Cybersecurity
Vulnerabilities, CVEs, exploits, patches and security best practices.
Memorial Day Deals Under $50
The Verge has curated a list of 38 Memorial Day deals for $50 or less, featuring gadgets such as portable chargers, 4K streaming devices, and security cameras. These deals offer significant discounts on various products, making them ideal for those looking to upgrade their tech without breaking the bank. The list includes a range of items, from tech gadgets to outdoor gear.
Ghostwriter Phishing Attack
The Ghostwriter threat actor is targeting Ukrainian government entities with phishing emails related to the Prometheus online learning platform. The emails aim to install Prometheus phishing malware. The Computer Emergency Response Team of Ukraine has reported this activity.
CVE-2026-42503: gopls RCE Vulnerability
A high-severity vulnerability in gopls allows remote code execution due to accidental binding to INADDR_ANY. The issue arises when using the -port or -listen flags without specifying a host. This can enable malicious parties on the same network to execute arbitrary code via gopls.
CVE-2026-7482 Ollama Vulnerability
A critical heap out-of-bounds read vulnerability in Ollama's GGUF tensor parsing leaks server process memory to unauthenticated remote attackers. The vulnerability affects Ollama versions before 0.17.1 and can be exploited through the /api/create and /api/push endpoints. This can lead to the exposure of sensitive information, including environment variables and API keys.
Disneyland Uses Face Recognition
Disneyland has implemented face recognition technology to enhance visitor experience and security. The move has raised concerns about data privacy and surveillance. The technology is also being tested by the NSA for vulnerability assessment.
Critical RCE Vulnerability Found in OpenSSH — 14 Million Servers at Risk
Researchers disclosed a remote code execution flaw in OpenSSH versions 8.5–9.7 that allows unauthenticated attackers to execute arbitrary commands with root privileges.
Chrome Zero-Day in V8 Engine Actively Exploited in the Wild
Google has released an emergency patch for a zero-day vulnerability in Chrome's V8 JavaScript engine being actively exploited.
Corporate Affairs Commission (CAC) Database Exposed — Business Registration Data of Millions Leaked
Nigeria's Corporate Affairs Commission suffered a data exposure incident that made business registration records, directors' personal information and BVN-linked data publicly accessible through an unsecured API endpoint.
University of Lagos Student Portal Breached — 50,000 Student Records Leaked on Dark Web
A threat actor leaked over 50,000 University of Lagos student records on a dark web forum, exposing names, matric numbers, email addresses, phone numbers and academic results.
Remita Payment Platform Suffers Major Data Breach — Millions of Nigerian Users Affected
Remita, Nigeria's leading government payment platform, suffered a significant data breach exposing personal and financial data of millions of users including civil servants and government contractors.
INEC Voter Registration Database Breach Exposes 93 Million Nigerian Voters' Personal Data
Nigeria's Independent National Electoral Commission voter registration database was compromised, exposing personal information of approximately 93 million registered voters including NIN, biometric data references and home addresses.