China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

June 1, 2026 at 05:24PM A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and…

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

June 1, 2026 at 05:00PM Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCIS…

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

June 1, 2026 at 03:01PM Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targ…

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

June 1, 2026 at 02:15PM Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPr…

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

May 31, 2026 at 05:52PM Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, inc…

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

May 30, 2026 at 12:11PM Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS an…

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

May 29, 2026 at 11:37PM Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the …

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

May 29, 2026 at 04:00PM Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something b…

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

May 29, 2026 at 02:41PM Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software dev…

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

May 29, 2026 at 11:27AM The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed …

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

May 28, 2026 at 10:54PM A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git servi…

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

May 28, 2026 at 07:03PM Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spin…