A critical privilege escalation vulnerability (CVE-2026-54420) in the LiteSpeed cPanel plugin is being actively exploited and requires immediate patching to version 2.4.8 or higher.
The BSI has granted non-compliant companies until 31 July 2026 as a final deadline for NIS2 registration, signaling an end to previous non-enforcement.
GhostTree exploits improperly guarded NTFS junctions in the Windows file system to trap scanners in infinite loops and hide malicious files from detection.
One in six breaches involves third parties, and even rapid patches fail to prevent most incidents—therefore incident exercises must prioritize operational resilience and third-party scenarios.
Three new malware loaders (BabaDeda, Lorem Ipsum, Potemkin) distribute via ClickFix social engineering and compromised WordPress sites to enable data theft, ransomware, and remote control.