Skip to main content

UNPWNED SECURITY BLOG

Ship secure,
not sorry.

Guides, checklists, and real-world security fixes for developers who build fast and ship often.

CVE2026-07-174 min read

Two SonicWall SMA 1000 Zero-Days Actively Exploited in the Wild

SonicWall has confirmed active exploitation of two zero-days in its SMA 1000 appliances, including a CVSS 10.0 SSRF flaw that allows unauthenticated remote command execution.

CVE2026-07-154 min read

Two Joomla Extensions Hit by Maximum-Severity Zero-Day Exploits

CISA added two CVSS 10.0 flaws in the iCagenda and Balbooa Forms Joomla extensions to its KEV catalog after reports of active zero-day exploitation in the wild.

SUPPLY CHAIN2026-07-134 min read

Injective SDK on npm Infected with Cryptocurrency Wallet Stealer

Attackers compromised the Injective Labs GitHub repo and pushed a malicious npm package that stole crypto wallet private keys and seed phrases from developers.

RESEARCH2026-07-084 min read

SkillCloak: How Malicious AI Agent Skills Evade Static Scanners

Researchers show that malicious add-on skills for AI coding agents can bypass static scanners over 90% of the time using simple packing tricks. Here is what small teams need to know.

BOTNET2026-07-065 min read

FBI Seizes NetNut Proxy Platform Linked to Popa Botnet of Two Million Devices

The FBI seized hundreds of domains tied to NetNut, a residential proxy service connected to the Popa botnet, which compromised at least two million devices without owner consent.

ADVISORY2026-07-035 min read

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81 Million Attempts

Researchers at Huntress tracked a massive automated password spray campaign targeting Azure CLI, compromising dozens of accounts across 81 million login attempts.

SUPPLY CHAIN2026-07-014 min read

Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks

Researchers found hijacked npm and Go packages that use VS Code task files to silently deploy a Python infostealer on Windows, Linux, and macOS developer machines.

BREACH2026-06-294 min read

Poland Busts SIM-Swapping Gang Tied to Millions in Crypto Theft

Polish authorities arrested four cybercriminals who breached telecom partners and hijacked email accounts to steal millions via SIM-swapping attacks.

CVE2026-06-264 min read

Cisco Unified CM SSRF Flaw CVE-2026-20230 Now Actively Exploited

A high-severity SSRF vulnerability in Cisco Unified Communications Manager is being actively exploited. Here is what small teams need to know and do right now.

ADVISORY2026-06-244 min read

INTERPOL: Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

INTERPOL's 2025/2026 Asia-Pacific cyberthreat report documents a dramatic rise in phishing, ransomware, and AI-powered scams. Here is what small teams need to know.

BREACH2026-06-224 min read

CISA Warns Fortinet Users to Secure Devices After FortiBleed Credential Leak

Nearly 74,000 Fortinet firewall and VPN credentials were exposed in the FortiBleed leak. CISA is urging all Fortinet customers to act immediately.

CVE2026-06-194 min read

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

CISA added CVE-2026-48907, a CVSS 10.0 flaw in the Joomla JCE editor plugin, to its KEV catalog after confirming active exploitation in the wild.

BREACH2026-06-174 min read

FBI Disrupts AI-Powered Phishing Service Behind One Million Malicious URLs

The FBI, Google, and Black Lotus Labs dismantled Outsider Enterprise, a Chinese phishing-as-a-service platform that used AI to generate thousands of credential-stealing sites.

BREACH2026-06-154 min read

Japanese Energy Firm Loses Drive With Data of 10.9 Million Clients

Kyushu Electric Power lost a physical storage drive containing private data on nearly 11 million customers. Here is what happened and what small teams should learn from it.

ADVISORY2026-06-124 min read

Ivanti Sentry Critical Flaw Allows Remote Root Code Execution

Ivanti patched a maximum-severity vulnerability in its Sentry gateway that lets remote attackers run arbitrary code as root. Here is what small teams need to know.

BREACH2026-06-104 min read

Meta AI Support System Abused to Hijack Over 20,000 Instagram Accounts

Attackers exploited Meta's AI-powered support system to reset passwords and steal Instagram accounts. Here is what small teams need to know and do right now.

CVE2026-06-084 min read

Cisco Catalyst SD-WAN Zero-Day Actively Exploited for Root Access

Cisco is warning of an unpatched high-severity zero-day in Catalyst SD-WAN Manager (CVE-2026-20245) that attackers are actively exploiting to gain root privileges.

CVE2026-06-054 min read

VS Code Zero-Day Lets Attackers Steal GitHub Tokens in One Click

A newly disclosed VS Code zero-day vulnerability allows attackers to steal GitHub authentication tokens by tricking developers into clicking a single malicious link.

BREACH2026-06-034 min read

WP Maps Pro Bug Exploited to Create Admin Accounts on WordPress Sites

A vulnerability in the WP Maps Pro WordPress plugin is being actively exploited to create unauthorized admin accounts. Here is what small teams need to know.

ADVISORY2026-06-015 min read

Kimsuky Uses HTTPSpy and VS Code Tunnels in Targeted Attacks on Military and Corporate Networks

North Korean state actor Kimsuky has expanded its toolkit with HTTPSpy and HelloDoor malware, and is abusing VS Code Tunnels to blend into developer environments.

