High-severity advisories
60 alerts in this category.
CVEs and security advisories rated HIGH — exploitation is straightforward and impact is significant. Should be addressed within standard high-severity SLAs (typically 7 days for internet-exposed assets).
AI Agent Deletes PocketOS Production Database in 9 Seconds
A Claude-powered Cursor agent reportedly deleted PocketOS production data and backups via Railway API, exposing the risks of over-permissioned AI agents and weak recovery architecture.
🏴☠️ Lockbit5 has just published a new victim : bladex.com
Bladex, a multinational bank originally established by the central banks of Latin-American and Carib...
🏴☠️ Lockbit5 has just published a new victim : studiopiu.net
Di fronte al Lago di Garda, a Desenzano, batte uno dei cuori storici della radiofonia dance italiana...
🏴☠️ Lockbit5 has just published a new victim : bardehle.com
BARDEHLE PAGENBERG is a leading intellectual property law firm in Europe, specializing in patent lit...
Intel🏴☠️ Lockbit5 has just published a new victim : murni.co.id
PT Murni Solusindo Nusantara is an ICT-based solution provider company with ISO 9001:2015 certificat...
🏴☠️ Lockbit5 has just published a new victim : heinrichs-logistic.de
D. Heinrichs Logistic GmbH is a leading logistics service provider based in Bremerhaven, specializin...
🏴☠️ Lockbit5 has just published a new victim : merlo.de
Merlo Teleskoplader: von Profis für Profis Teleskoplader für jeden Einsatz – plus Dienstleistung! M...
Booking.com announces data breach - MSN
Booking.com announces data breach MSN
Fake El Al App Ad Campaign Targets Users with Malicious Install Links
A fake El Al mobile app campaign is circulating online, impersonating the official airline app and attempting to trick users into installing malicious software or providing sensitive data.
Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs
Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION Security Affairs
High Vulnerability: CVE-2004-0210 — microsoft — interix, windows_2000
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overf
microsoftCVE-2004-0210Booking.com announces data breach - MSN
Booking.com announces data breach MSN
Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs
Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION Security Affairs
Fake Ivory iPhone Campaign Uses Malicious Domain to Steal Payments via Facebook Redirect
A phishing campaign impersonating Ivory promotes fake iPhone deals on Facebook, redirecting victims to a malicious domain to steal payment details and personal data.
Phishing SMS Impersonating Hacarmel Toll Road Targets Israeli Users
A phishing SMS impersonating the Hacarmel toll road claims there is an unpaid fee and urges immediate payment via a malicious link. The message aims to steal payment details and personal information.
Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach - Help Net Security
Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach Help Net Security
FirefoxLitecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools - CyberSecurityNews
Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools CyberSecurityNews
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks - SecurityWeek
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks SecurityWeek
🏴☠️ Lapsus$ has just published a new victim : CHECKMARX
Source Code, Employee DB, API Keys, MongoDB/MySQL Creds
New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions - CyberSecurityNews
New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions CyberSecurityNews
Personal and Medical Records of 160,312 Americans Potentially Exposed After Major Data Breach Hits Healthcare Firm - The Daily Hodl
Personal and Medical Records of 160,312 Americans Potentially Exposed After Major Data Breach Hits Healthcare Firm The Daily Hodl
Cybersecurity Weekly News Roundup - TechNadu
Cybersecurity Weekly News Roundup TechNadu
Personal and Medical Records of 160,312 Americans Potentially Exposed After Major Data Breach Hits Healthcare Firm - The Daily Hodl
Personal and Medical Records of 160,312 Americans Potentially Exposed After Major Data Breach Hits Healthcare Firm The Daily Hodl
🏴☠️ Lamashtu has just published a new victim : Apple Film Group
Apple Film Co., Ltd. is a leading manufacturer of high-quality plastic bags and films, specializing in Polyethylene (PE) products like HDPE, LDPE, and LLDPE.
