Older posts, still searchable. ← Back to recent posts
A single GitHub employee installed a trojanized VS Code extension — and attackers walked away with roughly 3,800 internal repositories. Here's what happened, who's behind it, and how to vet your own extensions before the same thing happens to you.
Two critical web platform threats are converging this week. Drupal is pushing an emergency core security update on May 20, and NGINX is already being actively exploited. If you run either platform, here's exactly what to do right now.
A critical heap buffer overflow flaw in NGINX (CVE-2026-42945) is already being actively exploited just days after disclosure. Here's what it is, why it matters for your business website, and the steps you need to take right now.
Microsoft confirmed active exploitation of Exchange Server zero-day CVE-2026-42897, and CISA has now added it to its Known Exploited Vulnerabilities catalog with a May 29 deadline. Here's what your business needs to do right now.
CVE-2026-42897 is a zero-day actively targeting on-premises Microsoft Exchange servers through Outlook Web Access. No patch exists yet — but mitigations do. Here's your step-by-step emergency guide.
Microsoft has confirmed active exploitation of a new Exchange Server zero-day (CVE-2026-42897) that lets attackers run malicious JavaScript just by getting a user to open a crafted email in Outlook Web Access. No permanent patch exists yet — but mitigations are available now. Here's a step-by-step guide for small businesses.
A maximum-severity authentication bypass flaw in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities catalog with a federal patch deadline of May 17, 2026. Here's what it means for your business and what to do right now.
Microsoft's May 2026 Patch Tuesday is one of the largest in years, patching 138 vulnerabilities including critical DNS, Netlogon, and Word flaws. Here's what they mean for you — and a step-by-step guide to installing the updates right now.
Microsoft's KB5083769 April update and a faulty Dell SupportAssist update are both sending Windows 11 PCs into blue screen loops. Here's how to identify the problem, apply a temporary fix, and decide when to call for help.
For the first time ever, Google's threat researchers caught criminals using AI to build a working cyberattack — a zero-day exploit designed to bypass two-factor authentication at massive scale. Here's what happened, why it matters, and what small businesses and everyday users can do right now.
For the first time, Google has confirmed that cybercriminals used artificial intelligence to develop a zero-day exploit designed for mass attack. Here's what that means for everyday users and small businesses — and what you can do about it.
ShinyHunters breached Instructure's Canvas platform — and kept coming back. Here's what was stolen, which schools were hit, and exactly what parents and students should do right now to protect themselves.
