A newly disclosed vulnerability in a popular WordPress plugin can allow attackers to log in as administrators without a username or password. Tracked as CVE-2026-1492 and carrying a CVSS v4.0 score of 9.8, the flaw affects all versions of the User Registration Membership plugin up through 5.1.2. The issue was documented in early March 2026 by CYFIRMA researchers and represents
Latest Articles

Microsoft Extends Windows 10 Extended Security Updates Through October 2027
Microsoft has quietly extended its consumer Extended Security Updates (ESU) program for Windows 10, pushing the cutoff for critical security patches out another year to October 12, 2027. The move gives millions of users who have not yet migrated to Windows 11 additional time to receive important and critical security fixes, while Microsoft continues to encourage upgrades to the newer OS. For those already enrolled in the consumer ESU program, coverage continues automatically under the new end date. What the…
Continue readingCompromised Trust: CPUID Supply‑Chain Attack Served Trojanized CPU‑Z and HWMonitor Installers
Hackers briefly hijacked a CPUID distribution channel and altered download links on the vendor’s official website so that users seeking the popular CPU‑Z and HWMonitor utilities would instead receive a trojanized installer. The modification redirected downloads to Cloudflare R2 storage and delivered a malicious file masquerading as HWiNFO, exposing millions of users who rely on these tools for hardware diagnostics
A2A Protocol Surpasses 150 Organizations and Lands in Major Cloud Platforms in Its First Year
A2A Protocol has marked an impressive set of milestones within its inaugural year: the project reports onboarding more than 150 organizations, gaining placement in major cloud platforms’ marketplaces, and achieving enterprise production usage. Those three developments—rapid partner growth, cloud distribution, and real-world enterprise deployments—are meaningful indicators that A2A is moving beyond early experimentation and into practical, scalable use. Why these
Project Glasswing: Anthropic’s Claude Mythos Preview Arms Defenders to Secure Critical Infrastructure
When Anthropic announced Project Glasswing, it felt like a turning point in how we think about cybersecurity. Rather than another incremental tool, Glasswing pools one of the most capable frontier language models—Claude Mythos Preview—with an unusual, urgent mission: give the organizations that run the internet and financial systems a head start against AI-enabled attackers. The initiative reads like a playbook
ActiveMQ broker RCE tied to CVE-2026-34197: what admins need to know
A long-standing flaw in Apache ActiveMQ has resurfaced as a serious concern for administrators. The issue—listed on CISA’s Known Exploited Vulnerabilities (KEV) list under entry 46604—enables unauthenticated remote command execution via the broker port. Although CVE-2026-34197 is not yet reported as being widely exploited in the wild, researchers examining broker logs say there are clear indicators that attackers have attempted
Microsoft 365 Network Disruption Hits Exchange Online, Teams, and Core Services
A sudden network-level disruption on April 8, 2026 knocked several core Microsoft 365 services offline or degraded their performance for many users. What began as a spike in telemetry and rapid customer reports at 8:37 PM IST (3:07 PM UTC) quickly became an enterprise-wide concern as Exchange Online, Microsoft Teams, and broader Microsoft 365 functionality showed interruption. Microsoft classified the





