Category of intelligence

Vulnerabilities

News about security failures, exploits and vulnerabilities in systems

Stories published: 742 Showing up 9 articles per page

Mini Shai-Hulud: the committed supply campaign that steals tokens, deploys malicious loads and reinfects your pipelines from npm

Vulnerabilities

April 29, 2026 4 min de lectura 99

Mini Shai-Hulud: the committed supply campaign that steals tokens, deploys malicious loads and reinfects your pipelines from npm

Researchers from several security firms have alerted to a committed supply campaign targeting the SAP JavaScript ecosystem, distributed in legitimate npm packages but versed with …

Critical alert: vulnerability in cPanel / WHM allows access without authentication - already applies the patch and strengthens safety

Vulnerabilities

April 29, 2026 4 min de lectura 113

Critical alert: vulnerability in cPanel / WHM allows access without authentication - already applies the patch and strengthens safety

A critical vulnerability in cPanel / WHM detected at the end of April 2026 allows, according to public reports and the supplier itself, access to the control panel without authent…

OAuth the silent risk that turns permissions into access doors to your systems

Vulnerabilities

April 29, 2026 4 min de lectura 95

OAuth the silent risk that turns permissions into access doors to your systems

The discussion of the risks of artificial intelligence in companies often focuses on the visible: employees hitting sensitive data on public chatbots. However, there is a less noi…

CISA requires immediate patch for CVE-2026-32202: the zero-click failure that steals credentials without interaction

Vulnerabilities

April 29, 2026 3 min de lectura 106

CISA requires immediate patch for CVE-2026-32202: the zero-click failure that steals credentials without interaction

The U.S. agency CISA has imposed a clear obligation on federal units: to make a priority of correcting a Windows vulnerability identified as CVE-2026-32202. Although the formal or…

Security Alert cPanel Corrects Serious Authentication Failure That Could Commit Hosting Servers and Accounts

Vulnerabilities

April 29, 2026 4 min de lectura 76

Security Alert cPanel Corrects Serious Authentication Failure That Could Commit Hosting Servers and Accounts

cPanel has published security patches that address a vulnerability on multiple control panel authentication routes that, if exploited, could allow an attacker to take control of s…

VECT 2.0 fails in nonces and turns the ansomware into irreversible data erasing

Vulnerabilities

April 28, 2026 4 min de lectura 96

VECT 2.0 fails in nonces and turns the ansomware into irreversible data erasing

A VECT 2.0 error turns the supposed ansomware into an irreversible draft: Check Point researchers have discovered that VECT version 2.0 fails to handle nonces during block encrypt…

CVE-2026-3854: A simple git push could open the door to remote code execution at GitHub and GitHub Enterprise Server

Vulnerabilities

April 28, 2026 4 min de lectura 130

CVE-2026-3854: A simple git push could open the door to remote code execution at GitHub and GitHub Enterprise Server

Security researchers have revealed critical vulnerability at GitHub.com and GitHub Enterprise Server that allowed an authenticated user to achieve remote code execution (CERs) wit…

The reappearance of LofyGang and LofyStealer an infostealer disguised as a Minecraft cheat that drives malware as a service

Vulnerabilities

April 28, 2026 4 min de lectura 143

The reappearance of LofyGang and LofyStealer an infostealer disguised as a Minecraft cheat that drives malware as a service

The reappearance of a group of Brazilian cybercrime known as LofyGang requires a serious risk that combines social engineering aimed at young players and increasingly industrial d…

The new Zero Trust border: ensure data transfer between domains with integrity and speed

Vulnerabilities

April 28, 2026 5 min de lectura 97

The new Zero Trust border: ensure data transfer between domains with integrity and speed

Most security programmes have for years assumed something that is no longer sustainable: that the problem is solved as soon as a system is connected. Open a ticket, deploy a gatew…

Explore RadarBytes

Vulnerabilities

Mini Shai-Hulud: the committed supply campaign that steals tokens, deploys malicious loads and reinfects your pipelines from npm

Critical alert: vulnerability in cPanel / WHM allows access without authentication - already applies the patch and strengthens safety

OAuth the silent risk that turns permissions into access doors to your systems

CISA requires immediate patch for CVE-2026-32202: the zero-click failure that steals credentials without interaction

Security Alert cPanel Corrects Serious Authentication Failure That Could Commit Hosting Servers and Accounts

VECT 2.0 fails in nonces and turns the ansomware into irreversible data erasing

CVE-2026-3854: A simple git push could open the door to remote code execution at GitHub and GitHub Enterprise Server

The reappearance of LofyGang and LofyStealer an infostealer disguised as a Minecraft cheat that drives malware as a service

The new Zero Trust border: ensure data transfer between domains with integrity and speed

Disable your ad blocker

Vulnerabilities

Manage your cookies