All CosmicBytez Labs articles tagged #SecurityWeek, across news, security advisories, how-to guides, and projects.
Google's June 2026 Android security bulletin addresses 124 vulnerabilities including CVE-2025-48595, an actively exploited zero-day used in limited targeted attacks. Users should apply the update immediately.
A stack-based buffer overflow flaw in HP OfficeConnect VoIP phones can be exploited remotely to achieve code execution, potentially allowing attackers to pivot into enterprise networks from compromised desk phones.
A single development-mode setting left in production code bypassed Android protections designed to prevent unauthorized apps from accessing Microsoft account authentication tokens, exposing billions of app installations to potential account takeover.
Dutch authorities seized command-and-control servers tied to a botnet of 17 million infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate widespread cybercrime.
Fortinet's April hotfix for the actively exploited CVE-2026-35616 FortiClient EMS flaw is now seeing renewed exploitation, as attackers continue targeting...
AI security startup Geordie closes a $30M round led by Balderton Capital to help enterprises detect and govern AI risk across their environments.
ShinyHunters has leaked data allegedly stolen from 7-Eleven containing email addresses, names, physical addresses, and dates of birth for approximately 185,000.
The FBI and international partners have disrupted First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and...
A security researcher has publicly released two unpatched Windows zero-day exploits: YellowKey, a BitLocker bypass requiring physical access, and...
SecurityWeek reports that Google has confirmed detecting the first known AI-generated zero-day exploit actively used in the wild. The exploit, designed to...
A newly discovered phishing-as-a-service toolkit called Bluekit is emerging on underground forums, offering threat actors an AI assistant for campaign...
The TeamPCP threat group's Mini Shai-Hulud supply chain campaign compromised SAP-related npm packages along with PyTorch Lightning and Intercom client...
Claroty researchers have disclosed two vulnerabilities in the EnOcean SmartServer IQ building management controller that can be chained for security...
A critical remote code execution vulnerability, CVE-2026-3854, was found to impact GitHub.com and GitHub Enterprise Server, potentially exposing millions...
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million, affecting the company...
Multiple vulnerabilities in the widely-used Orthanc open-source DICOM server expose medical imaging systems to denial-of-service, information disclosure,...
SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...
Nacogdoches Memorial Hospital in Texas has disclosed a January 2026 data breach in which a threat actor accessed its internal network and stole personal...
Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
Navia Benefit Solutions has confirmed a data breach that exposed personal and health plan information belonging to approximately 2.7 million individuals,...