News Archives • Page 4 of 650 • Daily CyberSecurity

SHEETCREEP Malware Abuses Google Sheets API for Command-and-Control security-de

SHEETCREEP Malware Abuses Google Sheets API for Command-and-Control

Do Son June 22, 2026

At a glance Malware family SHEETCREEP (SHEET#CREEP), C# .NET RAT Threat actor APT36 / Transparent Tribe (suspected,...

Google Tests reCAPTCHA Hand Gesture Verification

reCAPTCHA hand gesture verification scanning process and biometric CAPTCHA security reCAPTCHA Data

Google Tests reCAPTCHA Hand Gesture Verification

Do Son June 22, 2026

Combatting Advanced Bots with Hand Gestures Google initiated a limited beta test for its reCAPTCHA hand gesture...

Microsoft Details Support Lifecycle for Windows 11 Version 26H2 Windows 11 version 26H2 support lifecycle and deployment roadmap for enterprise environments Windows 11 update anomaly Windows 11 context menu Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Windows 11 version 26H2 support lifecycle and deployment roadmap for enterprise environments Windows 11 update anomaly Windows 11 context menu Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Microsoft Details Support Lifecycle for Windows 11 Version 26H2

Do Son June 22, 2026

Microsoft recently unveiled the early preview of Windows 11 version 26H2. The official release will likely debut...

Gemini CLI Deprecation: Google Moves Developers to Antigravity CLI Gemini CLI deprecation notice as Google moves developers to the Antigravity CLI terminal tool Google Antigravity 2.0 release

Gemini CLI deprecation notice as Google moves developers to the Antigravity CLI terminal tool Google Antigravity 2.0 release

Gemini CLI Deprecation: Google Moves Developers to Antigravity CLI

Do Son June 22, 2026

Google gave developers an early warning about the Gemini CLI deprecation. Now the change has arrived. The...

Windows Recycle Bin Bug Surfaces After the June 2026 Update Windows Recycle Bin bug showing an internal $Rxxxxx filename in the delete confirmation dialog after the June 2026 update

Windows Recycle Bin bug showing an internal $Rxxxxx filename in the delete confirmation dialog after the June 2026 update

Windows Recycle Bin Bug Surfaces After the June 2026 Update

Do Son June 22, 2026

Microsoft released its June 2026 Patch Tuesday updates on June 9. Within days, users began reporting odd...

DragonForce Hides Backdoor C2 Inside Microsoft Teams TURN Relays digital-hacker

DragonForce Hides Backdoor C2 Inside Microsoft Teams TURN Relays

Do Son June 22, 2026

At a glance Malware family Backdoor.Turn (Go-based RAT) Threat actor DragonForce ransomware, developed by Hackledorb (Symantec attribution)...

2,060 New CVEs and 4 Actively Exploited Flaws (June 15-21, 2026) Weekly CVE report dashboard showing 2,060 new vulnerabilities and 4 actively exploited CVEs in CISA KEV

Weekly CVE report dashboard showing 2,060 new vulnerabilities and 4 actively exploited CVEs in CISA KEV

2,060 New CVEs and 4 Actively Exploited Flaws (June 15-21, 2026)

Do Son June 22, 2026

TL;DR This weekly CVE report covers 2,060 new vulnerabilities disclosed between June 15 and 21, 2026. Among...

Four undici Vulnerabilities Affect a Package With 133M Weekly Downloads undici vulnerabilities in the Node.js HTTP client affecting a package with 133M weekly downloads

undici vulnerabilities in the Node.js HTTP client affecting a package with 133M weekly downloads

Four undici Vulnerabilities Affect a Package With 133M Weekly Downloads

Do Son June 22, 2026

TL;DR Maintainers have disclosed four undici vulnerabilities in the widely used Node.js HTTP client. The package draws...

ErrTraffic Malware Spreads ClickFix Lures via Hacked WordPress Sites hacker-security

ErrTraffic Malware Spreads ClickFix Lures via Hacked WordPress Sites

Do Son June 22, 2026

At a glance Malware family ErrTraffic (ClickFix distribution framework / TDS, sold as MaaS) Threat actor Sold...

Avo Flaw CVE-2026-55518 Enables Privilege Escalation in Rails Apps Avo authorization bypass CVE-2026-55518 enabling privilege escalation in a Ruby on Rails admin panel

Avo authorization bypass CVE-2026-55518 enabling privilege escalation in a Ruby on Rails admin panel

Avo Flaw CVE-2026-55518 Enables Privilege Escalation in Rails Apps

Do Son June 22, 2026

At a glance CVE CVE-2026-55518 CVSS 9.6 (Critical) Product / vendor Avo admin panel framework / Avo...

