Security

2 min read 638 views

Cloudflare 2026 Threat Report: 230 Billion Daily Blocked Threats and the Rise of Credential Attacks

Cloudflare has published its inaugural annual threat report revealing the company blocks over 230 billion threats daily across 20% of global web traffic. DDoS attacks doubled year-over-year to 47.1 million incidents, with the largest reaching a record 31.4 Tbps, while bots now account for 94% of all login attempts.

Mar 20

2 min read 596 views

HashiCorp Patches Consul Arbitrary File Read Vulnerability in Kubernetes Auth

HashiCorp has released emergency patches for Consul to address CVE-2026-2808, a medium-severity vulnerability allowing arbitrary file reads when Kubernetes authentication is enabled. The fix also adds HTTP server timeouts to prevent Slowloris denial-of-service attacks against Consul agent endpoints.

Mar 19

2 min read 302 views

Let's Encrypt Now Issues Six-Day Certificates and IP Address Certificates via Certbot

Let's Encrypt and the EFF have announced support for six-day (160-hour) certificates and IP address certificates through Certbot 5.3 and 5.4. The ultra-short-lived certificates reduce the impact window of compromised keys by design, while IP address certificates enable HTTPS for services identified by address rather than hostname.

Mar 18

2 min read 202 views

OpenSSL 4.0 Alpha Arrives with Encrypted Client Hello and Post-Quantum Cryptography

The OpenSSL project has released version 4.0.0-alpha1, introducing Encrypted Client Hello (ECH) per RFC 9849 to hide TLS SNI from network observers, alongside new post-quantum cryptographic algorithms. The release also removes the deprecated ENGINE interface and drops SSLv3 support entirely.

Mar 17

2 min read 526 views

curl 8.19.0 Patches Four Security Vulnerabilities Including SMB Use-After-Free

The curl project has released version 8.19.0 with fixes for four security vulnerabilities, including CVE-2026-3805 — a use-after-free bug in SMB connection reuse that could leak sensitive data from freed memory. The release also addresses credential leaks during redirects and incorrect proxy connection reuse.

Mar 16

2 min read 227 views

Apple Releases Emergency iOS 19.3.2 Update Patching Actively Exploited WebKit Zero-Day

Apple has pushed an emergency security update for iPhone, iPad, and Mac devices to address CVE-2026-24201, a WebKit vulnerability that has been actively exploited in sophisticated targeted attacks. The out-of-band patch is Apple's third emergency security update in 2026, reflecting an increase in zero-day exploitation targeting mobile platforms.

Mar 16

2 min read 258 views

Five Malicious Rust Crates Discovered Stealing Developer Secrets from CI/CD Pipelines

Security researchers at Socket have uncovered a coordinated supply chain attack in the Rust ecosystem, where five malicious crates disguised as time utilities were exfiltrating .env files and credentials from developer environments. The campaign used a lookalike domain impersonating a legitimate time API service, highlighting growing threats to software supply chains.

Mar 15

2 min read 553 views

Google Completes Historic $32 Billion Wiz Acquisition, Its Largest Deal Ever

Google has officially closed its record-breaking $32 billion all-cash acquisition of cybersecurity startup Wiz, the largest deal in the company's 28-year history. Wiz will join Google Cloud while maintaining its multi-cloud commitment across AWS, Azure, and Oracle Cloud.

Mar 14

2 min read 336 views

Critical Microsoft Office RCE Vulnerabilities CVE-2026-26113 and CVE-2026-26110 Demand Urgent Patching

Two critical remote code execution vulnerabilities in Microsoft Office — CVE-2026-26113 and CVE-2026-26110 — allow attackers to execute malicious code through specially crafted documents, with security analysts warning that exploitation is likely imminent given the widespread use of Office in enterprise environments.

Mar 12

2 min read 226 views

Microsoft March 2026 Patch Tuesday Fixes 78 Vulnerabilities Including SQL Server Zero-Day

Microsoft's March 2026 Patch Tuesday addresses 78 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET — including CVE-2026-21262, a zero-day in SQL Server that lets authenticated users escalate to sysadmin privileges, and critical remote code execution flaws in Office.

Mar 11

2 min read 176 views

Researchers Disclose Nine Cross-Tenant Vulnerabilities in Google Looker Studio

Cybersecurity researchers disclose nine cross-tenant vulnerabilities in Google Looker Studio that could have allowed attackers to run arbitrary SQL queries on other organizations' databases and exfiltrate sensitive data within Google Cloud environments.

Mar 10

2 min read 193 views

Weekly Threat Report: AI-Powered Phishing Campaigns Surge 300% in Early March

The weekly cybersecurity threat report for March 2-8 documents a 300% increase in AI-generated phishing campaigns, with attackers using large language models to craft personalized spear-phishing emails at scale — bypassing traditional email security filters that rely on template detection.

Mar 9