The Secure Truth - Page 3 of 12 - Covers cybersecurity news, incidents, vulnerabilities, and analysis

Breaking

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately

2032 CVEs This Month

7 Actively Exploited

0 Ransomware Activity

25 Breaches YTD

Threat Investigation Portal

Investigate an IOC in the live graph workspace.

Investigate IOC

Over 30 Red Hat npm Packages Compromised to Distribute New Credential-Stealing Malware Variant

Cloud & Identity Security | Exclusive

Over 30 Red Hat npm Packages Compromised to Distribute...

Thirumala Rao Padilam

Thirumala Rao Padilam June 2, 2026

DriveSurge Threat Actor Uses ClickFix and FakeUpdate Attacks Across Thousands of Compromised Sites

Threat Intelligence

DriveSurge Threat Actor Uses ClickFix and FakeUpdate Attacks...

Dashlane Reports Brute-Force Attack Affecting Encrypted Vaults of Under 20 Users

Vulnerabilities

Dashlane Reports Brute-Force Attack Affecting Encrypted Vaults of...

Latest Threats

View all ->

Active Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Vulnerabilities

Active Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Palo Alto Networks has disclosed an authentication bypass vulnerability in PAN-OS and Prisma Access that is actively exploited...

Thirumala Rao Padilam

Thirumala Rao Padilam

BTMOB Android Malware Service Offers Customizable Phishing Payloads

Threat Intelligence

BTMOB Android Malware Service Offers Customizable Phishing Payloads

BTMOB, an Android remote access trojan, is now available as a malware service featuring a builder interface that...

Thirumala Rao Padilam

Thirumala Rao Padilam

GreyVibe Hackers Employ AI-Generated Lures and Custom Malware in Attacks on Ukrainian Targets

Threat Intelligence

GreyVibe Hackers Employ AI-Generated Lures and Custom Malware in Attacks on Ukrainian Targets

GreyVibe, a threat group believed to be Russian, has been utilizing AI-generated phishing lures and customized malware in...

Thirumala Rao Padilam

Thirumala Rao Padilam

Vulnerability Watch

Top 10 CVEs This Week

Prioritized using CISA KEV, EPSS, CVSS, and recency.

Full watchlist ->

CVE-2026-50751 KEV CVSS 9.3 EPSS 0.0001

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Known exploited vulnerability affecting Check Point Security Gateway with active defender relevance.

CVE-2023-54352 CVSS 9.8 EPSS 0.0019

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.

Critical severity issue in affected software published this week.

CVE-2024-58348 CVSS 9.8 EPSS 0.0019

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

Critical severity issue in affected software published this week.

CVE-2024-58349 CVSS 9.8 EPSS 0.0015

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.

Critical severity issue in affected software published this week.

CVE-2026-11499 CVSS 9.8 EPSS 0.0009

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote.

Critical severity issue in affected software published this week.

Vulnerability Watch

Anthropic Confirms Public Rollout of Claude Mythos-Class Models Following Security Review

AI Security

Anthropic Confirms Public Rollout of Claude Mythos-Class Models Following Security Review

May 29, 2026 | Thirumala Rao Padilam

Canadian Sextortionist Sentenced to 33 Years for Targeting Over 145 Children

Cybersecurity News

Canadian Sextortionist Sentenced to 33 Years for Targeting Over 145 Children

May 28, 2026 | Thirumala Rao Padilam

Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People

Data Breaches

Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People

May 28, 2026 | Thirumala Rao Padilam

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Threat Intelligence

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

May 28, 2026 | Thirumala Rao Padilam

Active Threat Index

LIVE

8.26

Google Chrome Zero-Day

Vulnerabilities

8.18

European Commission Confirms

Malware & Threats

8.16

Ransomware Attacks Surge

Malware & Threats

7.88

CISA and Partners

AI Security

7.7

Hackers Hide Credit

Data Breaches

error: Content is protected !!