FortiClient EMS CVE-2026-35616: Fake Patch Pushes EKZ Infostealer
Attackers are abusing FortiClient EMS CVE-2026-35616 to push a fake Fortinet endpoint patch that steals browser passwords, cookies, and autofill data from managed Windows...
Scam library
Phishing Scams: Tips to Spot and Prevent
Recent phishing, fake store, and scam website reports, arranged for quick checking without oversized preview images.
Palo Alto PAN-OS CVE-2026-0257: GlobalProtect VPN Bypass Is Exploited
CVE-2026-0257 lets attackers bypass GlobalProtect restrictions on exposed PAN-OS portals and gateways when authentication override cookies are misconfigured. Palo Alto confirms limited exploitation.
GPU Mining Malware Uses SEO Poisoning and AI Chatbots to Reach Windows Users
Microsoft says an active GPU mining malware campaign is using poisoned search results, AI chatbot recommendations, fake utility downloads, ScreenConnect, and Defender exclusions.
Nx Console CVE-2026-48027: Poisoned VS Code Extension Stole Developer Secrets
CISA added Nx Console CVE-2026-48027 to KEV after attackers briefly shipped a malicious Nx Console 18.95.0 extension that harvested developer credentials.
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited for Root Access
CISA added LiteSpeed cPanel Plugin CVE-2026-48172 to KEV after active exploitation. Update to the fixed WHM/cPanel plugin bundle and check logs for redisAble abuse.
KnowledgeDeliver CVE-2026-5426: Zero-Day RCE Used to Drop Godzilla Web Shell
KnowledgeDeliver CVE-2026-5426 was exploited as a zero-day through shared ASP.NET machine keys. Rotate keys, restrict exposure, and hunt IIS logs for ViewState abuse.
Ghost CMS CVE-2026-26980 Exploited to Inject ClickFix Malware
Ghost CMS CVE-2026-26980 is being exploited to steal Admin API keys, inject malicious JavaScript into posts, and send visitors to ClickFix/FakeCaptcha malware pages.
Laravel-Lang Composer Packages Hijacked to Drop Credential Stealer
Laravel-Lang Composer packages were hijacked through rewritten GitHub tags to load a credential stealer. Check composer.lock, src/helpers.php, autoload.files, and rotate exposed CI secrets.
Drupal Core CVE-2026-9082 SQL Injection Is Being Exploited
Drupal Core CVE-2026-9082 is a PostgreSQL-only SQL injection flaw now listed in CISA KEV. Patch affected Drupal branches and check logs for exploit attempts.
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited in Attacks
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 are exploited in attacks. Check Engine 1.1.26040.8, Platform 4.18.26040.7, and update endpoints before the CISA KEV deadline.
SonicWall Gen6 CVE-2024-12802 MFA Bypass Still Enables VPN Attacks
Attackers are bypassing MFA on SonicWall Gen6 SSL-VPN devices where CVE-2024-12802 remediation was incomplete. Disable LDAP UPN login, check VPN logs, and replace unsupported...
ChromaDB CVE-2026-45829: Pre-Auth RCE Risk in Python Server
ChromaDB CVE-2026-45829, dubbed ChromaToast, can let an unauthenticated attacker execute code through malicious embedding model loading before authentication checks run.
