-focused infostealer malware known as Reaper. Reports indicate that the malware is capable of bypassing detection mechanisms and the latest security protections in macOS Tahoe 26.4. The threat is particularly concerning because Reaper not only steals passwords and cryptocurrency assets, but also […]

sittisak mintaboon

May 20, 2026

Microsoft Confirms May Security Update Installation Failures on Some Windows 11 Systems, Administrators Urged to Investigate

270/69 Tuesday, May 19, 2026 Microsoft has confirmed an issue affecting the installation of the May 2026 security update for Windows 11, identified as KB5089549. The issue may cause update installations to fail on some systems, with affected devices displaying error code 0x800f0922 and rolling back changes during the restart process. Users commonly encounter the […]

sittisak mintaboon

May 19, 2026
1 11 12 13 103