Three Critical pgAdmin 4 Vulnerabilities Patched: XSS, Auth Bypass, and AI Assistant SQLi pgAdmin 4 vulnerabilities CVE-2026-12046 stored XSS and RCE in PostgreSQL admin tool

pgAdmin 4 vulnerabilities CVE-2026-12046 stored XSS and RCE in PostgreSQL admin tool

Three Critical pgAdmin 4 Vulnerabilities Patched: XSS, Auth Bypass, and AI Assistant SQLi

Do Son June 22, 2026

Database administrators have urgent patching to do. The pgAdmin team has fixed three critical pgAdmin 4 vulnerabilities,...

Public Exploit Released for FreeBSD kTLS Local Root Flaw CVE-2026-45257 FreeBSD kTLS vulnerability CVE-2026-45257 public PoC exploit enabling local privilege escalation to root

FreeBSD kTLS vulnerability CVE-2026-45257 public PoC exploit enabling local privilege escalation to root

Public Exploit Released for FreeBSD kTLS Local Root Flaw CVE-2026-45257

Do Son June 22, 2026

TL;DR FreeBSD has patched a kernel flaw, CVE-2026-45257, that hands local root to any unprivileged user. This...

QNAP Patches 14 Vulnerabilities in QTS, QuTS hero, and QVP Devices QNAP NAS vulnerabilities in QTS and QuTS hero firmware including command injection flaws from QSA-26-10

QNAP NAS vulnerabilities in QTS and QuTS hero firmware including command injection flaws from QSA-26-10

QNAP Patches 14 Vulnerabilities in QTS, QuTS hero, and QVP Devices

Do Son June 21, 2026

TL;DR QNAP has patched 14 vulnerabilities affecting its QTS, QuTS hero, QuTS cloud, and QVP systems. The...

NPM Package Tests AI Malware Scanner Evasion hacker-security

NPM Package Tests AI Malware Scanner Evasion

Do Son June 21, 2026

At a glance Malware Family: shai_hulululud (Protestware/Testing) Threat Actor: Unknown (Suspected researcher or troll) Targets: AI-based malware...

Critical ArcGIS Account Recovery Targeted in Active Attacks Illustration of ArcGIS Account Recovery attacks highlighted in the latest security bulletin

Illustration of ArcGIS Account Recovery attacks highlighted in the latest security bulletin

Critical ArcGIS Account Recovery Targeted in Active Attacks

Do Son June 20, 2026

Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to penetrate customer environments. Esri confirms these targeted attempts...

Device Code Phishing: Microsoft 365 Attack That Steals No Passwords

Do Son June 20, 2026

A clever new phishing technique skips the password entirely. ReversingLabs has uncovered an active device code phishing...

GlassWASM Malware Hidden in Open VSX Extensions code

GlassWASM Malware Hidden in Open VSX Extensions

Do Son June 20, 2026

Security researchers have uncovered GlassWASM malware, a stealthy threat hiding inside trojanized Visual Studio Code extensions. Socket’s...

UNC1151 ‘Ghostwriter’ Phishing Campaign Hijacks Gmail Accounts and 2FA Codes UNC1151 Gmail phishing fake Google login page stealing 2FA codes by Ghostwriter

UNC1151 Gmail phishing fake Google login page stealing 2FA codes by Ghostwriter

UNC1151 ‘Ghostwriter’ Phishing Campaign Hijacks Gmail Accounts and 2FA Codes

Do Son June 19, 2026

Poland’s national cyber team has sounded the alarm. A fresh UNC1151 Gmail phishing campaign is hunting credentials...

Interlock and Rhysida Ransomware: IBM X-Force Maps a Shared Ecosystem malware

Interlock and Rhysida Ransomware: IBM X-Force Maps a Shared Ecosystem

Do Son June 19, 2026

A two-year look at a shared ransomware ecosystem IBM X-Force has released long-term research into the Interlock...

1M WordPress Sites at Risk: Critical Unauthenticated Arbitrary File Deletion in Avada Builder (CVSS 9.1) Avada Builder vulnerability CVE-2026-8713 unauthenticated arbitrary file deletion in WordPress

Avada Builder vulnerability CVE-2026-8713 unauthenticated arbitrary file deletion in WordPress

1M WordPress Sites at Risk: Critical Unauthenticated Arbitrary File Deletion in Avada Builder (CVSS 9.1)

Do Son June 19, 2026

Around one million WordPress sites just got an urgent reason to patch. A critical Avada Builder...

Critical Alert 2 Active Exploits Detected Today