Threat intelligence, briefed for healthcare.

GPT-Pilot Flaw Enables Command Injection

A command injection vulnerability (CVE-2026-31246) in the AI coding tool GPT-Pilot lets…

docuForm Mecury Print Hit by XSS

A reflected cross-site scripting flaw (CVE-2025-61305) has been disclosed in docuForm's Mecury…

Cockpit Flaw Enables Remote Command Execution

A high-severity vulnerability (CVE-2026-4802) in Cockpit, the popular Linux server management web…

WSO2 Identity Server Flaw Disclosed

A medium-severity vulnerability (CVE-2025-9973) in WSO2 Identity Server lets an attacker with…

Magic Link Auth Flaw Enables DoS

A high-severity vulnerability (CVE-2025-10470) in the Magic Link authentication flow allows attackers…

ATutor Hit by Reflected XSS Flaw

A reflected cross-site scripting vulnerability (CVE-2026-6909) was disclosed in ATutor's /install/upgrade.php endpoint,…

Inside a phishing panel

Technical Advisory: Breach of Instructure Canvas LMS

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

AI-Assisted Lure Factory Targets Developers & Gamers

LockBit Hits Healthcare Sector

A new iteration of the notorious LockBit ransomware, dubbed version 4.0, is…

APT29 Targets NATO Officials

Russian state-backed hacking group APT29 is conducting a spear-phishing campaign against NATO…

SolidInvoice, open-source invoicing with a built-in MCP server

Open Source FreeCAD-validator on GitHub

Instructure confirms hackers used Canvas flaw to deface portals

Why Changing Passwords Doesn’t End an Active Directory Breach

TrickMo Banker Adopts TON

A new variant of the TrickMo Android banking trojan is targeting smartphone…

ShinyHunters Breaches Instructure Canvas Schools

The ShinyHunters threat group claims to have stolen data tied to roughly…