ADT confirms data breach after ShinyHunters leak threat
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [.
Threat Intelligence Feed
Aggregating 4439 articles from trusted cybersecurity sources
LATEST CVEs
CVE-2026-6175
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-42171
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as
CVE-2026-41488
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_s
CVE-2026-41481
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters
1.1.2, HTM
CVE-2026-41478
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a
CVE-2026-41473
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints
CVE-2026-41472
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where
CVE-2026-41248
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c
CVE-2026-6968
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated si
CVE-2026-6967
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0
CVE-2026-6966
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v
CVE-2026-41503
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea
CVE-2026-41502
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of
CVE-2026-41477
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and ex
CVE-2026-41476
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's c
CVE-2026-41475
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds rea
CVE-2026-41433
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to befo
CVE-2026-41429
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Pr
CVE-2026-41428
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expr
CVE-2026-41427
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option d
CVE-2026-41426
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered e
CVE-2026-41425
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection
CVE-2026-41244
Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the Ci
CVE-2026-41907
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buf
CVE-2026-41894
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a d
CVE-2026-41492
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through
CVE-2026-41421
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messa
CVE-2026-41419
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an
CVE-2026-41418
4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumerat
CVE-2026-41416
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer
CVE-2026-41415
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-b
CVE-2026-41414
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.ym
CVE-2026-41328
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi
CVE-2026-41327
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gi
CVE-2026-41326
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) th
CVE-2026-33666
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.
CVE-2026-33662
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte
CVE-2026-33524
Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.
CVE-2026-42044
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulne
CVE-2026-42043
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influe
Latest News
No articles found.
Data Breaches
Ransomware supply chain untangled by RAMP forum leak
Security Affairs reports that prolific Russian dark web forum and ransomware network RAMP has suffered a major data leak that exposed thousands of user recor...
Further Vercel customer data compromise confirmed
TechCrunch reports that Vercel has disclosed that unencrypted customer information had been compromised prior to this month's breach that affected its intern...
DORA and operational resilience: Credential management as a financial risk control
Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a brea...
UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed
Checkmarx supply chain attack impacts Bitwarden npm distribution path
Bitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.
The calm before the ransom: What you see is not all there is
A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersona...
Bitwarden CLI Compromised After Malicious GitHub Actions Workflow
Cybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action...
Luxury cosmetics giant Rituals discloses data breach impacting member personal details
Rituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals...
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environm...
Unsecured database exposes Three Trees customer, delivery driver data
California-based marijuana delivery service Three Trees had data from at least 40,000 individuals leaked as a result of a misconfigured MongoDB database, Cyb...