CERT-In ordered 12-hour patching for critical internet-facing flaws as AI-driven attacks accelerate cyber exploitation.

MuddyWater targeted 9 organizations in 9 countries during Q1 2026, using DLL side-loading to steal data and evade detection.

Microsoft released fixes for SharePoint remote code execution vulnerability CVE-2026-45659 with a CVSS score of 8.8.

Nimbus Manticore used AI-assisted MiniFast malware in 2026 campaigns, expanding espionage through SEO poisoning and phishing.

MFA prompt bombing enabled Cisco attackers to steal 2.8GB in 2022, exposing push MFA weaknesses and account takeover risks.

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ...

Lazarus deployed RemotePE against crypto firms using memory-only malware, enabling stealthy long-term financial intrusions.

AI-powered NDR improved security accuracy from 26% to 95%, reducing false positives and accelerating SOC threat response.