The Secure Truth - Covers cybersecurity news, incidents, vulnerabilities, and analysis

Breaking

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately

6643 CVEs This Month

20 Actively Exploited

4 Ransomware Activity

23 Breaches YTD

Threat Investigation Portal

Investigate an IOC in the live graph workspace.

Investigate IOC

BTMOB Android Malware Service Offers Customizable Phishing Payloads

Threat Intelligence | Exclusive

BTMOB Android Malware Service Offers Customizable Phishing Payloads

Thirumala Rao Padilam

Thirumala Rao Padilam May 29, 2026

GreyVibe Hackers Employ AI-Generated Lures and Custom Malware in Attacks on Ukrainian Targets

Threat Intelligence

GreyVibe Hackers Employ AI-Generated Lures and Custom Malware...

Anthropic Confirms Public Rollout of Claude Mythos-Class Models Following Security Review

AI Security

Anthropic Confirms Public Rollout of Claude Mythos-Class Models...

Latest Threats

View all ->

Canadian Sextortionist Sentenced to 33 Years for Targeting Over 145 Children

Cybersecurity News

Canadian Sextortionist Sentenced to 33 Years for Targeting Over 145 Children

A Canadian man received a 33-year prison sentence after pleading guilty to an eight-year sextortion campaign targeting more...

Thirumala Rao Padilam

Thirumala Rao Padilam

Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People

Data Breaches

Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People

Carnival Corporation has confirmed a data breach impacting nearly 6 million individuals, following a claim by the ShinyHunters...

Thirumala Rao Padilam

Thirumala Rao Padilam

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Threat Intelligence

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new threat actor named JINX-0164 employs recruitment-themed social engineering and custom macOS malware to target cryptocurrency firms,...

Thirumala Rao Padilam

Thirumala Rao Padilam

Vulnerability Watch

Top 10 CVEs This Week

Prioritized using CISA KEV, EPSS, CVSS, and recency.

Full watchlist ->

CVE-2026-8376 CVSS 9.8 EPSS 0.0004

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

Critical severity issue in affected software published this week.

CVE-2026-9436 CVSS 9.8 EPSS 0.0094

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.

Critical severity issue in affected software published this week.

CVE-2026-9405 CVSS 9.8 EPSS 0.0089

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Critical severity issue in affected software published this week.

CVE-2026-9406 CVSS 9.8 EPSS 0.0089

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Critical severity issue in affected software published this week.

CVE-2026-9407 CVSS 9.8 EPSS 0.0089

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Critical severity issue in affected software published this week.

Vulnerability Watch

Analyzing Data Breach Response Strategies: Insights from Dark Reading Virtual Event

Cybersecurity News

Analyzing Data Breach Response Strategies: Insights from Dark Reading Virtual Event

May 24, 2026 | Thirumala Rao Padilam

Ghost CMS SQL Injection Vulnerability Exploited in Widespread ClickFix Campaign

Vulnerabilities

Ghost CMS SQL Injection Vulnerability Exploited in Widespread ClickFix Campaign

May 24, 2026 | Thirumala Rao Padilam

Cisco Patches Critical CVSS 10.0 Vulnerability in Secure Workload's REST API

Vulnerabilities

Cisco Patches Critical CVSS 10.0 Vulnerability in Secure Workload’s REST API

May 22, 2026 | Thirumala Rao Padilam

CISA Adds Actively Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV Catalog

Vulnerabilities

CISA Adds Actively Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV Catalog

May 22, 2026 | Thirumala Rao Padilam

Active Threat Index

LIVE

8.12

Google Chrome Zero-Day

Vulnerabilities

8.08

European Commission Confirms

Malware & Threats

8.04

Ransomware Attacks Surge

Malware & Threats

7.78

CISA and Partners

AI Security

7.62

Hackers Hide Credit

Data Breaches

error: Content is protected !!