Citrix has released urgent security updates for NetScaler ADC and NetScaler Gateway after discovering two vulnerabilities that could expose sensitive session data and cause session mix-ups. The company is urging administrators to apply the fixes as soon as possible, citing the potential for exploitation that echoes earlier high-profile memory-leak bugs that were actively abused in the wild. What happened Earlier
Category: Hacking and Exploits
Web-Hacking, 0-Day, Malware, Ransomware, Exploit, Vulnerabilities, Privilege-Flaw, Privilege-Escalation, Zero-Day, Exploit, Jailbreak, Penetration-Testing, Trojan, Spyware, Rootkit, Worm, Backdoor, Payload, Obfuscation, DDoS, Phishing, MITM, Spoofing, Brute-force, Port-Scan, SQLi, XSS, CSRF, Path-Traversal, LFI, RFI, Insecure-Deserialization, Buffer-Overflow, CVE, Exploit-Kit, Shellcode, bug bounty, ethical hacking, CTF, capture the flag, offensive security, red team exercise, exploit development, reverse engineering, vulnerability research, credential harvesting
LiteLLM Supply Chain Breach — 95M Downloads, Import-Time Backdoor, and What Teams Must Do Now
The Python package ecosystem suffered another high-impact supply chain compromise: LiteLLM — a popular library that routes requests across large language model providers and sees tens of millions of downloads — shipped malicious code in recent PyPI releases. Two versions published on March 24, 2026 (1.82.7 and 1.82.8) contained an import‑time backdoor that escalates into credential harvesting, lateral movement, and
Kali Linux 2026.1 Arrives — New Tools, NetHunter Breakthroughs, and a Nostalgic BackTrack Mode
Kali Linux’s first major release of 2026 lands with a mix of practical upgrades, fresh aesthetics, and a handful of features that will matter to both day-to-day penetration testers and mobile security researchers. Version 2026.1 brings a modernized look, an under‑the‑hood kernel bump, targeted NetHunter enhancements, and eight new offensive-security tools that expand Kali’s capabilities in post‑exploitation, web testing, and
Oracle Issues Urgent Security Update for Critical RCE in Identity Manager and Web Services Manager
Oracle has released an out-of-band security alert to address a critical remote code execution vulnerability, tracked as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. With a CVSS 3.1 base score of 9.8 and no authentication required, this is a high-risk flaw that can be exploited remotely over HTTP with minimal complexity. Organizations running internet-facing Fusion Middleware components
Chrome Security Update Fixes 26 Vulnerabilities That Could Allow Remote Code Execution
Google’s latest Chrome security update is a reminder that even the world’s most scrutinized software still harbors dangerous flaws. In a single release, Chrome developers patched 26 vulnerabilities—three marked critical—that could let unauthenticated attackers run malicious code simply by getting a user to visit a crafted webpage. For anyone who uses Chrome, from casual browsers to enterprise fleets, this is
AI as Tradecraft: How Threat Actors Operationalize Artificial Intelligence
Organizations are facing a subtle but powerful shift: adversaries are not inventing wholly new attacks so much as adopting artificial intelligence to make existing tradecraft faster, cheaper, and more resilient. Microsoft’s threat intelligence and other industry observers show that generative AI is being embedded across the attack lifecycle to accelerate reconnaissance, scale social engineering, and shorten the time between detection