Microsoft Patches Actively Exploited SharePoint Zero-Day in Massive Update, as Critical Flaws in Nginx-UI and Axios Emerge

NIST Overhauls NVD, Will No Longer Enrich All CVEs Amidst 'Unsustainable' Surge in Reports

The U.S. National Institute of Standards and Technology (NIST) has announced a significant policy change for its National Vulnerability Database (NVD). Citing an unsustainable surge in vulnerability submissions, NIST will no longer provide detailed analysis fo...

Autovista Ransomware Attack Disrupts Automotive Data Services Across Europe and Australia

Autovista, a leading automotive data and analytics firm owned by J.D. Power, has confirmed it was hit by a ransomware attack. The incident, announced on April 15, 2026, has caused significant disruption to its client-facing applications across Europe and Austr...

Obsidian Plugin Abused in Social Engineering Campaign to Deliver New PHANTOMPULSE RAT

A sophisticated social engineering campaign, dubbed REF6598, is targeting finance and cryptocurrency professionals by abusing the popular note-taking app, Obsidian. Attackers lure victims into a shared cloud vault and trick them into enabling a malicious commu...

Critical Flaw in Axios Library Puts Countless Web Apps at Risk of RCE

A critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-40175, has been discovered in Axios, one of the most popular JavaScript libraries for making HTTP requests. The flaw, rated CVSS 10.0, can be exploited by an unauthenticated remote attacker...

Bank3 Discloses Data Breach, Exposing Customer SSNs and Financial Data

Bank3, a Tennessee-based community bank, has started notifying customers of a data breach that exposed highly sensitive personal and financial information, including Social Security numbers and financial account details. The notification follows claims made in...

ShinyHunters Claims Amtrak Breach, Threatens to Leak 9.4M Records

The notorious hacking group ShinyHunters has claimed responsibility for a major data breach at Amtrak, the U.S. national railroad operator. The group posted the claim on its dark web forum, alleging the theft of 9.4 million records containing both customer PII...

RCI Hospitality Data Breach Exposes Sensitive Information of Contractors

RCI Hospitality Holdings, a major operator of nightclubs and sports bars, has reported a data breach that exposed the personal information of its independent contractors. The breach was caused by an Insecure Direct Object Reference (IDOR) vulnerability on one...

Fortinet Patches Critical Authentication Bypass and RCE Flaws in FortiSandbox

Fortinet has released patches for two critical vulnerabilities in its FortiSandbox product, a key component for advanced threat detection. The flaws, CVE-2026-39813 (auth bypass) and CVE-2026-39808 (command injection), are both rated CVSS 9.1 and can be exploi...

Booking.com Warns Customers of Data Breach Exposing Reservation Details and Personal Info

Update:Further investigation into the Booking.com data breach reveals that attackers leveraged a sophisticated phishing technique known as 'ClickFix'. This method involved tricking hotel employees into installing malicious software, disguised as a legitimate tool, on...

Ransomware Market Consolidation: Qilin, Akira, and DragonForce Dominate March 2026 Attacks

Update:A new report from GuidePoint Security covering Q1 2026 indicates ransomware activity has stabilized at the high levels of 2025, establishing an 'elevated new normal'. While Qilin's activity dipped by 25% from Q4 2025, a new group, 'The Gentlemen', surged to be...

Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover

Update:The vulnerability, CVE-2026-33032, is confirmed to be actively exploited by threat intelligence firm Recorded Future. Scans reveal over 2,600 publicly accessible and potentially vulnerable nginx-ui instances, primarily in China, the US, Indonesia, Germany, and...