Vendors
-
CrowdStrike to buy XM Cyber IP in expanded deal with Schwarz Digits
CrowdStrike said it will acquire XM Cyber’s technology, source code and more than 45 patents, while the Israeli company remains independent. The deal deepens CrowdStrike’s exposure management business and expands a European cloud partnership with Schwarz Digits.
-
CERT/CC warns of hidden admin backdoor in several Tenda firmware versions
CERT/CC warned that several Tenda firmware versions contain an undocumented backdoor that can bypass password checks and grant admin access, leaving devices open to takeover until a fix is released.
-
Fake IT support calls on Microsoft Teams push EtherRAT malware
Threat actors are using Microsoft Teams voice calls to impersonate IT support and push EtherRAT malware, according to a Unit 42 technical analysis. The campaign combines phishing emails, remote-access tools and a Node.js loader.
-
BeyondTrust patches critical flaws in Remote Support and Privileged Remote Access
BeyondTrust patched four vulnerabilities in its Remote Support and Privileged Remote Access products, including two critical authentication flaws that could allow unauthorized access under specific configurations. The company said the issues were found internally and has not reported active exploitation.
-
Adobe ColdFusion flaw exploited within hours of disclosure, researcher says
Attackers are exploiting a maximum-severity Adobe ColdFusion flaw, CVE-2026-48282, within hours of disclosure, according to a researcher. The bug can enable remote code execution on unpatched systems, and officials have urged rapid patching.
-
Opera GX flaw let sites silently install mod and leak data
Researchers found an Opera GX flaw that let a malicious site silently install a mod and leak data from pages a victim visited. Opera says it patched the issue and found no evidence of abuse in the wild.
-
Study says AI coding agent skill scanners can be evaded with simple cloaking tricks
Researchers say scanners for malicious AI coding agent skills can be bypassed with simple cloaking tricks, with one method evading every scanner tested more than 90% of the time. A runtime checker caught most hidden threats in tests.
-
MeetingTV sues Palo Alto Networks over Koi Security report that linked startup to espionage campaign
MeetingTV has sued Palo Alto Networks and Koi Security over a threat-intelligence blog that linked the startup to Chinese espionage. The company says the report was AI-driven, inaccurate and led to blocks on its domains.
-
Exploitation attempts target Oracle Payments flaw patched in May
Exploitation attempts have surfaced against CVE-2026-46817 in Oracle Payments, part of Oracle E-Business Suite. The flaw was patched in May, but defenders are being told to check logs and restrict unpatched systems.
-
KDDI says breach may have exposed up to 14.2 million ISP email logins
KDDI said a breach in one of its email systems may have exposed up to 14.2 million customer email addresses and passwords across six Japanese internet service providers after attackers exploited third-party software.








