15 Jul, 2026

Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026

Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23. The Pwn2Own Automotive hacking competition focuses on automotive technologies and took place this week in Tokyo, Japan, during the Automotive World auto conference. Throughout the contest, the hackers targeted fully patched in-vehicle infotainment (IVI) systems, electric […]

1 min read

Fortinet confirms critical FortiCloud auth bypass not fully patched

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it’s working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December. This comes after a wave of reports from Fortinet customers about threat actors exploiting a patch bypass for the CVE-2025-59718 vulnerability to […]

3 mins read

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. GeekFeed has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. In a new report released today by Okta, researchers explain that the phishing kits are sold as part of an […]

7 mins read

Curl ending bug bounty program after flood of AI slop reports

The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. The change was first discovered in a pending commit to curl’s BUG-BOUNTY.md documentation, which removes all references to the HackerOne program. […]

4 mins read

SmarterMail auth bypass flaw now exploited to hijack admin accounts

Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. An authentication bypass vulnerability in SmarterTools SmarterMail, which allows unauthenticated attackers to reset the system administrator password and obtain full privileges, is now actively exploited in the wild. The issue resides in the force-reset-password API […]

2 mins read

Microsoft Teams to add brand impersonation warnings to calls

Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. Named “Brand Impersonation Protection,” the new Teams security feature will start rolling out to the targeted release ring in mid-February and will be enabled by default. According to Microsoft, […]

2 mins read

INC ransomware opsec fail allowed data recovery for 12 US orgs

An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. A deep forensic examination of the artifacts left behind uncovered tooling that had not been used in the investigated attack, but exposed attacker infrastructure that stored data exfiltrated from multiple victims. The operation was conducted […]

3 mins read

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive

On the second day of Pwn2Own Automotive 2026, security researchers collected $439,250 in cash awards after exploiting 29 unique zero-days. The Pwn2Own Automotive hacking contest focuses on automotive technologies and takes place this week in Tokyo, Japan, from January 21 to January 23, during the Automotive World auto conference. Throughout the competition, security researchers target fully patched […]

2 mins read

Hackers breach Fortinet FortiGate devices, steal firewall configs

Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. The campaign started last week, on January 15, with the attackers exploiting an unknown vulnerability in the devices’ single sign-on (SSO) feature to create accounts with VPN access and exporting firewall configurations […]

2 mins read

Zendesk ticket systems hijacked in massive global spam wave

People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails. While the messages do not appear to contain […]

4 mins read