Category: Security

Digital screens display data on a circuit board background
Security

CVE-2026-0300: If your Palo Alto User-ID Authentication Portal is internet-exposed, lock it down now — patches start May 13

A critical PAN-OS zero-day, CVE-2026-0300, is being actively exploited but only when Palo Alto Networks’ User-ID Authentication Portal is reachable from untrusted networks. Patches begin rolling out on May 13, 2026; until your appliances are updated, restricting or disabling the portal is the practical defense that changes your immediate risk profile. Portal-exposed versus default deployments: […]

admin 
Spacious and minimalist computer lab with rows of black monitors and sleek furniture.
Security

ShinyHunters claims 3.65 TB from Canvas — breach exposes systemic third‑party and CRM risks in EdTech

Instructure’s Canvas platform has suffered a large-scale data theft that ShinyHunters says totaled 3.65 terabytes of information tied to roughly 275 million people at nearly 9,000 schools. The central signal: attackers repeatedly exploited third‑party integrations and cloud CRM access, not exposed passwords or direct financial systems. How attackers leveraged integrations and CRM access Security researchers […]

admin 
a room with computers and chairs
Security

Timeline: After the March 12 patch, Weaver E‑cology CVE‑2026‑22679 was exploited via an unauthenticated debug API — endpoint defenses stopped persistence

A critical unauthenticated RCE in Weaver E‑cology 10.0 (CVE‑2026‑22679) was actively exploited in mid‑ to late‑March 2026 after the vendor released a patch on March 12; endpoint defenses intervened and prevented persistent compromise, leaving timely patching as the primary remediation. How the March exploitation sequence unfolded The vendor released a patch on March 12, 2026; […]

admin 
a man sitting in front of two computer monitors
Security

CVE-2025-60710: CISA’s active‑exploit designation turns a TaskHost privilege bug into a two‑week patch emergency

CISA’s addition of CVE-2025-60710 to the Known Exploited Vulnerabilities list makes a previously theoretical Windows Task Host privilege escalation a present operational threat: federal agencies have two weeks under BOD 22‑01 to patch, and all organizations should treat this as a priority where detection will not substitute for patching. CISA’s designation versus the bug’s mechanics […]

admin 
a black case filled with electronics on top of a white table
Security

KB5082200 tightened .rdp consent and Secure Boot rollouts — but the new warnings aren’t a phishing shield

Microsoft’s April 2026 Windows 10 update (KB5082200) forces explicit user consent when opening .rdp files and stages new Secure Boot certificates; those are concrete, operator-level changes, but they do not make .rdp-based phishing impossible. Administrators need to treat the update as a change in control points, not a substitute for policy and training. How KB5082200 […]

admin 
Customer paying with credit card at cafe counter.
Security

Anthropic briefed the Trump administration while suing the Pentagon — why Mythos forces banks and regulators to pick careful safeguards

Anthropic has simultaneously pushed Mythos into conversations at the highest levels of government and finance while locked in a legal fight with the Department of Defense—an unusual posture that makes Mythos a distinct governance and operational problem for banks, regulators, and infrastructure providers. What banks and financial regulators are being asked to weigh Mythos is […]

admin 
a desk with several monitors
Security

April 2026: Magecart operators hide credit‑card skimmers inside 1×1 SVGs using Magento PolyShell — patches still pre-release

In early April 2026, a Magecart campaign used a tiny, deliberate evasion technique—embedding a base64 JavaScript skimmer in a 1×1 pixel SVG’s onload attribute—to harvest card data from nearly 100 Magento stores while exploiting the PolyShell vulnerability; official Adobe fixes remain in pre-release. What unfolded in early April and why the SVG matters Recommended Reading […]

admin 
Computer screen displaying lines of code
Security

March 19 patch closes CVE-2026-0740 after Feb. 10 partial fix left ~50,000 Ninja Forms File Upload installs exposed

The recent sequence of fixes for the Ninja Forms – File Upload extension matters because an incomplete February patch left thousands of WordPress sites exposed to unauthenticated remote code execution until a full remediation arrived on March 19, 2026. CVE-2026-0740 (CVSS 9.8) allows arbitrary file upload via the plugin’s handle_upload() AJAX endpoint; only version 3.3.27 […]

admin 
A wireless router sits on a wooden table.
Security

Home routers vs. cloud defenses: How APT28 pairs mass DNS hijacks with stealth Microsoft 365 token theft

APT28 (Fancy Bear, GRU Unit 26165) has shifted from classic phishing and malware to a hybrid approach that begins on compromised home and SOHO routers and finishes inside Microsoft 365 environments—using DNS hijacking and a cloud-native malware toolkit called “AUTHENTIC ANTICS” to steal OAuth tokens and live cloud content. That contrast—network infrastructure compromise at the […]

admin 
text
Security

Don’t Treat QR-Code Traffic-Fine Texts as Minor Spam — Reused case “26-TR-273196” Reveals a Nationwide ID‑theft Scheme

In early April 2026 a large-scale phishing campaign began pushing QR codes in fake traffic–violation texts across the U.S., not just isolated nuisance messages. The repeated use of the fake case number “26-TR-273196” — seen with state prefixes like CO, NJ, IL, TX, MN and TN — makes clear this is a volume-driven, adaptive scam […]

admin