Your Daily Dose of Cybersecurity News

Technology

Google fixes one actively exploited Android zero-day, 124 flaws

One of them, a high-severity zero-day flaw in the Android Framework component, is tracked as CVE-2025-48595. This vulnerability is serious.

Jun 2, 2026 · SecurityXP Intelligence Desk

Technology

Infected Red Hat npm packages expose developer credentials

This malware is a new variant of the Shai-Hulud credential-stealing malware. It's designed to steal developer credentials, cloud secrets, SSH keys, CI/CD tokens, and other sensitive information.

Jun 2, 2026 · SecurityXP Intelligence Desk

Technology

Critical Windows Netlogon RCE flaw now exploited in attacks

This vulnerability, tracked as CVE-2026-41089, has a CVSS score of 9.8. It's a stack-based buffer overflow issue that could be exploited via crafted network requests.

Jun 1, 2026 · SecurityXP Intelligence Desk

Latest News

TechnologyJun 1, 2026·2 min read

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Hackers can exploit this vulnerability, CVE-2026-0826, to achieve unauthenticated remote code execution with root privileges on a target device.

TechnologyMay 31, 2026·3 min read

Carnival Data Breach Impacts Nearly 6 Million Customers

According to filings with the Maine Attorney General , the cruise operator is sending notification letters to 5,995,277 customers and employees. Hackers got in and exfiltrated sensitive files.

Vulnerabilities & ExploitsMay 31, 2026·3 min read

Active Exploitation of PAN-OS GlobalProtect Gateways (CVE-2026-0257) Triggers Urgent Patches

Attackers are actively exploiting a high-severity authentication bypass vulnerability in Palo Alto Networks GlobalProtect portals and gateways, allowing remote attackers to establish unauthorized VPN access to corporate networks.

TechnologyMay 29, 2026·4 min read

7-Eleven Data Breach Exposes Personal Information of 185,000 People

The ShinyHunters extortion gang claimed responsibility, leaked a 9.4GB archive of stolen data, and is now selling it on underground forums after the company refused to pay a ransom.

TechnologyMay 29, 2026·5 min read

FBI Warns of Kali365: The Fast-Growing Phishing Kit Stealing Microsoft 365 Access Tokens

By exploiting legitimate OAuth device code authentication, Kali365 bypasses multi-factor authentication entirely... and that's a game-changer.

TechnologyMay 29, 2026·4 min read

Ghost CMS Flaw Abused to Push ClickFix Attacks on Hundreds of Sites

and it's getting out of hand. Over 700 legitimate domains have been poisoned, including university portals and major technology brands.

Vulnerabilities & ExploitsMay 26, 2026·2 min read Breaking

Critical VMware Zero-Day Vulnerability Under Active Exploitation

A critical remote code execution vulnerability in VMware vCenter Server is being actively exploited in the wild. CVE-2025-1234 carries a CVSS score of 9.8 and affects all recent versions. Immediate patching is recommended.

Malware & RansomwareMay 25, 2026·1 min read

Ransomware Attack Disrupts Major Healthcare Provider Operations

A sophisticated ransomware attack has disrupted operations at a major healthcare provider, affecting patient care systems across multiple facilities. Learn about the attack vectors, impact, and mitigation strategies.

AI/ML SecurityMay 24, 2026·1 min read

New EU AI Security Regulations: What Organizations Need to Know

The European Union has introduced comprehensive AI security regulations requiring organizations to implement security measures for AI systems. We break down the requirements, timelines, and compliance steps.

Threat IntelligenceSep 18, 2025·3 min read

CISA Issues Nine Urgent Advisories on Industrial Control Systems Vulnerabilities

In a critical bulletin released on September 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published nine new advisories detailing high-severity vulnerabilities affecti...

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities

Google fixes one actively exploited Android zero-day, 124 flaws

Infected Red Hat npm packages expose developer credentials

Critical Windows Netlogon RCE flaw now exploited in attacks

Latest News

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Carnival Data Breach Impacts Nearly 6 Million Customers

Active Exploitation of PAN-OS GlobalProtect Gateways (CVE-2026-0257) Triggers Urgent Patches

7-Eleven Data Breach Exposes Personal Information of 185,000 People

FBI Warns of Kali365: The Fast-Growing Phishing Kit Stealing Microsoft 365 Access Tokens

Ghost CMS Flaw Abused to Push ClickFix Attacks on Hundreds of Sites

Critical VMware Zero-Day Vulnerability Under Active Exploitation

Ransomware Attack Disrupts Major Healthcare Provider Operations

New EU AI Security Regulations: What Organizations Need to Know

CISA Issues Nine Urgent Advisories on Industrial Control Systems Vulnerabilities

Security Digest