News Archives • Page 57 of 631 • Daily CyberSecurity

The Sleeper in Your Toolbar: How a “Featured” Chrome Extension Turned Into a Full-Scale Infostealer ShotBird extension malware

The Sleeper in Your Toolbar: How a “Featured” Chrome Extension Turned Into a Full-Scale Infostealer

Ddos March 12, 2026

A once-reputable Chrome extension has been caught moonlighting as a sophisticated malware delivery vehicle. ShotBird, a tool...

Critical 9.8 CVSS Bypass Unearthed in HPE Aruba AOS-CX Switches CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813

CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813

Critical 9.8 CVSS Bypass Unearthed in HPE Aruba AOS-CX Switches

Ddos March 11, 2026

HPE Aruba Networking has officially released software patches for its AOS-CX platform to address a series of...

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

Ddos March 11, 2026

The WordPress security team has issued an urgent call to action following the release of WordPress 6.9.2...

High-Severity SQL Injection in Ally WordPress Plugin Threatens 400K Sites Ally Plugin Vulnerability SQL Injection

High-Severity SQL Injection in Ally WordPress Plugin Threatens 400K Sites

Ddos March 11, 2026

A high-severity SQL Injection vulnerability was found in Ally, a popular web accessibility and usability WordPress plugin....

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

The Default Danger: Maximum 10.0 CVSS Vulnerability Leaves Honeywell IQ4x Controllers Wide Open

Ddos March 11, 2026

A critical security flaw has been uncovered in the Honeywell IQ4x Building Management System (BMS) Controller family,...

Industrial Alert: Critical Stored XSS Vulnerability Discovered in Siemens SIMATIC S7-1500 Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Industrial Alert: Critical Stored XSS Vulnerability Discovered in Siemens SIMATIC S7-1500

Ddos March 11, 2026

A high-severity security flaw has been uncovered in the Siemens SIMATIC S7-1500 CPU family, a cornerstone of...

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days

Ddos March 11, 2026

The March 2026 edition of Microsoft Patch Tuesday has arrived, bringing a massive wave of security updates...

Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE OneUptime Vulnerabilities CVE-2026-30956

Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE

Ddos March 11, 2026

OneUptime, a popular multi-tenant platform for monitoring websites and APIs, has released urgent patches to address two...

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Ddos March 11, 2026

In the modern development landscape, supply chain attacks remain one of the most effective ways for threat...

APT-C-23 Weaponized Israel’s ‘Red Alert’ App for Mobile Espionage Red Alert Trojan APT-C-23

APT-C-23 Weaponized Israel’s ‘Red Alert’ App for Mobile Espionage

Ddos March 11, 2026

The Acronis Threat Research Unit (TRU) has identified a calculated campaign distributing a trojanized version of the...

Microsoft Exposes How Hackers Use Generative Models as a Force Multiplier Malicious AI AI Memory Poisoning

Microsoft Exposes How Hackers Use Generative Models as a Force Multiplier

Ddos March 11, 2026

The same AI technologies revolutionizing global productivity are now being “operationalized” by cyber adversaries to sharpen their...

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads Claude Code Malvertising Amatera Malware

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads

Ddos March 11, 2026

In the fast-paced world of AI development, “vibe-coding” has become a popular term for rapid, experimental building....

Zscaler Uncovers 8,000+ Domains and APT Backdoors Exploiting Middle East Tensions Middle East Cyber Threats

Zscaler Uncovers 8,000+ Domains and APT Backdoors Exploiting Middle East Tensions

Ddos March 11, 2026

Zscaler ThreatLabz is currently tracking a significant surge in cybercriminal operations that capitalize on the elevated political...

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets DEV#POPPER OmniStealer

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets

Ddos March 11, 2026

The eSentire’s Threat Response Unit (TRU) recently uncovered a sophisticated campaign involving a Remote Access Trojan (RAT)...

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure CL-UNK-1068 Chinese APT

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure

Ddos March 11, 2026

Since 2020, a sophisticated cluster of activity has been quietly infiltrating high-value organizations across South, Southeast, and...

Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters

Ddos March 11, 2026

Energy management systems are under the microscope following a security advisory from CERT@VDE, which reveals multiple critical...

Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation CVE-2022-36926 Zoom Vulnerability CVE-2026-30903

CVE-2022-36926 Zoom Vulnerability CVE-2026-30903

Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation

Ddos March 10, 2026

Zoom has released a series of security advisories detailing four significant vulnerabilities affecting its Windows clients, including...

The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV

Ddos March 10, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding three...

The Silent Rhythm: How BeatBanker Malware Uses a Looping Audio File to Hijack Android Devices BeatBanker Android Malware

The Silent Rhythm: How BeatBanker Malware Uses a Looping Audio File to Hijack Android Devices

Ddos March 10, 2026

In a sophisticated new campaign targeting users in Brazil, researchers at Kaspersky Labs have uncovered BeatBanker, an...

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp

Ddos March 10, 2026

In a significant Cybersecurity Advisory released in March 2026, the Netherlands Defence Intelligence and Security Service (MIVD)...

Critical Alert 1 Active Exploit Detected Today