Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer 
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code 
NSAuditor AI EE 0.15.3 Closes the 4th and Final S3 Public-Exposure Vector with Object-Level ACL Enumeration and a BucketOwnerEnforced Upstream Short-Circuit 
NSAuditor AI EE 0.15.x Cumulative — NEW Plugin 1222 Azure Key Vault Deep Auditor (27 → 28), Plus Audit-Accuracy Calibration and CloudTrail Hardening Across 0.15.0, 0.15.1, and 0.15.2 
Malicious npm Package Stole Files From Claude AI User Directory via GitHub 
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
What's new: Four malicious npm packages have been identified that deliver information-stealing malware and a DDoS botnet. The packages are:...
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
What's new: Ivanti, Fortinet, SAP, VMware, and n8n have released patches addressing critical vulnerabilities, including remote code execution (RCE), SQL...
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
What's new: A new Windows privilege escalation zero-day vulnerability, codenamed MiniPlasma, has been disclosed, allowing attackers to gain SYSTEM privileges...
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
What's new: Ivanti, Fortinet, SAP, VMware, and n8n have released patches for critical vulnerabilities. Key issues include a critical RCE...
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
What's new: INTERPOL's Operation Ramz has successfully disrupted cybercrime networks in the Middle East and North Africa (MENA), resulting in...