CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
Ravie LakshmananJun 26, 2026Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical
Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices
Hackers are no longer waiting in your inbox. A newly identified scam technique places fake invoices directly inside shopping app
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades
OpenAI Reportedly Delays ChatGPT 5.6 Release Following Trump Administration Request
OpenAI has agreed to stagger the public release of its latest AI model, GPT-5.6, after the Trump administration formally requested
Anthropic is testing desktop-like Claude Cowork for mobile
Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. For
Order-tracking app Shop abused to push callback phishing attacks
Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users’ order histories
Russia Used Cellebrite Tool to Hack Activists iPhone Despite Contract Cancellation
Russian authorities deployed Cellebrite’s Universal Forensic Extraction Device (UFED) to breach the iPhone of opposition politician Andrey Pivovarov in June
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week, and by adding
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit
ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers
ManageEngine has disclosed a high-severity vulnerability, tracked as CVE-2026-11374, affecting several of its identity and access management solutions when integrated
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during