Older posts, still searchable. ← Back to recent posts
Hackers discovered that Meta's AI customer support chatbot would willingly hand over Instagram account access to anyone who asked — no hacking required. Here's how the attack worked and what you can do right now to lock down your account.
Google's June 2026 Android update fixes 124 security vulnerabilities, including one high-severity flaw already being actively exploited in the wild. Here's what the vulnerability does, who's at risk, and a step-by-step guide to updating your Android phone today.
A critical Windows Netlogon flaw rated 9.8 out of 10 is actively being exploited against domain controllers. Here's what small businesses need to do right now — including options for servers that Microsoft no longer officially supports.
A 9.8-rated flaw in Windows Netlogon lets unauthenticated attackers take over domain controllers with a single malformed packet. Here's what it means for your business and the steps to take today.
CVE-2026-0257 lets attackers fake VPN credentials without a password and walk straight into your business network. Rapid7 confirmed active exploitation across multiple customers. Here's what it means and exactly what to do.
A serious authentication bypass flaw in Palo Alto GlobalProtect VPN is being actively exploited — no password required. Here's what small businesses need to know and do right now.
Attackers are exploiting a critical FortiClient EMS vulnerability (CVE-2026-35616) to push a fake Fortinet update that silently harvests passwords, session cookies, and even credit card data from business computers. Here's what the attack looks like and how to protect your organization.
Carnival Corporation confirmed a social engineering attack exposed the personal data of nearly 6 million customers, including passport numbers, dates of birth, and email addresses. Here's what affected passengers need to do right now.
A critical vulnerability in Fortinet's FortiClient EMS (CVE-2026-35616) is being actively exploited to steal browser passwords, cookies, and credit card data — without requiring a single login credential from attackers. Here's what it is, who's affected, and what to do right now.
The FBI has issued an alert about Kali365, a phishing-as-a-service platform that hijacks Microsoft 365 accounts by abusing a legitimate Microsoft login feature — bypassing MFA entirely. Here's how it works and what your business needs to do.
Attackers are exploiting a patched Ghost CMS SQL injection flaw to silently inject malicious JavaScript into hundreds of websites — including university sites — and use them to launch ClickFix malware attacks on unsuspecting visitors. Here's what Ghost CMS is, how to check if your site runs it, and exactly what to do.
A patched Ghost CMS flaw (CVE-2026-26980) is being actively exploited to hijack hundreds of websites — including those linked to Harvard and Oxford — and turn them into malware delivery traps. Here's what site owners must do, and what everyday visitors should watch for.