BREACH2026-05-294 min read

KnowledgeDeliver Zero-Day Exploited to Plant Web Shells on LMS Servers

Attackers exploited a critical unpatched flaw in the KnowledgeDeliver LMS to deploy the Godzilla web shell, giving them persistent backdoor access to compromised servers.

SUPPLY CHAIN2026-05-274 min read

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and Crates.io

A coordinated attack campaign named TrapDoor planted credential-stealing malware across npm, PyPI, and Crates.io in over 34 packages and 384 versions starting May 22, 2026.

CVE2026-05-254 min read

CISA Flags Actively Exploited Vulnerabilities in Langflow and Trend Micro Apex One

CISA added two actively exploited vulnerabilities to its KEV catalog, including a critical flaw in the Langflow AI platform. Here is what small teams need to know.

SUPPLY CHAIN2026-05-224 min read

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs confirmed a breach limited to its GitHub environment after a compromised TanStack npm package exposed public and private source code repositories.

ZERO-DAY2026-05-204 min read

Pwn2Own Berlin 2026: Researchers Earned $1.3 Million Exploiting 47 Zero-Days

Security researchers collected $1,298,250 at Pwn2Own Berlin 2026 by exploiting 47 zero-day vulnerabilities. Here is what the results mean for small teams.

CVE2026-05-184 min read

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft disclosed CVE-2026-42897, an actively exploited spoofing flaw in on-premise Exchange Server rooted in a cross-site scripting bug with a CVSS score of 8.1.

BREACH2026-05-154 min read

US Congress Demands Answers After ShinyHunters Breach Hits Canvas Learning Platform

ShinyHunters breached Instructure's Canvas platform twice, stealing student data and disrupting schools during final exams. Now Congress wants answers from the company.

MALVERTISING2026-05-134 min read

Hackers Abuse Google Ads and Claude.ai Chats to Deliver Mac Malware

Attackers are using Google Ads and legitimate Claude.ai shared chat URLs to trick Mac users into installing malware. Here is what happened and how to protect yourself.

BREACH2026-05-114 min read

Canvas Breach Disrupts Schools and Colleges Nationwide

A data extortion attack hit Canvas, the widely-used education platform, defacing its login page and threatening to leak data from 275 million students and faculty.

BREACH2026-05-084 min read

Quasar Linux Malware Targets Software Developers with Rootkit and Credential-Stealing Capabilities

A new Linux implant called Quasar Linux is targeting developers with rootkit, backdoor, and credential-stealing features. Here is what you need to know.

BREACH2026-05-064 min read

Instructure Confirms Data Breach as ShinyHunters Claims Responsibility

Educational tech company Instructure has confirmed a data breach after the ShinyHunters extortion group claimed the attack. Here is what developers should know.

PHISHING2026-05-044 min read

Bluekit Phishing Service Bundles AI Assistant and 40 Attack Templates

A new phishing-as-a-service tool called Bluekit lowers the bar for attackers with 40+ brand templates and an AI assistant for writing convincing lures.

CVE2026-05-014 min read

LiteLLM CVE-2026-42208: A Critical SQL Injection Exploited Within 36 Hours

A critical SQL injection flaw in the popular LiteLLM Python package was exploited in the wild within 36 hours of public disclosure. Here is what developers need to know.

BREACH2026-04-294 min read

American Utility Firm Itron Discloses Breach of Internal IT Network

Itron filed an SEC 8-K disclosing unauthorized access to internal systems. Here is what happened and what small teams can learn from this incident.

BREACH2026-04-274 min read

Hackers Exploit File Upload Bug in Breeze Cache WordPress Plugin

A critical unauthenticated file upload vulnerability in the Breeze Cache WordPress plugin is being actively exploited. Here is what small teams need to know and do now.

BREACH2026-04-244 min read

Over 1,300 SharePoint Servers Remain Vulnerable to Active Spoofing Attacks

More than 1,300 Microsoft SharePoint servers are still unpatched against a spoofing flaw that was first exploited as a zero-day and remains under active attack.

BREACH2026-04-244 min read

French Government Agency Confirms Breach as Hacker Sells Citizen Data

France Titres, the agency that issues French identity documents, confirmed a data breach after a threat actor claimed responsibility and began selling stolen citizen data online.

CVE2026-04-207 min read

Next.js Middleware Auth Bypass: What CVE-2025-29927 Means for Your Site

A critical Next.js vulnerability lets attackers skip middleware auth checks by sending a single HTTP header. If your site uses middleware for route protection, this is the first thing to patch.

SECRETS2026-04-025 min read

How to Fix Exposed .env Files Before Hackers Find Them

Your .env file contains your database password, API keys, and secrets. Here is how to check if it is exposed and fix it in 5 steps.

AI SECURITY2026-04-026 min read

7 Security Mistakes AI Code Generators Make (and How to Fix Them)

AI-generated code is 2.74x more likely to have security flaws. These are the 7 most common mistakes and how to catch them.

CHECKLIST2026-04-027 min read

The Web Security Checklist Every Indie Hacker Needs

15 security checks grouped by category. SSL, headers, secrets, auth, and database. Covers everything you need before shipping.

Want to know if your site has these issues?

SCAN YOUR SITE FREE