Stay informed about the latest cybersecurity threats, tech news, and tips to keep your devices safe.
CISA has added the critical Drupal SQL injection flaw CVE-2026-9082 to its Known Exploited Vulnerabilities catalog, with over 15,000 attack attempts already recorded. Here's exactly how to check if your website is vulnerable and what to do immediately.
A critical SQL injection flaw in Drupal Core is under active attack just 48 hours after patching. CISA added it to its Known Exploited Vulnerabilities catalog, and over 15,000 attacks have already been observed. If your website runs Drupal on PostgreSQL, here's what you need to know right now.
GitHub confirmed that a single employee installing a malicious VS Code extension led to the theft of ~3,800 internal repositories. Here's what happened, who's behind it, and the practical steps every developer and small business should take to protect their code and tools.
A single GitHub employee installed a trojanized VS Code extension — and attackers walked away with roughly 3,800 internal repositories. Here's what happened, who's behind it, and how to vet your own extensions before the same thing happens to you.
Two critical web platform threats are converging this week. Drupal is pushing an emergency core security update on May 20, and NGINX is already being actively exploited. If you run either platform, here's exactly what to do right now.
A critical heap buffer overflow flaw in NGINX (CVE-2026-42945) is already being actively exploited just days after disclosure. Here's what it is, why it matters for your business website, and the steps you need to take right now.
Microsoft confirmed active exploitation of Exchange Server zero-day CVE-2026-42897, and CISA has now added it to its Known Exploited Vulnerabilities catalog with a May 29 deadline. Here's what your business needs to do right now.
CVE-2026-42897 is a zero-day actively targeting on-premises Microsoft Exchange servers through Outlook Web Access. No patch exists yet — but mitigations do. Here's your step-by-step emergency guide.
Microsoft has confirmed active exploitation of a new Exchange Server zero-day (CVE-2026-42897) that lets attackers run malicious JavaScript just by getting a user to open a crafted email in Outlook Web Access. No permanent patch exists yet — but mitigations are available now. Here's a step-by-step guide for small businesses.
A maximum-severity authentication bypass flaw in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities catalog with a federal patch deadline of May 17, 2026. Here's what it means for your business and what to do right now.
Microsoft's May 2026 Patch Tuesday is one of the largest in years, patching 138 vulnerabilities including critical DNS, Netlogon, and Word flaws. Here's what they mean for you — and a step-by-step guide to installing the updates right now.
For the first time ever, Google's threat researchers caught criminals using AI to build a working cyberattack — a zero-day exploit designed to bypass two-factor authentication at massive scale. Here's what happened, why it matters, and what small businesses and everyday users can do right now.
