phpBB forum fixes auth bypass bug lurking for a decade
…Toulas June 12, 2026 02:19 PM A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. The…
Search
Windows 11 KB5089573 update released with performance improvements
…With the May 2026 optional update, Microsoft is gradually rolling out general OS performance upgrades and several reliability improvements to Windows Hello. "This update accelerates app launch and core shell experiences such…
Hackers bypass SonicWall VPN MFA due to incomplete patching
Hackers bypass SonicWall VPN MFA due to incomplete patching By Bill Toulas May 20, 2026 05:19 PM Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall…
Microsoft fixes AutoGen Studio flaw that enabled code execution
Microsoft fixes AutoGen Studio flaw that enabled code execution By Bill Toulas June 22, 2026 01:28 PM A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI…
Critical UniFi OS bug lets hackers gain root without authentication
…Once inside, the attackers can target a package-update endpoint with CVE-2026-34910, passing unvalidated user input into a shell command to execute arbitrary commands on the system. The injected commands…
Grafana breach caused by missed token rotation after TanStack attack
Grafana breach caused by missed token rotation after TanStack attack By Bill Toulas May 20, 2026 11:46 AM The Grafana data breach was caused by a single GitHub workflow token that…
Fake OpenAI repository on Hugging Face pushes infostealer malware
…9, 2026 10:26 AM A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. The…
ShapedPlugin update flow hacked to infect WordPress sites
ShapedPlugin update flow hacked to infect WordPress sites By Bill Toulas June 18, 2026 08:55 AM Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected…
BTMOB Android malware service generates custom phishing payloads
BTMOB Android malware service generates custom phishing payloads By Bill Toulas May 28, 2026 05:10 PM An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface…
New attack turned Microsoft 365 Copilot into 1-click data theft tool
…With Microsoft having fixed CVE-2026-42824, there’s no user action required to mitigate this threat. Varonis underscores that familiar, easily contained bugs like SSRF and HTML injection race conditions can…