soc

Trellix Source Code Repository Incident: What Defenders Should Know Trellix publicly disclosed that it identified unauthorized access to a portion of its internal source code repository. The company said it engaged external forensic experts, notified law enforcement, and, as of its disclosure, found no evidence that its release or distribution process was affected or that […]

AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacker Conversations: Joey Melo on Hacking AI appeared first on SecurityWeek.

Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared first on SecurityWeek.

CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction.  The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.

ShinyHunters Breached Instructure: 275 Million Students, Teachers and Staff Potentially Exposed If your school uses Canvas, your data may already be in the hands of one of the most active hacking groups on the planet. On May 1, 2026, Instructure, the company behind the Canvas learning management system, confirmed a cybersecurity incident. Two days later, […]

The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.

Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies. The post Karakurt Ransomware Negotiator Sentenced to Prison appeared first on SecurityWeek.

CVE-2026-4670 & CVE-2026-5174: MOVEit Automation Flaws Enable Auth Bypass and Privilege Escalation Progress Software has disclosed and patched two vulnerabilities in MOVEit Automation, its managed file transfer automation and workflow engine. CVE-2026-4670 is an authentication bypass, and CVE-2026-5174 is a privilege escalation issue tied to improper input validation. The issues relate to MOVEit Automation’s service […]

The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.

The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek.