SC Staff

Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike

• vulnerability-management

Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike

SC Staff May 26, 2026

The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.

Read More Read more about Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike

The Oncology Institute reports patient data potentially exposed in third-party vendor breach

The Oncology Institute reports patient data potentially exposed in third-party vendor breach

SC Staff May 26, 2026

The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor,...

Read More Read more about The Oncology Institute reports patient data potentially exposed in third-party vendor breach

Zero-click attack hijacks WhatsApp accounts on iOS 16

• application-security

Zero-click attack hijacks WhatsApp accounts on iOS 16

SC Staff May 26, 2026

The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to...

Read More Read more about Zero-click attack hijacks WhatsApp accounts on iOS 16

North Korea’s Lazarus Group uses new RemotePE malware against financial targets

• threat-intelligence

North Korea’s Lazarus Group uses new RemotePE malware against financial targets

SC Staff May 26, 2026

RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.

Read More Read more about North Korea’s Lazarus Group uses new RemotePE malware against financial targets

OnlyFans user data advertised on cybercrime forum, seller claims no direct breach

• data-security

OnlyFans user data advertised on cybercrime forum, seller claims no direct breach

SC Staff May 26, 2026

A user on a cybercrime forum is selling a database of 340 million records allegedly linked to...

Read More Read more about OnlyFans user data advertised on cybercrime forum, seller claims no direct breach

Ghost CMS vulnerability exploited in large-scale campaign

• vulnerability-management

Ghost CMS vulnerability exploited in large-scale campaign

SC Staff May 26, 2026

The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.0 through 6.19.0, allowing unauthenticated attackers to steal admin...

Read More Read more about Ghost CMS vulnerability exploited in large-scale campaign

RondoDox botnet exploits old ASUS router vulnerability

• network-security

RondoDox botnet exploits old ASUS router vulnerability

SC Staff May 26, 2026

The RondoDox botnet has been exploiting this vulnerability since May 17, as discovered by VulnCheck's Canary Network....

Read More Read more about RondoDox botnet exploits old ASUS router vulnerability

Ubiquiti patches three critical vulnerabilities in UniFi OS

• vulnerability-management

Ubiquiti patches three critical vulnerabilities in UniFi OS

SC Staff May 22, 2026

The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing...

Read More Read more about Ubiquiti patches three critical vulnerabilities in UniFi OS

Cisco warns of AI inaccuracies in security incident reports

• aiml

Cisco warns of AI inaccuracies in security incident reports

SC Staff May 22, 2026

Cisco's research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs...

Read More Read more about Cisco warns of AI inaccuracies in security incident reports

Organizations knowingly ship vulnerable code amid shrinking exploit windows

• devsecops

Organizations knowingly ship vulnerable code amid shrinking exploit windows

SC Staff May 22, 2026

New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they...

Read More Read more about Organizations knowingly ship vulnerable code amid shrinking exploit windows