Blog
One HTTP Header = Admin Access: CVE-2026-20896 Actively Exploited in the Wild — Patch Your Gitea Now
CVE-2026-20896 (CVSS 9.8) allows attackers to impersonate any Gitea admin with a single HTTP header. Active exploitation confirmed. Patch to 1.26.4 now.
Read More →CVE-2026-53359 “Januscape”: 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to the Host — Patch Now
CVE-2026-53359 'Januscape' is a 16-year-old Linux KVM shadow MMU flaw (CVSS 8.8/9.3) enabling guest VMs to escape to the host on Intel and AMD. Here's how to patch and protect…
Read More →JadePuffer: The World’s First AI-Agent Ransomware — No Human Operator Required
Sysdig has captured JadePuffer — the world's first fully AI-agent-driven ransomware. It exploited CVE-2025-3248 in Langflow, adapted in real time, and encrypted 1,342 production records autonomously.
Read More →FBI FLASH: TeamPCP’s Supply Chain Worm Poisons Trusted Dev Tools — Your CI/CD Pipeline May Already Be Breached
FBI FLASH exposes TeamPCP, who poisoned Trivy, KICS & LiteLLM to steal AWS, GCP and Azure credentials from CI/CD pipelines. Rotate secrets now.
Read More →Adobe ColdFusion Under Active Attack: CVE-2026-48282 & 6 More CVSS 10.0 Flaws — Patch Now Before Your Server Is Next
Adobe patched 7 CVSS 10.0 ColdFusion flaws on 1 July 2026. CVE-2026-48282 is exploited in the wild — an Indian IP was the first attacker. Patch to Update 21 or…
Read More →CVE-2026-46242 “Bad Epoll” (CVSS 7.8): Any Linux User Can Become Root — Patch Now Before Attackers Do It For You
CVE-2026-46242 "Bad Epoll" is a use-after-free flaw letting any local Linux user gain root with 99% exploit reliability. Patch to 6.6.144+, 6.12.95+, or 6.18.33+ now.
Read More →FortiBleed 2026: Over 75,000 Fortinet Firewalls Silently Compromised — INC and Lynx Ransomware Are Cashing In
FortiBleed has compromised up to 86,644 Fortinet firewalls across 194 countries. INC Ransom and Lynx ransomware are now using stolen credentials. Patch FortiOS now.
Read More →CVE-2026-50242 (CVSS 10.0): JetBrains Hub Has a Database-Level Authentication Bypass — Patch Now or Hand Attackers Your Dev Pipeline
JetBrains Hub has a CVSS 10.0 unauthenticated admin bypass (CVE-2026-50242). Five companion CVEs hit YouTrack & IntelliJ IDEA. Here's what Indian IT teams must patch today.
Read More →CVE-2026-50242 (CVSS 10.0): JetBrains Hub Has a Database-Level Authentication Bypass — Patch Now or Hand Attackers Your Dev Pipeline
JetBrains Hub has a CVSS 10.0 unauthenticated admin bypass (CVE-2026-50242). Five companion CVEs hit YouTrack & IntelliJ IDEA. Here's what Indian IT teams must patch today.
Read More →ChocoPoC RAT: Fake GitHub PoC Repos Are Now Attacking Your Security Team
ChocoPoC RAT hides inside fake GitHub PoC repos to steal credentials from security researchers via malicious Python packages. Protect your team now.
Read More →