All CosmicBytez Labs articles tagged #SecurityWeek, across news, security advisories, how-to guides, and projects.
This week's security roundup covers Apple's patch for a Beats headphones eavesdropping vulnerability, the DOT closing its investigation into Delta's...
Google's June 2026 Android security bulletin addresses 124 vulnerabilities including CVE-2025-48595, an actively exploited zero-day used in limited targeted…
A stack-based buffer overflow flaw in HP OfficeConnect VoIP phones can be exploited remotely to achieve code execution, potentially allowing attackers to…
A single development-mode setting left in production code bypassed Android protections designed to prevent unauthorized apps from accessing Microsoft account…
Dutch authorities seized command-and-control servers tied to a botnet of 17 million infected computers, smartphones, and tablets that was allegedly used to…
Fortinet's April hotfix for the actively exploited CVE-2026-35616 FortiClient EMS flaw is now seeing renewed exploitation, as attackers continue targeting...
AI security startup Geordie closes a $30M round led by Balderton Capital to help enterprises detect and govern AI risk across their environments.
ShinyHunters has leaked data allegedly stolen from 7-Eleven containing email addresses, names, physical addresses, and dates of birth for approximately 185,000.
The FBI and international partners have disrupted First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and...
A security researcher has publicly released two unpatched Windows zero-day exploits: YellowKey, a BitLocker bypass requiring physical access, and...
SecurityWeek reports that Google has confirmed detecting the first known AI-generated zero-day exploit actively used in the wild. The exploit, designed to...
A newly discovered phishing-as-a-service toolkit called Bluekit is emerging on underground forums, offering threat actors an AI assistant for campaign...
The TeamPCP threat group's Mini Shai-Hulud supply chain campaign compromised SAP-related npm packages along with PyTorch Lightning and Intercom client...
Claroty researchers have disclosed two vulnerabilities in the EnOcean SmartServer IQ building management controller that can be chained for security...
A critical remote code execution vulnerability, CVE-2026-3854, was found to impact GitHub.com and GitHub Enterprise Server, potentially exposing millions...
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million, affecting the company...
Multiple vulnerabilities in the widely-used Orthanc open-source DICOM server expose medical imaging systems to denial-of-service, information disclosure,...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Nacogdoches Memorial Hospital in Texas has disclosed a January 2026 data breach in which a threat actor accessed its internal network and stole personal...
Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
Navia Benefit Solutions has confirmed a data breach that exposed personal and health plan information belonging to approximately 2.7 million individuals,...