Apple🏴☠️ Coinbasecartel has just published a new victim : Dreyfuss Williams & Associates CO LPA
[AI generated] N/A
🏴☠️ Qilin has just published a new victim : Chase Cooper Limited (RiskLogix Solutions)
N/A
🏴☠️ Qilin has just published a new victim : Chelten House
N/A
🏴☠️ Qilin has just published a new victim : Cahbo Produkter
N/A
🏴☠️ Qilin has just published a new victim : Buckley Powder
N/A
🏴☠️ Qilin has just published a new victim : Woodfields Consultants
N/A
🏴☠️ Qilin has just published a new victim : SanCor
N/A
🏴☠️ Qilin has just published a new victim : KEMBA Indianapolis Credit Union
N/A
🏴☠️ Qilin has just published a new victim : Travel Expert
N/A
🏴☠️ Qilin has just published a new victim : Leistritz Turbine Technology
N/A
🏴☠️ Qilin has just published a new victim : First County FCU
N/A
🏴☠️ Qilin has just published a new victim : Mid Florida Dermatology & Plastic Surgery
N/A
Steps to take in an attempt to prevent a cyberattack - Dairy Foods Magazine
Steps to take in an attempt to prevent a cyberattack Dairy Foods Magazine
🏴☠️ Nightspire has just published a new victim : The **u***y C*** o* **r**n
Data is not available now.
🏴☠️ Nightspire has just published a new victim : Swansea Ambulance Corps
Data is not available now.
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device - SecurityWeek
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device SecurityWeek
Guatemala blames Venezuela-based hackers for arms control data breach - Escudo Digital
Guatemala blames Venezuela-based hackers for arms control data breach Escudo Digital
GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities - CyberSecurityNews
GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities CyberSecurityNews
10 Companies Hiring Threat Intelligence Analysts - Built In
10 Companies Hiring Threat Intelligence Analysts Built In
Intel🏴☠️ Lamashtu has just published a new victim : Malaysian NPK Fertilizer Sdn. Bhd
Malaysian NPK established in 2001 in Kedah, is a leading producer of high-quality NPK compound fertilizers. The company is a joint venture between NAFAS and Petronas Chemicals
Hackers Can Abuse Entra Agent ID Administrator Role to Hijack Service Principals - CyberSecurityNews
Hackers Can Abuse Entra Agent ID Administrator Role to Hijack Service Principals CyberSecurityNews
Hackers Can Exploit Ollama Model Uploads to Leak Sensitive Server Data - CyberSecurityNews
Hackers Can Exploit Ollama Model Uploads to Leak Sensitive Server Data CyberSecurityNews
DSA-6230-1 chromium - security update
https://security-tracker.debian.org/tracker/DSA-6230-1
DebianBreached cybercrime forum hit by massive data breach - Escudo Digital
Breached cybercrime forum hit by massive data breach Escudo Digital
9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing) - Security Boulevard
9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing) Security Boulevard
ADT Confirms Data Breach Following ShinyHunters Data Leak Claim - CyberSecurityNews
ADT Confirms Data Breach Following ShinyHunters Data Leak Claim CyberSecurityNews
The calm before the ransom: What you see is not all there is
A breach claims the systems as well as the confidence that was, in retrospect, a major vulnerability
“Don’t Be the Next Headline”: ShinyHunters’ Udemy Extortion Threat - The420.in
“Don’t Be the Next Headline”: ShinyHunters’ Udemy Extortion Threat The420.in
ADT Confirms Data Breach Following ShinyHunters Data Leak Claim - CyberSecurityNews
ADT Confirms Data Breach Following ShinyHunters Data Leak Claim CyberSecurityNews
Ben Eze: Digital Transformation Without Security Is Like Smart City With No Locks - THISDAYLIVE
Ben Eze: Digital Transformation Without Security Is Like Smart City With No Locks THISDAYLIVE
City of Suffolk victim in data security attack - AOL.com
City of Suffolk victim in data security attack AOL.com
AI-Driven Cybersecurity: Transforming Enterprise Security with Intelligent Automation - Security Boulevard
AI-Driven Cybersecurity: Transforming Enterprise Security with Intelligent Automation Security Boulevard
Intel🏴☠️ Qilin has just published a new victim : Progressive Propane
N/A
🏴☠️ Qilin has just published a new victim : Marc Cain
N/A
🏴☠️ Qilin has just published a new victim : Point Four EPoS Solutions
N/A
🏴☠️ Qilin has just published a new victim : Denso
N/A
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan