News Archives • Page 37 of 631 • Daily CyberSecurity

The Cloud-Only Safety Net: Microsoft to Bypass Local Recycle Bins in Major OneDrive Overhaul OneDrive cloud deletion 2026 OneDrive Facial Recognition, Three-Time Limit OneDrive Suspension, Data Loss

OneDrive cloud deletion 2026 OneDrive Facial Recognition, Three-Time Limit OneDrive Suspension, Data Loss

The Cloud-Only Safety Net: Microsoft to Bypass Local Recycle Bins in Major OneDrive Overhaul

Ddos April 8, 2026

According to Microsoft’s announcement in the Microsoft 365 Admin Center (MC1269861), commencing in May 2026, files deleted...

AI Against AI: Anthropic Unveils “Project Glasswing” to Stop the Next Great Cyber War Anthropic Project Glasswing

AI Against AI: Anthropic Unveils “Project Glasswing” to Stop the Next Great Cyber War

Ddos April 8, 2026

As generative AI technologies proliferate, global anxieties regarding their potential misuse—particularly as instruments for cyber warfare and...

Alert: Social Engineering Campaign Targets Open Source Developers via Slack Social Engineering Developer Security

Alert: Social Engineering Campaign Targets Open Source Developers via Slack

Ddos April 8, 2026

A sophisticated, high-severity social engineering campaign is currently targeting the open source developer community. The attack, which...

OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed

Ddos April 8, 2026

OpenSSL has released a comprehensive security advisory detailing seven vulnerabilities ranging from Moderate to Low severity. The...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

APT28 Hijacks Home Routers to Steal Corporate Credentials

Ddos April 8, 2026

In a major technical disclosure, the UK National Cyber Security Centre (NCSC) has detailed a sophisticated campaign...

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets Venom Stealer Crypto Drainer MaaS

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets

Ddos April 8, 2026

A new Malware-as-a-Service (MaaS) platform is making waves in the cybercrime underground, promising operators an automated pipeline...

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Ddos April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

Malicious VeloraDEX SDK Compromises Developer Machines via npm npm Supply Chain Attack @velora-dex/sdk Malware

Malicious VeloraDEX SDK Compromises Developer Machines via npm

Ddos April 8, 2026

Security researchers at StepSecurity have sounded the alarm on a compromised version of the @velora-dex/sdk package. On...

From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints TA416 PlugX Backdoor

From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints

Ddos April 8, 2026

A new intelligence report from Proofpoint reveals that TA416, a sophisticated threat actor aligned with Chinese state...

Budibase Patches Critical RCE and SSRF Vulnerabilities Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Budibase Patches Critical RCE and SSRF Vulnerabilities

Ddos April 7, 2026

Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent...

10.0 CVSS Flaw in Kestra Grants Full Server Control Kestra RCE SQL Injection Vulnerability

10.0 CVSS Flaw in Kestra Grants Full Server Control

Ddos April 7, 2026

A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw,...

Critical JWT Bypass in Convoy Panel Allows Full Account Takeover Convoy Vulnerability JWT Authentication Bypass

Critical JWT Bypass in Convoy Panel Allows Full Account Takeover

Ddos April 7, 2026

A critical security vulnerability has been unmasked in Convoy, the modern KVM server management panel used by...

Breaking the App Shell: Five New Electron Vulnerabilities Shatter Context Isolation Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Breaking the App Shell: Five New Electron Vulnerabilities Shatter Context Isolation

Ddos April 7, 2026

The Electron framework—the powerhouse behind heavyweights like Visual Studio Code and countless other cross-platform desktop applications —has...

Trolling as a Service: How the New CrystalX RAT Uses “Prankware” to Torture Its Victims CrystalX RAT Prankware

Trolling as a Service: How the New CrystalX RAT Uses “Prankware” to Torture Its Victims

Ddos April 7, 2026

In the world of cybercrime, malware is typically designed for one of two things: stealthy espionage or...

BlueHammer: Researcher Drops Functional 0-Day Exploit Targeting Windows Defender BlueHammer Exploit Windows Defender 0-day

BlueHammer: Researcher Drops Functional 0-Day Exploit Targeting Windows Defender

Ddos April 7, 2026

A researcher has publicly disclosed a functional zero-day exploit targeting the internal signature update mechanism of Windows...

UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud NEXUS Listener React2Shell Vulnerability

UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud

Ddos April 7, 2026

Cisco Talos has revealed a major automated credential harvesting campaign, tracked as UAT-10608, that has already compromised...

The Hidden Hand: Why Adobe is Surreptitiously Modifying Your System Hosts File Adobe Creative Cloud hosts file Adobe Firefly, AI video

The Hidden Hand: Why Adobe is Surreptitiously Modifying Your System Hosts File

Ddos April 7, 2026

Ordinarily, when patrons install software such as Adobe Photoshop, they are compelled to accept the bundled installation...

The Evolution of an Infostealer: Xloader 8.7 Unmasked Xloader Malware Information Stealer Phantom Stealer v3.5.0 DLL Sideloading Attack

The Evolution of an Infostealer: Xloader 8.7 Unmasked

Ddos April 7, 2026

ThreatLabz has released a deep-dive analysis into the latest iterations of Xloader, a notorious information-stealing malware that...

GPUBreach Rowhammer Hijacks GPUs for Full System Root GPUBreach GPU Rowhammer

GPUBreach Rowhammer Hijacks GPUs for Full System Root

Ddos April 7, 2026

Researchers from the University of Toronto have demonstrated that Rowhammer attacks on GPUs can move far beyond...

Browser Wars 2026: The “Choice Alliance” Slams Microsoft’s Predatory Edge Auto-Launch Browser Choice Alliance Microsoft CVE-2024-30055 Microsoft Edge, Copilot Mode

Browser Choice Alliance Microsoft CVE-2024-30055 Microsoft Edge, Copilot Mode

Browser Wars 2026: The “Choice Alliance” Slams Microsoft’s Predatory Edge Auto-Launch

Ddos April 7, 2026

Last week, it was reported that Microsoft is experimenting with a configuration that compels Microsoft Edge to...

Critical Alert 1 Active Exploit Detected Today