12 Jul, 2026

TP-Link warns users to patch critical router auth bypass flaw

TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517, this security flaw affects Archer NX200, NX210, NX500, and NX600 wireless routers and stems from a missing authentication weakness that attackers can exploit without privileges. “A missing […]

2 mins read

Manager of botnet used in ransomware attacks gets 2 years in prison

A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. According to court documents, 40-year-old Ilya Angelov (who used the “milan” and “okart” online handles) decided to travel to the United States to plead guilty and […]

3 mins read

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug

PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. The security issue, identified as CVE-2026-4681, could be leveraged through the deserialization of trusted data. Its severity has prompted emergency action from German authorities, with the federal police (BKA) reportedly […]

3 mins read

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular “LiteLLM” Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. LiteLLM is an open-source Python library that serves as a gateway to multiple large language model (LLM) providers via a single API. […]

4 mins read

FCC bans new routers made outside the USA over security risks

The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. The Covered List, created under the Secure and Trusted Communications Networks Act of 2019, is an FCC-maintained list of communications equipment and services that the U.S. government has […]

3 mins read

Firefox now has a free built-in VPN with 50GB monthly data limit

Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. The feature uses a secure proxy server to route only traffic from the browser, unlike the company’s commercial Mozilla VPN, which covers system-wide traffic. “Whether you’re using public Wi-Fi while traveling, searching for sensitive health information, […]

2 mins read

HackerOne discloses employee data breach after Navia hack

Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. HackerOne manages over 1,950 bug bounty programs and provides vulnerability disclosure, penetration testing, and code security services to high-profile companies like General Motors, Goldman Sachs, Anthropic, GitHub, and Uber, as well […]

2 mins read

Infinite Campus warns of breach after ShinyHunters claims data theft

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. In the breach notification sent to customers, Infinite Campus states that hackers accessed an employee’s Salesforce account, exposing information that was mostly publicly available. The company has not published an official […]

3 mins read

Yanluowang ransomware access broker gets 81 months in prison

A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. As 26-year-old Aleksey Olegovich Volkov (also known online as “chubaka.kor” and “nets”) admitted in his November guilty plea, he targeted at least eight companies across the United States between July […]

2 mins read

Dutch Ministry of Finance discloses breach affecting employees

The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week. Officials said the ministry was notified by a third party of the breach on March 19, and it’s still investigating the cyberattack. An ongoing investigation found that the incident affects some employees. “The Ministry […]

2 mins read