Patch Now: Oracle’s Fusion Middleware Has Critical RCE Flaw

Blog

Byadmblake March 20, 2026

Attackers can execute arbitrary code without authentication if Oracle’s Identity or Web Services Managers are exposed to the Web.

Blog

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking…

Read More WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks
Blog

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents…

Read More Do We Really Need The OWASP NHI Top 10?
Blog

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. “These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI…

Read More Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Blog

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems. The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347

Read More Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Blog

Insurers May Limit Payments in Cases of Unpatched CVEs

Some insurers look to limit payouts to companies that don’t remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don’t like those restrictions.

Read More Insurers May Limit Payments in Cases of Unpatched CVEs
Blog

New Research Reveals: 95% of AppSec Fixes Don’t Reduce Risk

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined…

Read More New Research Reveals: 95% of AppSec Fixes Don’t Reduce Risk

Related