Web
NewsPlease enter a web search for web results.
News
WebChrome 150 and Firefox 152 Patch Critical Vulnerabilities: CVE Analysis and Enterprise Risk Advisory
1+ hour, 29+ min ago (553+ words) Rescana Chrome 150 and Firefox 152 Patch Critical Vulnerabilities: CVE Analysis and Enterprise Risk Advisory Recent updates to Google Chrome (version 150) and Mozilla Firefox (version 152) have remediated a substantial number of critical vulnerabilities, many of which could enable remote code execution, sandbox…...
Active Exploitation Alert: Critical Ivanti Sentry and Fortinet Vulnerabilities (CVE-2026-10520) Patched Amid Ongoing Attacks
1+ hour, 29+ min ago (216+ words) CVE-2026-10523 is an authentication bypass in Ivanti Sentry that allows remote attackers to create arbitrary administrative accounts, leading to full administrative takeover. While no exploitation has been confirmed in the wild as of June 2026, the risk is critical due to…...
Active Exploitation Alert: AsyncAPI npm Supply Chain Attack Delivers Multi-Stage Miasma Botnet via Compromised GitHub Actions
10+ hour, 15+ min ago (604+ words) Rescana Active Exploitation Alert: AsyncAPI npm Supply Chain Attack Delivers Multi-Stage Miasma Botnet via Compromised GitHub Actions In July 2026, a highly sophisticated supply chain attack targeted the AsyncAPI open-source ecosystem, resulting in the compromise of several widely used npm packages....
Active Exploitation Alert: Jscrambler npm Packages Compromised in Coordinated Supply Chain Attack (July 2026)
1+ day, 11+ hour ago (229+ words) No evidence was found of persistence mechanisms beyond initial execution, but the potential for privilege escalation and lateral movement exists, especially in environments where the npm process runs with elevated privileges. The malware’s design implies automated exfiltration of harvested data,…...
Active Exploitation Alert: 148 Malicious npm Packages Masquerading as Student Proxies Turn Browsers Into DDoS Botnet
1+ day, 11+ hour ago (132+ words) The attack leveraged the npm ecosystem to distribute packages with names such as charlie-kirk, ilovefemboys, miguelphonk, changiairportpromax, and many others. These packages were not intended for import into legitimate projects but instead served as hosting for proxy web applications branded…...
Nihon Kotsu Cyberattack Analysis: Malware Disruption of Japan’s Largest Taxi Dispatch and Reservation Systems in July 2026
1+ day, 11+ hour ago (253+ words) The cyberattack impacted the following systems and services operated by Nihon Kotsu: the taxi dispatch system (phone-based), hire car web order and reservation management system, several internal IT systems, and the “labor taxi” service for pregnant women in Tokyo, Musashino…...
Misconfigured Server Exposes Evilginx Phishing Campaigns Bypassing MFA to Target Microsoft 365 Accounts
1+ day, 11+ hour ago (833+ words) Rescana Misconfigured Server Exposes Evilginx Phishing Campaigns Bypassing MFA to Target Microsoft 365 Accounts A misconfigured public server exposed the operational infrastructure of three distinct Evilginx phishing campaigns targeting Microsoft 365 users. The campaigns, active since at least early 2026, leveraged adversary-in-the-middle (AiTM)…...
Active Exploitation Alert: Critical Joomla Extension Vulnerabilities Enable Remote Code Execution and Server Compromise
1+ day, 11+ hour ago (266+ words) The lack of authentication required to exploit these vulnerabilities means that any internet-facing Joomla instance with a vulnerable extension is a potential target. Organizations with limited patch management processes or insufficient monitoring are especially vulnerable to compromise and subsequent abuse…...
Unpatched XRING Vulnerability in XQUIC Exposes HTTP/3 Servers to Remote Crash Risk
3+ day, 11+ hour ago (475+ words) Rescana Unpatched XRING Vulnerability in XQUIC Exposes HTTP/3 Servers to Remote Crash Risk A critical, unpatched vulnerability known as XRING has been disclosed in the XQUIC library, an open-source implementation of QUIC and HTTP/3 protocols maintained by Alibaba. This flaw…...
Critical U-Boot FIT Signature Verification Vulnerabilities (CVE-2026-46728) Expose Embedded Linux Devices to Stealthy Firmware Attacks
3+ day, 11+ hour ago (236+ words) Binarly has also disclosed related flaws under identifiers BRLY-2026-037 through BRLY-2026-042, which include memory corruption, out-of-bounds reads, null pointer dereference, improper validation of external firmware data, and unbounded recursion leading to stack exhaustion. These issues can result in device crashes…...