Two Notepad Attacks in One Week: Your Tools Are the Target
Software supply chain attacks more than doubled in 2025, with developer workstations identified as high-value targets across multiple industry reports
OpenClaw Security Risks: Malicious Skills, Exposed Instances and Real Exploits
Latest updates (March 2026): NemoClaw announced, CVE count now 60+, and independent analysis using Censys identified 63,070 live instances
Notepad++ Compromised for 6 Months: Check Your Version Now
Notepad++ update servers were compromised from June through December 2025 by a Chinese state-sponsored threat group. The attackers hijacked the
CVE-2026-24858: The Fortinet Patch That Wasn't
Organisations running the latest FortiOS firmware, fully patched against December's critical SSO bypass, still got compromised in January.
What is ClickFix? The Social Engineering Attack That Became the #1 Initial Access Method
Updated March 2026: Added Windows terminal variant, crashfix and DNS-based delivery, MIMICRAT campaign, and compromised Chrome extension attacks from Q1
MongoBleed Exploit: The MongoDB Memory Leak Hitting 87,000 Servers
Updated January 10, 2026: CISA's remediation deadline for federal agencies is January 19. Ubuntu has retracted its claim
CVE-2025-55182: React2Shell Detection and Fix Guide
UPDATE (Jan 1, 2026): RondoDox botnet now weaponizing React2Shell. Shadowserver reports 90,300 instances still vulnerable. Multiple nation-state actors actively
