Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

June 20, 2026 at 03:26PM Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin…

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

June 20, 2026 at 12:03AM The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of…

Forget Data Leakage: Shadow AI's Real Threat Is Access Control

June 19, 2026 at 04:00PM The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive d…

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

June 19, 2026 at 02:33PM Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in res…

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

June 19, 2026 at 12:06PM Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that cou…

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

June 18, 2026 at 11:02PM F5 has released security updates to address two critical security flaws in NGINX Open Source that could …

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

June 18, 2026 at 05:28PM If an autonomous AI agent interacts with your company's core intellectual property today, can your s…

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

June 18, 2026 at 04:30PM An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the…

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

June 17, 2026 at 11:06PM Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day…

144 Mastra npm Packages Compromised via Hijacked Contributor Account

June 17, 2026 at 01:08PM As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open…

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 17, 2026 at 11:20AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity sec…

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 17, 2026 at 12:35AM A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's pro…