Critical PX4 autopilot flaw could let attackers send shell commands to drones
CISA has warned about a critical vulnerability in PX4 Autopilot that could let an attacker execute shell commands if they can reach the MAVLink interface.…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
Oracle begins layoffs as it pours more money into AI infrastructure
Oracle has started laying off employees as it ramps up spending on AI data centers and cloud infrastructure, but there is no verified public evidence…
Cisco Smart Software Manager flaw lets attackers run commands as root
Cisco has disclosed a critical vulnerability in Smart Software Manager On-Prem that can let an unauthenticated remote attacker execute arbitrary commands on the underlying operating…
WhatsApp warns about fake app used in spyware campaign targeting users in Italy
WhatsApp has warned around 200 users that they were tricked into installing a fake version of the messaging app that contained spyware. Reuters reported that…
New ZAP PTK add-on sends browser security findings straight into ZAP alerts
OWASP ZAP has released version 0.3.0 of its OWASP PTK add-on, and the main change is a practical one: findings from the browser can now…
Apple expands iOS 18.7.7 to more devices to block DarkSword web attacks
Apple has expanded iOS 18.7.7 and iPadOS 18.7.7 to more devices after security researchers identified web-based attacks called DarkSword targeting older iPhone software. Apple says…
Microsoft details how to mitigate the Axios npm supply chain compromise
Microsoft says developers and organizations that installed the compromised Axios releases should assume exposure and act fast. In its April 1 guidance, Microsoft Threat Intelligence…
NoVoice malware hid in 50+ Google Play apps and reached at least 2.3 million downloads
A newly detailed Android malware campaign called Operation NoVoice hid inside more than 50 apps on Google Play and reached at least 2.3 million downloads…
CISA warns of actively exploited Chrome zero-day as Google ships fix
CISA has added a newly exploited Chrome vulnerability, CVE-2026-5281, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to address it by April 15,…
Hackers abuse DOCX, RTF, JavaScript, and Python in Boeing-themed RFQ malware campaign
A new phishing campaign is using fake Boeing request-for-quotation emails to infect procurement and sales targets with a multi-stage malware chain that ends in in-memory…
OpenSSH 10.3 fixes shell injection issue and tightens certificate handling
OpenSSH 10.3 and 10.3p1 are now out, and the release includes a fix for a shell injection issue in the ssh client plus several security-related…
Qilin ransomware uses malicious DLL to disable EDR before encryption
Qilin ransomware operators are using a malicious DLL called msimg32.dll to launch a multi-stage attack that disables endpoint detection and response tools before the ransomware…
New Akira lookalike ransomware campaign targets Windows users in South America
A new ransomware campaign is targeting Windows users in South America by imitating the Akira ransomware brand while relying on a different code base underneath.…
Hackers clone CERT-UA site to push Go-based RAT in phishing campaign
Hackers recently cloned Ukraine’s CERT-UA website and used it in a phishing operation to trick targets into installing a remote access trojan called AGEWHEEZE. CERT-UA…
How elite SOCs cut escalation rates by giving Tier 1 better threat intelligence
Security teams cut unnecessary escalations when Tier 1 analysts get faster access to context, not just more alerts. The goal is simple: help frontline analysts…