Gogs patches critical zero-day enabling remote code execution
Gogs patches critical zero-day enabling remote code execution By Sergiu Gatlan June 8, 2026 12:18 PM Gogs has patched a critical security zero-day flaw that can allow attackers to…
Search
Top stories
UK fines water supplier $1.3M for exposing data of 664k customers
…The company supplies 330 million liters of drinking water to 1.6 million consumers daily and, in 2022, disclosed that it was the target of a cyberattack that disrupted its IT operations…
WP Maps Pro bug exploited to create admin accounts on WordPress sites
WP Maps Pro bug exploited to create admin accounts on WordPress sites By Bill Toulas May 31, 2026 10:06 AM Hackers are targeting WordPress websites running a vulnerable version of the…
New attack turned Microsoft 365 Copilot into 1-click data theft tool
…Three-stage attack chain Researchers at the enterprise data security company Varonis developed SearchLeak by chaining three flaws that, individually, are insufficient to enable a meaningful attack. They combined a parameter-to…
Fake Claude AI website delivers new 'Beagle' Windows malware
…According to the researchers, NOVupdate.exe is a signed updater for G Data security solutions that the hacker uses to sideload the malicious avk.dll and the encrypted NOVupdate.exe.dat file…
ChatGPT share links abused to host fake outage pages to deliver malware
…download portal. The researchers say the site uses cloaking to display content only to targeted victims. When security platforms like URLScan visited the URL, they were shown a harmless AR/VR company…
Zara data breach exposed personal information of 197,000 people
…The group has also been linked to a widespread vishing campaign targeting employees' and Business Process Outsourcing (BPO) agents' Microsoft Entra, Okta, and Google SSO accounts to steal data from connected SaaS…
Hackers bypass SonicWall VPN MFA due to incomplete patching
…SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP…
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
…Cybersecurity firms ReliaQuest and Huntress have both published reports confirming the security incident, with Huntress stating that their Salesforce data was stolen in the attack. Salesforce has since disabled the Klue Battlecards…
FBI disrupts massive AI-powered phishing service using a million URLs
…Action part of Operation Riptide The action against Outsider Enterprise has technical and legal components and is part of the FBI's larger Operation Riptide that targets cybercrime activity and infrastructure. During…