News Security Compromised npm Packages Abuse Hugging Face as Exfiltration Infrastructure June 4, 2026 / June 4, 2026 by Corentin C | Leave a Comment Microsoft Threat Intelligence has warned that compromised npm packages utils-terminal@3.2.1 and logger-active@3.2.1 are deploying the MicrosoftSystem64 RAT. The malware captures keystrokes, screenshots, and crypto wallet credentials while abusing Hugging Face infrastructure as an exfiltration channel. Read more » huggingface MicrosoftSystem64 npm rat security trojan
News CVE-2025-48595: Android integer overflow bug patched in June 2026 June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2025-48595 is an Android integer overflow leading to local privilege escalation that requires no user interaction. Google’s June 2026 patches address it; users should update to patch level 2026-06-05 or later. Read more » Android security CVE-2025-48595 Mobile security Patching Security advisories vulnerability
News CVE-2026-8206: Password reset flaw in Kirki plugin could enable account takeover June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2026-8206 affects Kirki 6.0.0–6.0.6, allowing password reset emails to be sent to attacker-controlled addresses. Update from the WordPress directory now. Read more » Account Takeover CVE-2026-8206 Kirki Plugin security Privilege escalation vulnerability wordpress
News Critical auth bypass in Burst Statistics plugin puts 200,000 WordPress sites at risk June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment A critical auth bypass in the Burst Statistics WordPress plugin (CVE-2026-8181) could let attackers impersonate admins via the REST API. A patch is available; update now. A separate low-severity bypass in Advanced Access Manager (CVE-2026-42674) is fixed in 7.1.1. Read more » Advanced Access Manager Authentication bypass Burst Statistics CVE-2026-8181 Patch management Vulnerabilities WordPress security
News CVE-2026-8732: WP Maps Pro flaw enables unauthenticated admin account creation June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2026-8732 in WP Maps Pro allows unauthenticated creation of administrator accounts on WordPress sites. Update to the patched release and verify there are no unexpected admin users. Read more » CVE-2026-8732 Plugin vulnerability Privilege escalation Site takeover Wordfence WordPress security WP Maps Pro
Guide Windows Windows 11 May Be Silently Causing Micro-Stutters in Your Games May 30, 2026 / May 30, 2026 by Corentin C | Leave a Comment Windows 11 may silently ignore low timer-resolution requests from games, causing micro-stutters even when FPS looks stable. This guide explains how to check Platform Timer Resolution with powercfg /energy and apply the GlobalTimerResolutionRequests registry tweak to improve frame pacing on desktop gaming PCs. Read more » gaming guide performance windows
News CVE-2026-9082: Drupal’s PostgreSQL SQL injection is being probed — update your sites May 30, 2026 / May 30, 2026 by Alex Mira | Leave a Comment Drupal disclosed CVE-2026-9082, a PostgreSQL-only SQL injection in core. Exploit attempts are being observed. Update to the patched Drupal releases as soon as possible. Read more » CMS security CVE-2026-9082 Drupal Patching PostgreSQL SQL injection vulnerability
News Windows Microsoft pulls back the floating Copilot button in Office, lets you put it back on the ribbon May 24, 2026 / May 24, 2026 by Alex Mira | Leave a Comment Microsoft is changing the floating Copilot button in Word, Excel, and PowerPoint after complaints, adding an option to put it back on the ribbon. Read more » copilot Excel Microsoft 365 office PowerPoint Word
News Ubiquiti UniFi OS critical fixes: CVE-2026-33000 and related flaws May 22, 2026 / May 22, 2026 by Alex Mira | Leave a Comment Ubiquiti’s Security Advisory Bulletin 064 addresses multiple critical UniFi OS vulnerabilities, including CVE-2026-33000. Check your device model and update to the fixed versions listed by the vendor. Read more » cve Network Security Patching Ubiquiti UniFi OS Vulnerabilities
News Google briefly exposed details of an unfixed Chromium bug that can keep background scripts alive May 22, 2026 / May 22, 2026 by Alex Mira | Leave a Comment Reports indicate Google briefly exposed details—and even proof-of-concept code—about an unfixed Chromium issue that can keep JavaScript running in the background across Chromium-based browsers. Read more » Browser security Chromium Google Chrome Security news Service Workers Vulnerabilities
