Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

Apple shares iPhone and Mac post-quantum cryptography code on GitHub

Apple today published new corecrypto source code on GitHub, alongside a detailed technical post explaining the intricate work behind its post-quantum cryptography efforts.
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
Hosted on MSN

Patch AM: Tell your story - creating an oral history and 12 more events

Good morning Burke! We're back again in your inbox, keeping you updated with what's happening in and around town. ☀️ Before we get to what's happening, a big thank you 👏👏👏 to these businesses for ...
Microsoft

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

Microsoft Defender is investigating a high-severity local privilege escalation vulnerability (CVE-2026-31431) affecting multiple major Linux distributions including Red Hat, SUSE, Ubuntu, and AWS ...
TechRepublic

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users. A Windows patch closed one door but left another cracked ...
Dark Reading

'TrustFall' Convention Exposes Claude Code Execution Risk

Developers using the latest versions of AI coding tools like Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI could inadvertently execute malicious code on their systems with a single keypress, or ...
Bleeping Computer

Palo Alto Networks warns of firewall RCE zero-day exploited in attacks

Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. Also known as the Captive Portal, ...
SecurityWeek

Oracle Debuts Monthly Critical Security Patch Updates

Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. Starting this month, Oracle is supplementing the quarterly Critical Patch ...
FedScoop

ICE drives AI use case growth within Homeland Security

ICE agents leave a residence after knocking on the door on Jan. 28, 2026 in Minneapolis, Minnesota. The U.S. Department of Homeland Security continues its immigration enforcement operations after two ...