📰 Dev.to · BeyondMachines

Cisco patched a critical unauthenticated remote code execution vulnerability (CVE-2026-20160) in its Smart Software Manager On-Prem platform that allows attacke

The Oklahoma Tax Commission confirmed that unauthorized actors accessed its OkTAP system between September and December 2025, compromising W-2 and 1099 files co

Octagon Networks report vulnerabilities in ImageMagick's default and secure policies, allowing remote code execution and arbitrary file access across millions o

Gigabyte patched a vulnerability (CVE-2026-4415) in its Control Center utility that lets unauthenticated remote attackers write arbitrary files and run code wit

Google released emergency updates for Chrome to patch 21 vulnerabilities, including an actively exploited zero-day (CVE-2026-5281) in the Dawn WebGPU implementa

Hasbro reported a cyberattack on March 28, 2026, involving unauthorized network access that forced systems offline and may cause operational delays for several

AI recruiting startup Mercor confirmed a data breach resulting from a supply chain attack on the LiteLLM open-source project, which allowed the Lapsus$ extortio

CISA and Anritsu report a critical authentication bypass vulnerability (CVE-2026-3356) affecting all versions of its Remote Spectrum Monitors, which the company

PX4 Autopilot version v1.16.0 is vulnerable to a critical authentication bypass (CVE-2026-1579) that allows unauthenticated attackers to execute arbitrary shell

Cisco's development environment was apparently breached via a supply chain attack on the Trivy vulnerability scanner, resulting in the theft of source code from

Statistics South Africa (Stats SA) suffered a ransomware attack by the XP95 group, resulting in the alleged theft of over 450,000 files containing personal info

TriMed, an orthopedic device manufacturer, suffered a data breach in late 2025 that exposed the surgical and personal data of individuals following a ransomware

West Tallinn Central Hospital in Estonia inadvertently disclosed the personal and medical records of multiple patients by providing a USB drive containing legac

CareCloud, Inc. disclosed a material cybersecurity incident involving unauthorized access to one of its electronic health record environments, potentially expos

Fortinet's FortiClient EMS is being exploited via a critical SQL injection vulnerability (CVE-2026-21643) that allows unauthenticated remote code execution.

Anthropic's Claude Code CLI source code was fully exposed on March 31, 2026, due to a source map file mistakenly included in the npm package, revealing propriet

Citrix NetScaler ADC and Gateway are facing active exploitation of a critical memory overread vulnerability, CVE-2026-3055 (CVSS score 9.3), which allows unauth

Aroostook Mental Health Services (AMHC) suffered a ransomware attack claimed by the Qilin group, resulting in network disruptions and alleged data theft after t

A supply chain attack on the Axios npm package introduced a malicious dependency, plain-crypto-js@4.2.1, which functions as an obfuscated dropper to execute she

Infinite Campus suffered a data breach after the ShinyHunters group compromised an employee's Salesforce account, exposing school staff directory information an

Sansec reports "PolyShell," an unrestricted file upload vulnerability (CVE-2025-20720) in Magento and Adobe Commerce that allows unauthenticated attackers to ac