The Secure Truth - Page 2 of 12 - Covers cybersecurity news, incidents, vulnerabilities, and analysis

Breaking

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately

1406 CVEs This Month

4 Actively Exploited

0 Ransomware Activity

25 Breaches YTD

Threat Investigation Portal

Investigate an IOC in the live graph workspace.

Investigate IOC

Over 30 Red Hat npm Packages Compromised to Distribute New Credential-Stealing Malware Variant

Cloud & Identity Security | Exclusive

Over 30 Red Hat npm Packages Compromised to Distribute...

Thirumala Rao Padilam

Thirumala Rao Padilam June 2, 2026

DriveSurge Threat Actor Uses ClickFix and FakeUpdate Attacks Across Thousands of Compromised Sites

Threat Intelligence

DriveSurge Threat Actor Uses ClickFix and FakeUpdate Attacks...

Dashlane Reports Brute-Force Attack Affecting Encrypted Vaults of Under 20 Users

Vulnerabilities

Dashlane Reports Brute-Force Attack Affecting Encrypted Vaults of...

Latest Threats

View all ->

Active Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Vulnerabilities

Active Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Palo Alto Networks has disclosed an authentication bypass vulnerability in PAN-OS and Prisma Access that is actively exploited...

Thirumala Rao Padilam

Thirumala Rao Padilam

BTMOB Android Malware Service Offers Customizable Phishing Payloads

Threat Intelligence

BTMOB Android Malware Service Offers Customizable Phishing Payloads

BTMOB, an Android remote access trojan, is now available as a malware service featuring a builder interface that...

Thirumala Rao Padilam

Thirumala Rao Padilam

GreyVibe Hackers Employ AI-Generated Lures and Custom Malware in Attacks on Ukrainian Targets

Threat Intelligence

GreyVibe Hackers Employ AI-Generated Lures and Custom Malware in Attacks on Ukrainian Targets

GreyVibe, a threat group believed to be Russian, has been utilizing AI-generated phishing lures and customized malware in...

Thirumala Rao Padilam

Thirumala Rao Padilam

Vulnerability Watch

Top 10 CVEs This Week

Prioritized using CISA KEV, EPSS, CVSS, and recency.

Full watchlist ->

CVE-2026-7858 CVSS 9.8 EPSS 0.0034

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.

Critical severity issue in affected software published this week.

CVE-2026-45131 CVSS 10 EPSS 0

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

Critical severity issue in affected software published this week.

CVE-2026-45132 CVSS 10 EPSS 0

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and SSH signing key) to fork-controlled code due to unsafe checkout and credential handling practices. This issue has been patched via commit fcf9302.

Critical severity issue in affected software published this week.

CVE-2026-42680 CVSS 9.8 EPSS 0

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.

Critical severity issue in affected software published this week.

CVE-2026-48879 CVSS 9.8 EPSS 0

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17.

Critical severity issue in affected software published this week.

Vulnerability Watch

Anthropic Confirms Public Rollout of Claude Mythos-Class Models Following Security Review

AI Security

Anthropic Confirms Public Rollout of Claude Mythos-Class Models Following Security Review

May 29, 2026 | Thirumala Rao Padilam

Canadian Sextortionist Sentenced to 33 Years for Targeting Over 145 Children

Cybersecurity News

Canadian Sextortionist Sentenced to 33 Years for Targeting Over 145 Children

May 28, 2026 | Thirumala Rao Padilam

Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People

Data Breaches

Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People

May 28, 2026 | Thirumala Rao Padilam

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Threat Intelligence

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

May 28, 2026 | Thirumala Rao Padilam

Active Threat Index

LIVE

8.24

Google Chrome Zero-Day

Vulnerabilities

8.16

Ransomware Attacks Surge

Malware & Threats

8.16

European Commission Confirms

Malware & Threats

7.88

CISA and Partners

AI Security

7.7

Hackers Hide Credit

Data Breaches

error: Content is protected !!