🚨 RWT Token was exploited on BNB Chain, resulting in an estimated $118K loss.
The attacker abused a logic flaw in an unprotected sell() function, combined with a flash loan, to manipulate the RWT/USDT liquidity pool and drain funds.
💸 Estimated loss: ~118K USDT
#DeFi#Crypto
🚨 Attackers exploited two SonicWall SMA 1000 zero-days before they were publicly disclosed, gaining root access to targeted devices.
The activity has been linked to UTA0533, which deployed custom malware and captured unencrypted LDAP credentials from compromised VPN appliances.
🚨 UPDATE: The #wp2shell attack chain now includes two CVEs, and a public PoC is available.
• CVE-2026-63030 — REST batch routing bypass
• CVE-2026-60137 — SQL injection
When chained together, they can allow unauthenticated remote code execution (RCE) on vulnerable WordPress
🚨 Critical WordPress wp2shell flaw now blocked by Cloudflare’s emergency WAF rules. Website owners should update without delay to prevent potential RCE attacks.
#WordPress#Infosec#CyberSecurity
🚨 CVE-2026-15682: A zero-day vulnerability in AnyDesk could allow local attackers to abuse the Send Support Information feature to write files outside their intended location, potentially causing application crashes.
#CyberSecurity#CVE#AnyDesk#ZeroDay#ThreatWire
@ajs6888 You’re right. The source is public, but xAI explicitly keeps GitHub Issues and external PRs closed. The goal is transparency, not community-driven development.
🚨 Grok Build: Grok Build has been released as open source, with data sharing disabled by default. While the code is publicly available, GitHub Issues and Pull Requests remain closed.
#AI#OpenSource#Grok#TechNews
🚨 CVE-2026-42533, CVE-2026-60005 & CVE-2026-56434: F5 has disclosed three high-severity vulnerabilities affecting NGINX Plus and NGINX Open Source, potentially leading to memory corruption, worker crashes, or remote code execution.
#CyberSecurity#CVE#NGINX#F5#ThreatWire
🚨 CVE-2026-14266: A 7-Zip vulnerability (CVSS 7.0) could allow remote code execution (RCE) via specially crafted XZ archives. Update to 7-Zip 26.02. No active exploitation has been confirmed.
#CyberSecurity#CVE#7Zip#RCE#ThreatWire
🚨 n8n Enterprise Vulnerability: A flaw in n8n’s Enterprise token exchange could allow a valid JWT from one trusted issuer to authenticate as a different user, potentially leading to account takeover.
#CyberSecurity#JWT#n8n#ThreatWire
🚨 CVE-2026-15378: A blind SSRF vulnerability in Red Hat OpenShift AI could expose cloud credentials and Kubernetes secrets through the guardrails-detectors component.
#CyberSecurity#CVE#OpenShift#Kubernetes#ThreatWire
🚨 Suno Breach: AI music company Suno was reportedly breached using the Shai-Hulud worm, exposing source code, customer data, and details of its AI training datasets. The company says the incident occurred in November 2025.
#CyberSecurity#DataBreach#AI#ThreatWire
🚨 CVE-2026-59827 & CVE-2026-59826: Metabase has patched two critical vulnerabilities (CVSS 9.9 & 9.1) that could lead to remote code execution (RCE) through unsafe H2 deserialization.
#CyberSecurity#CVE#Metabase#RCE#ThreatWire
🚨 Shark Robot Vacuum Vulnerability: A flaw could allow attackers to execute root commands on Shark robot vacuums after extracting a certificate from a single device. Researchers observed over 673,000 devices responding to the affected command handler.
#CyberSecurity#IoT#AWS
🚨 Samsung Update: Samsung has clarified that opting out of Samsung Health AI training only deletes data collected for AI development, not existing health records or sync data.
#CyberSecurity#Privacy#Samsung#AI#ThreatWire
🚨 AI Agent Vulnerability: Claude Code, Codex, Gemini CLI and several browser agents were found vulnerable to an attack that can make forged data appear trusted, potentially leading users to approve malicious actions or run attacker-controlled commands
#CyberSecurity#AI#Claude
🚨 CVE-2026-15409: A PoC has been released for a SonicWall SMA1000 SSRF vulnerability that could allow unauthenticated remote attackers to force the appliance to make unintended requests.
🔗 https://t.co/nCpHhBICtJ
#CyberSecurity#CVE#SonicWall#SSRF#ThreatWire
🚨 Windows 0-Day: Following Microsoft’s July Patch Tuesday, Chaotic Eclipse released a Windows 0-Day PoC reportedly affecting all supported desktop and server versions.
#CyberSecurity#Windows#ZeroDay#PoC