News Archives • Page 8 of 631 • Daily CyberSecurity

GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs NVIDIA Driver Security Update CVE-2026-24187 Linux

GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs

Ddos May 19, 2026

NVIDIA has officially rolled out a comprehensive software security update for its GPU Display Driver to address...

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa OrBit Linux Rootkit Medusa Userland LD_PRELOAD Hooking

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa

Ddos May 19, 2026

In July 2022, security researchers dropped the first analysis of OrBit, a sophisticated, then-undocumented Linux userland rootkit....

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365 Tycoon 2FA Phishing Kit OAuth Device Code Phishing

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365

Ddos May 19, 2026

Just weeks after a massive international law enforcement operation dismantled its primary server infrastructure, the notorious Tycoon...

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure

Ddos May 19, 2026

A relentless cyber-espionage operation has targeted an Azerbaijani oil and gas company, demonstrating that advanced persistent threats...

Boot Partition Bottleneck: Microsoft Confirms Windows 11 Update KB5089549 Fails with Error 0x800f0922 Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Boot Partition Bottleneck: Microsoft Confirms Windows 11 Update KB5089549 Fails with Error 0x800f0922

Ddos May 19, 2026

Following the recent distribution of Windows 11 monthly routine cumulative update KB5089549, a segment of the user...

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory

Ddos May 19, 2026

A massive and highly coordinated supply chain assault is currently ripping through the JavaScript developer ecosystem. Security...

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA Device Code Phishing EvilTokens PhaaS

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA

Ddos May 19, 2026

A once-obscure technique for bypassing multifactor authentication is exploding across the threat landscape, supercharged by AI “vibe...

C Windows SecureBoot folder KB5089549 Windows 11 BSOD Microsoft Windows, Rust programming WINS Service Deprecation Windows Server DNS Migration Windows Driver Standard OEM Kernel Privileges Windows Agentic OS Task Manager Bug, Windows 11 Performance Windows 11, Microsoft, WinRE, Update Bug, Tech Support Windows 11 OOBE, Microsoft Account Mandatory Windows 11, SSD failures Windows 11 Recovery, Black Screen of Death Windows 11 Update Issue, KB5062324 Windows 11, Indicator Bar

Microsoft Explains the New “SecureBoot” Folder in Windows 11 KB5089549 Update

Ddos May 19, 2026

Following the deployment of the Windows 11 May update (KB5089549) and its subsequent evolutionary iterations, Microsoft instantiates...

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet Shai-Hulud worm NPM supply chain attack

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet

Ddos May 19, 2026

The threat collective recognized as TeamPCP, historically notorious for orchestrating supply chain incursions within the NPM ecosystem,...

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers NGINX Rift CVE-2026-42945

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers

Ddos May 19, 2026

The renowned open-source reverse proxy server, NGINX, has disclosed a critical security vulnerability designated as CVE-2026-42945, garnering...

Microsoft Announces Driver Quality Initiative to Fix Windows 11 Sleep Battery Drain Windows Driver Quality Initiative WinHEC 2026

Microsoft Announces Driver Quality Initiative to Fix Windows 11 Sleep Battery Drain

Ddos May 19, 2026

Patrons deploying Windows 10 or Windows 11 laptops have routinely encountered a vexing phenomenon wherein a device,...

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory

Ddos May 19, 2026

Security researcher recently disclosed that Microsoft Edge inherently loads all cached user credentials into active memory processes...

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets

Ddos May 19, 2026

A critical authentication bypass flaw in industrial cellular routers has transitioned into a full-blown mass exploitation campaign,...

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace

Ddos May 19, 2026

A brief but dangerous supply chain attack briefly hijacked the official Visual Studio Code marketplace, targeting over...

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning

Ddos May 19, 2026

The PostgreSQL Global Development Group has issued a synchronized security update across all actively supported branches, eliminating...

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE

Ddos May 19, 2026

A critical heap buffer overflow vulnerability lurking in PostgreSQL’s core cryptographic extension for over two decades has...

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE

Ddos May 19, 2026

A severe vulnerability discovered in the popular open-source generative AI development platform Flowise allows authenticated users to...

Critical Portainer Flaws Grant Restricted Users Root Access to the Host Portainer Container Escape CVE-2026-44849 Swarm Bypass

Critical Portainer Flaws Grant Restricted Users Root Access to the Host

Ddos May 19, 2026

A dangerous pair of critical authorization failures within the Portainer container management platform allows standard, restricted users...

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine Marten .NET SQL Injection CVE-2026-45288

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine

Ddos May 19, 2026

A severe vulnerability discovered in Marten, a highly popular .NET transactional document store and event store library,...

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access TencShell Malware Rshell C2 Framework

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access

Ddos May 18, 2026

Security researchers have exposed a highly stealthy attempted intrusion that weaponized an open-source framework into a potent...

Critical Alert 1 Active Exploit Detected Today