Older posts, still searchable. ← Back to recent posts
The ShinyHunters extortion group exploited an unpatched Oracle PeopleSoft flaw to steal data from over 100 organizations — 68% of them universities. Here's what the vulnerability is, who's at risk, and what to do right now.
CISA just gave federal agencies until June 11 to patch CVE-2026-50751, a critical Check Point VPN authentication bypass being actively exploited by the Qilin ransomware gang. Here's what that federal deadline means for your business network — and the steps you should take right now.
A Qilin ransomware affiliate is actively exploiting CVE-2026-50751, a critical Check Point VPN flaw that lets attackers bypass passwords entirely. Here's how to check your exposure and stop it.
A critical authentication bypass vulnerability in Check Point VPN is being actively exploited by a Qilin ransomware affiliate. Here's what the flaw is, who's at risk, and the immediate steps to take.
Meta's AI support chatbot handed hackers the keys to Instagram accounts — including the Obama White House and Sephora — by resetting passwords without verifying identity. Here's exactly what to do to protect your account right now.
Meta's AI support assistant was tricked into handing over Instagram accounts belonging to the Obama White House, a U.S. Space Force official, and others. Here's exactly how the attack worked — and the one setting that would have stopped it cold.
Hackers discovered that Meta's AI customer support chatbot would willingly hand over Instagram account access to anyone who asked — no hacking required. Here's how the attack worked and what you can do right now to lock down your account.
CVE-2026-0257 lets attackers fake VPN credentials without a password and walk straight into your business network. Rapid7 confirmed active exploitation across multiple customers. Here's what it means and exactly what to do.
A serious authentication bypass flaw in Palo Alto GlobalProtect VPN is being actively exploited — no password required. Here's what small businesses need to know and do right now.
The FBI has issued an alert about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing a legitimate Microsoft login feature — bypassing MFA entirely. Here's how it works and what your business needs to do.
Attackers are exploiting a patched Ghost CMS SQL injection flaw to silently inject malicious JavaScript into hundreds of websites — including university sites — and use them to launch ClickFix malware attacks on unsuspecting visitors. Here's what Ghost CMS is, how to check if your site runs it, and exactly what to do.
A patched Ghost CMS flaw (CVE-2026-26980) is being actively exploited to hijack hundreds of websites — including those linked to Harvard and Oxford — and turn them into malware delivery traps. Here's what site owners must do, and what everyday visitors should watch for.
