New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute By Bill Toulas June 3, 2026 03:08 PM A new denial-of-service (DoS) attack dubbed HTTP/2…
Search
OpenAI confirms security breach in TanStack supply chain attack
…This allowed the attackers to publish malicious package versions directly through legitimate releases, with the packages appearing legitimate. The Mini Shai-Hulud malware delivered in the campaign targeted the theft of developer…
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA By Sergiu Gatlan May 12, 2026 07:04 AM SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple…
Critical UniFi OS bug lets hackers gain root without authentication
…Detection tool available Bishop Fox has released a free detection script to help defenders discover if their instance is vulnerable to the unauthenticated RCE chain. It does this by safely sending a…
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware…
Check Point links VPN zero-day attacks to Qilin ransomware gang
Check Point links VPN zero-day attacks to Qilin ransomware gang By Sergiu Gatlan June 8, 2026 09:05 AM Israeli cybersecurity company Check Point has released security updates to patch a…
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP fixes critical flaws in NetWeaver and Commerce Cloud By Bill Toulas June 9, 2026 03:36 PM SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security…
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks By Lawrence Abrams May 14, 2026 04:09 PM Cisco is warning that a critical Catalyst SD-WAN Controller…
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
…Oracle PeopleSoft Enterprise Applications customers may also be affected by this vulnerability," reads a new Oracle advisory. "This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in…
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations By Sergiu Gatlan June 18, 2026 08:23 AM Apple has released security updates to patch a high-severity flaw…