The Underminr vulnerability allows attackers to hide malicious connections behind trusted domains, potentially affecting 88 million domains worldwide.
CISA has added CVE-2026-34197, a high-severity Apache ActiveMQ vulnerability discovered after 13 years, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by April 30.
A critical Apache ActiveMQ Classic flaw tracked as CVE-2026-34197, dormant in the codebase for 13 years, is being actively exploited just weeks after patched versions were released. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patch deadline of April 30.
A House Oversight subcommittee roundtable on 'Artificial Intelligence and American Power' turned deeply anxious as lawmakers questioned AI's threat to national security, civil liberties, and humanity itself.
This week's cybersecurity highlights include the Satellite Cybersecurity Act advancing in the Senate, a $90,000 Chrome heap buffer overflow reward, ShinyHunters targeting Rockstar Games and McGraw Hill, and a 16-year-old arrested over a school network breach.
BleepingComputer and Kaseya are hosting a live webinar on May 14, 2026, examining how AI-powered phishing, ransomware, and business email compromise are outpacing MSP defenses and why backup and recovery must be part of every security strategy.
The House approved a stopgap 10-day extension of the warrantless surveillance authority under FISA Section 702, after the Trump administration's push for a clean 18-month reauthorization collapsed amid Republican divisions.
NAKIVO has released Backup & Replication v11.2, delivering automated real-time replication, full VMware vSphere 9 and Proxmox VE 9.0/9.1 support, OAuth 2.0 authentication, and expanded ransomware resilience for over 16,000 customers worldwide.
A code regression introduced by a recent Microsoft Edge update has left Teams desktop users unable to paste content via right-click context menus. Microsoft is rolling out a staged fix while recommending keyboard shortcuts as a workaround.
A critical remote code execution flaw tracked as GHSA-xq3m-2v4x-88gg has been discovered in protobuf.js, a JavaScript library pulling nearly 50 million weekly npm downloads. Proof-of-concept exploit code is now public, though no active in-the-wild attacks have been observed.