ZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...
Threat Intelligence Feed
Aggregating 5606 articles from trusted cybersecurity sources
Latest News
ZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...
ZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...
ZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...
ZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerab...
2025 Year in Review: Malicious, Infrastructure
Explore Insikt Group’s 2025 Malicious Infrastructure Report. Gain insights into Cobalt Strike, Vidar infostealers, and AI-driven threats to secure your 2026 ...
How NextWave’s Evolution Drives Shared Success
Palo Alto Networks evolves the NextWave Partner Program. Discover new incentives and a framework of Access, Commitment and Profitability drive success.
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
Introduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully co...
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
The Vidar 2.
Data Breaches
Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
Hackers stole personal information after breaching the systems of a third-party license vendor serving TPWD. The post Texas Parks & Wildlife Data Breach Affe...
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ...
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ...
MDR Provider Comparison: Time to Discover and Respond to Threats
A detailed MDR provider comparison covering tiers, response speed, coverage, threat intelligence, pricing, and breach warranties to help you choose.
Texas TPWD Vendor Breach Exposes 3 Million Customer Records
Texas Cyber Command has disclosed a massive third-party data breach affecting the Texas Parks and Wildlife Department (TPWD), exposing the personal records o...
CISA Warns of Active Exploitation Following FortiBleed Leak
FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued ...
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to custo...
Texas govt data breach exposes over 3 million driver’s licenses
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three mil...
The Good, the Bad and the Ugly in Cybersecurity – Week 25
FBI dismantles extensive PhaaS, DragonForce ransomware abuses MS Teams relays, and PRC-based spies breach REDCap servers to steal research data.
Klue breach lead to Salesforce data theft, Huntress affected
Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sale...
From Assistive to Agentic: The AI Shift That's Redefining Threat Management
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often...