KnowledgeDeliver flaw exploited as a zero-day to install web shells
…The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems from the use of a shared hardcoded machine key in the web portal…
Search
Trellix source code breach claimed by RansomHouse hackers
…However, BleepingComputer could not confirm the authenticity of the data. Trellix is an international cybersecurity firm with global Fortune 100 customers. In 2025, the company had more than 53,000 customers in…
Hackers abuse Google ads for GoDaddy ManageWP login phishing
…Users clicking on the malicious result are taken to a login page that looks identical to the real one. However, any credentials typed in are delivered to a Telegram channel controlled by…
UK fines water supplier $1.3M for exposing data of 664k customers
…The ICO’s investigation has now confirmed that the leaked data was indeed authentic, belonging to South Staffordshire Water Plc, and also noted that the compromise had actually started in September 2020…
Microsoft shares mitigation for YellowKey Windows zero-day
…Last month, they also disclosed the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) zero-day flaws, both of which are now being exploited in attacks . The researcher…
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
…Alternatively, they may register a new, fraudulent carrier with the FMCSA using stolen but valid identification details from a legitimate fleet. The attacker then books real loads from real load boards under…