Microsoft Office for the Web and Teams File Access Outage Has Been Resolved
Microsoft has resolved a Microsoft 365 outage that prevented some users from opening files in Office for the web and Microsoft Teams. The company tracked…
News
Here you can find the latest news and developments in the VPN world. Read about new breakthroughs, bypassing online censorship, and much more!
OverlayPhantom Android Banking Trojan Targets 180 Apps With Accessibility Abuse and Screen Streaming
A newly documented Android banking trojan called OverlayPhantom is targeting banking, financial, and cryptocurrency apps across 10 countries. The malware uses fake app downloads, phishing…
Critical MCP Toolbox Vulnerability Exposes Enterprise Database Connectors to DNS Rebinding Attacks
A critical vulnerability in MCP Toolbox for Databases could let malicious websites interact with internal database tools through a victim’s browser. The flaw is tracked…
Critical Magento Cache Warmer Vulnerability Now Listed as Exploited by CISA
A critical vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 can let unauthenticated attackers execute code on vulnerable e-commerce servers through a crafted…
IBM WebSphere Plug-ins Hit by Critical Remote Code Execution Flaw
IBM has disclosed a critical remote code execution vulnerability in Web Server Plug-ins used with WebSphere Application Server and WebSphere Liberty. The issue allows attackers…
GitLab Patches Duo AI, DoS, and Authorization Flaws in CE and EE
GitLab has released versions 19.0.1, 18.11.4, and 18.10.7 for Community Edition and Enterprise Edition, fixing seven security issues across Duo AI workflows, Wiki, GraphQL APIs,…
Palo Alto PAN-OS Authentication Bypass Exploited in the Wild Against GlobalProtect VPNs
Palo Alto Networks has confirmed limited exploitation of CVE-2026-0257, an authentication bypass vulnerability affecting PAN-OS GlobalProtect portals and gateways under specific configurations. The Palo Alto…
GREYVIBE Hackers Use ChatGPT and Google Gemini to Support Cyberattacks on Ukraine
WithSecure has identified a previously untracked threat group called GREYVIBE that has used generative AI tools across cyber operations targeting Ukraine and Ukraine-related entities. The…
Google Chrome’s Device-Bound Session Credentials Are Now GA to Block Account Takeovers
Google has made Device Bound Session Credentials generally available in Chrome on Windows, giving users and Workspace admins a stronger defense against session cookie theft.…
Pentest Swarm AI Brings Agent-Based Security Testing to Open-Source Pentesting
Pentest Swarm AI is an open-source autonomous penetration testing project that uses multiple AI-driven agents to coordinate reconnaissance, vulnerability classification, exploitation decisions, and reporting. The…
Hackers Abuse Microsoft Teams Collaboration Features to Impersonate IT Helpdesk Staff
Attackers are abusing Microsoft Teams external collaboration features to contact employees directly, impersonate IT helpdesk staff, and push victims toward remote access tools or malicious…
VS Code Remote-SSH Attack Path Lets Compromised Developer Machines Reach Cloud Servers
A newly disclosed Visual Studio Code Remote-SSH attack path shows how a compromised developer machine can become a bridge into cloud servers and production infrastructure.…
Google Engineer Charged Over Alleged $1.2 Million Polymarket Insider Trading Scheme
A Google software engineer has been charged in New York for allegedly using confidential company information to make more than $1.2 million in trading profits…
Google Patches 151 Chrome Vulnerabilities, Including 22 Critical Flaws
Google has released a major Chrome Stable update that fixes 151 security vulnerabilities, including 22 flaws rated critical. The Chrome Stable Channel update is rolling…
Critical Samba Printing Flaw Allows Remote Code Execution on Misconfigured Servers
The Samba Team has released security fixes for CVE-2026-4480, a remote code execution flaw in the Samba printing subsystem. The official Samba advisory says affected…