Vulnerability

macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools

2 minute read

Security

macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools

A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue.

byDeeba Ahmed

June 26, 2026

LastPass Confirms Customer Data Breach After Klue OAuth Token Theft

3 minute read

Data Breaches

LastPass Confirms Customer Data Breach After Klue OAuth Token Theft

LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…

byWaqas

June 23, 2026

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

2 minute read

Security

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.

byDeeba Ahmed

June 23, 2026

2 minute read

Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users

Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone.

byDeeba Ahmed

June 22, 2026

2 minute read

Texas Parks and Wildlife Data Breach Affects Over 3M License Customers

Around 3 million Texas licence holders face a data breach after hackers targeted a third-party vendor, exposing driver's licences and passport numbers.

byDeeba Ahmed

June 22, 2026

3 minute read

Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data

Icarus extortion group used a legacy Klue Battlecards credential to bypass security and steal bulk Salesforce records from affected companies.

byDeeba Ahmed

June 22, 2026

3 minute read

DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity

DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm.

byDeeba Ahmed

June 18, 2026

3 minute read

Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents

Tenet researchers reveal how fake Sentry bug reports can trick AI coding agents into running code, exposing a new Agentjacking risk for developers today.

byDeeba Ahmed

June 18, 2026

2 minute read

Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware

Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware.

byDeeba Ahmed

June 12, 2026

3 minute read

ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack

Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims.

byDeeba Ahmed

June 12, 2026

The Latest

8 Top SAST Tools for Polyglot Monorepos and Platform Engineering in 2026

Woodgnat Hackers Use Mistic RAT to Broker Access for Ransomware Gangs

macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools

A decade of infrastructure development, one new name: Coinspaid Dev

Vulnerability

macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools

LastPass Confirms Customer Data Breach After Klue OAuth Token Theft

‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking

Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users

Texas Parks and Wildlife Data Breach Affects Over 3M License Customers

Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data

DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity

Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents

Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware

ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack

A decade of infrastructure development, one new name: Coinspaid Dev

Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity

Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections

eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks

SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies