On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a…
Tag: EN
ZOLL ePCR IOS Mobile Application
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7…
AVEVA PI to CONNECT Agent
View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT Agent <=v2.4.2520 (CVE-2026-1495) CVSS Vendor Equipment Vulnerabilities v3…
AVEVA PI Data Archive
View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of AVEVA PI Data Archive are affected: PI Data Archive PI Server <=2018_SP3_Patch_7 (CVE-2026-1507) PI Data Archive PI Server 2023 (CVE-2026-1507) PI Data…
Yokogawa FAST/TOOLS
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa…
Vega Raises $120M in Series B Funding to Grow Security Analytics Platform
Led by existing investor Accel, with participation from Cyberstarts, Redpoint, and CRV, the Series B round brings the total amount raised by the company to $185 million. The post Vega Raises $120M in Series B Funding to Grow Security Analytics…
Reco Raises $30 Million to Enhance AI SaaS Security
This investment comes less than 10 months after Reco’s last raise, bringing total funding to $85 million. The post Reco Raises $30 Million to Enhance AI SaaS Security appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Singapore says China-backed hackers targeted its four largest phone companies
The Singaporean government said the China-backed hackers gained “limited access to critical systems” run by the country’s top four telecommunication giants, but said they did not disrupt services or steal customers’ data. This article has been indexed from Security News…
ZeroDayRAT spyware grants attackers total access to mobile devices
ZeroDayRAT is a commercial mobile spyware that grants full remote access to Android and iOS devices for spying and data theft. ZeroDayRAT is a newly discovered commercial mobile spyware toolkit that gives attackers full control over Android and iOS devices.…
From Theory to Pressure: What the Third AI-Enabled Cybercrime Tabletop Exercise Revealed
The third AI-enabled cybercrime tabletop exercise (TTX) reveals how AI-driven impersonation, third-party compromise, and ransomware pressure converge, reshaping governance, trust, and executive decision-making. This article has been indexed from Industry Trends & Insights Read the original article: From Theory…
TeamPCP Industrializes Cloud Misconfigurations Into a Self-Propagating Cybercrime Platform
TeamPCP, also known as PCPcat, ShellForce, and DeadCatx3, emerged in December 2025 as a sophisticated cloud-native threat actor targeting exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell vulnerabilities. The group launched a massive campaign designed to build…
ILOVEPOOP Toolkit Exploiting React2Shell Vulnerability to Deploy Malicious Payload
The cybersecurity sector has been impacted by the sudden appearance of “React2Shell” (CVE-2025-55182), a critical vulnerability affecting Next.js and React Server Components. Following its public disclosure on December 4, 2025, threat actors mobilized with alarming speed, launching exploitation attempts against…
SAP Security Patch Day – Critical SAP CRM and SAP S/4HANA Code Injection Vulnerabilities Fixed
SAP’s February 2026 Security Patch Day delivered fixes that SAP urges customers to prioritize to reduce exposure across core enterprise workloads. The release includes 26 new SAP Security Notes and one update to a previously published note. SAP’s monthly bulletin…
Hackers Weaponizing 7-Zip Downloads to Turn Your Home Computers into Proxy Nodes
A deceptive campaign targeting unsuspecting users has emerged, using a counterfeit version of the widely used 7-Zip file archiving software to silently transform home computers into residential proxy nodes. The malicious operation relies on a lookalike domain, 7zip[.]com, which closely…
Ivanti Endpoint Manager Vulnerability Lets Remote Attacker Leak Arbitrary Data
Ivanti has released critical security updates for its Endpoint Manager (EPM) platform, addressing two newly discovered vulnerabilities that could enable unauthorized access to sensitive database information and compromise user credentials. The updates, released in version 2024 SU5, also resolve 11…
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
Transparent Tribe (APT36) is targeting Indian defense and government sectors with GETA, ARES, and Desk RATs in a new wave of economic cyber espionage. The post RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India appeared first…
Industrialized Ransomware: Confronting the New Reality
Read about the new ransomware reality and what most security strategies get wrong. Learn how to protect your organization in 2026. This article has been indexed from Blog Read the original article: Industrialized Ransomware: Confronting the New Reality
New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims
Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Bing Ads Abused to Deliver Azure-Hosted Tech Support Scams
A scam campaign is abusing Bing search ads and Azure infrastructure to deliver fraudulent tech support pages to users. The post Bing Ads Abused to Deliver Azure-Hosted Tech Support Scams appeared first on eSecurity Planet. This article has been indexed…
Vega raises $120M Series B to rethink how enterprises detect cyber threats
Vega Security raised $120 million Series B, bringing its valuation to $700 million, in a round led by Accel. The company aims to rethink how enterprises detect cybersecurity threats. This article has been indexed from Security News | TechCrunch Read…