Tech & SaaS

Swagger.json Scans Detected

Scans for swagger.json files have been detected, indicating potential reconnaissance for vulnerable web services. This activity may affect enterprise applications using web services. Users should monitor their systems for suspicious activity and ensure proper security measures are in place.

Malware Distribution via Fake Software Sites

Researchers have uncovered a malware distribution ecosystem that uses fake software websites to trick users into downloading malicious software. Users searching for popular software on Google may be affected, and are advised to verify the authenticity of websites before downloading. This

WordPress Plugin Vulnerabilities

Threat actors are exploiting vulnerabilities in Kirki and Burst Statistics WordPress plugins to gain elevated privileges and take control of websites. WordPress users with these plugins are at risk. Immediate update and patching are recommended to prevent exploitation.

GitHub OAuth Token Theft

A one-click attack via Microsoft Visual Studio Code (VS Code) can steal a user's GitHub token, potentially allowing access to private repositories. Users who have linked their GitHub account to VS Code are affected. To mitigate the

AI-Driven Worm Targets Networks

Researchers have developed a proof-of-concept AI-driven worm that can analyze and attack corporate networks using a small language model. This worm can create strategies on the fly, potentially affecting any network with vulnerable machines. Organizations should review their security measures to prevent such attacks.

Linux Kernel Vulner

A Linux kernel vulnerability has been exploited, allowing attackers to escalate privileges and escape containers. Linux users and organizations are at risk and should update their systems immediately to prevent exploitation. Patching is necessary to prevent unauthorized access and potential data breaches.

Octopus Deploy Vulnerability

A vulnerability in Octopus Deploy allows a remote, authenticated attacker to manipulate server configurations, potentially affecting users of the deployment tool. Affected users should

Apache MINA

A critical deserialization vulnerability has been discovered in Apache MINA, allowing attackers to bypass the allow-list via resolveProxyClass. Users of Apache MINA are affected and should update to the latest version to mitigate the issue. The vulnerability has been fully addressed in recent updates.

SQL Injection in WordPress Plugin

A SQL injection vulnerability has been discovered in the WordPress School Management plugin, affecting versions up to 93.2.0. Users of this plugin are advised to update to a patched version to prevent potential data breaches. The vulnerability allows attackers to inject malicious SQL code, potentially leading to unauthorized data access.

WordPress Plugin Vulnerability

A privilege escalation vulnerability has been discovered in the WordPress School Management plugin, affecting versions up to 93.2.0. Users of this plugin are at risk of unauthorized access and should update immediately. The vulnerability allows attackers to exploit incorrect privilege assignments.

WordPress Plugin Vulnerability

A critical vulnerability has been detected in the Mojoomla School Management Plugin up to version 93.2

Apache MINA Des

A critical vulnerability has been discovered in Apache MINA, affecting versions up to 2.0.28/2.1.12/2.2.7, allowing remote deserialization attacks. Users of these versions are at risk. It is recommended to upgrade the affected component to prevent exploitation.

WordPress Plugin Vulnerability

A critical vulnerability has been discovered in the Mojoomla School Management Plugin for WordPress, affecting an unknown part of the plugin and allowing for SQL injection attacks. Users of

CISA Adds Android, Linux Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has added Android and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting users of these operating systems. Affected parties should prioritize patching and updating their systems to mitigate potential exploitation. Immediate action is recommended to prevent attacks.

Sitefinity Vulnerabilities

Progress Software Sitefinity has multiple vulnerabilities that can be exploited by a remote, anonymous attacker to bypass security measures and compromise confidentiality, integrity, and availability. Users of Sitefinity are affected and should take immediate action

Devolutions Server Vulnerabilities

A remote, authenticated attacker can exploit multiple vulnerabilities in Devolutions Server to bypass security measures and manipulate

Windows Search URI Vulnerability

An unpatched vulnerability in the Windows Search URI handler allows attackers to steal NTLMv2 hashes, potentially affecting all Windows users. The issue is similar to a

Microsoft Clarifies Zero-Day Disclosure Policy

Microsoft has responded to criticism over its handling of zero-day vulnerability disclosures, after threatening legal action against researchers who publicly disclosed unpatched vulnerabilities without prior

Android Flaw Patched

Google has released security updates for Android, patching 124 vulnerabilities, including an actively exploited privilege escalation bug. The bug, tracked as CVE-2025-48595, affects millions of devices and is linked to targeted attacks. Users should apply the June 2026 Android security updates to protect their devices.

mlflow/mlflow Env Var Vuln

A critical vulnerability in mlflow/mlflow allows attackers to exfiltrate sensitive server-side environment credentials. Users of versions prior to 3.11.0 are affected, and should update to the latest version to mitigate the issue. This vulnerability can be exploited by low-privileged authenticated users or unauthenticated users in default deployments.