Offensive Security

Wed, 08 Apr 2026

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

Critical vulnerability in Ivanti Endpoint Manager Mobile exploited since January, requiring urgent patching. CISA mandates U.S. agencies secure systems within four days.

Read Article

Wed, 08 Apr 2026

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Chaos malware now targets misconfigured cloud deployments, expanding beyond routers and edge devices. It can run commands, mine crypto, and launch DDoS attacks.

Read Article

Wed, 08 Apr 2026

Trellix strengthens data security for the GenAI era

Trellix introduced enhanced data security and a strategic framework to help organizations safely adopt generative AI while protecting sensitive information.

Read Article

Wed, 08 Apr 2026

13-year-old bug in ActiveMQ lets hackers remotely execute commands

A critical remote code execution vulnerability in Apache ActiveMQ Classic went undetected for 13 years. It allows attackers to execute arbitrary commands remotely.

Read Article

Wed, 08 Apr 2026

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu is a stealthy botnet designed for persistent DDoS attacks on IoT devices. It operates covertly, avoiding detection and high-profile targets.

Read Article

Wed, 08 Apr 2026

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

A 13-year-old remote code execution vulnerability in Apache ActiveMQ Classic can be chained to bypass authentication and execute OS commands.

Read Article