News

“Matryoshka” Malware: New macOS Attack Hides Inside “Russian Dolls” of Obfuscation OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

“Matryoshka” Malware: New macOS Attack Hides Inside “Russian Dolls” of Obfuscation

Do Son February 16, 2026

Mac users are being targeted by a sophisticated new social engineering campaign that wraps malicious code in...

One Code to Lock Them All: LockBit 5.0 Unifies Attacks on Windows, Linux, and ESXi LockBit LockBit 5.0 Resurgence, ETW Blinding Ransomware

LockBit LockBit 5.0 Resurgence, ETW Blinding Ransomware

One Code to Lock Them All: LockBit 5.0 Unifies Attacks on Windows, Linux, and ESXi

Do Son February 16, 2026

The notorious LockBit ransomware gang has released its latest iteration, LockBit 5.0, marking a significant technical evolution...

OysterLoader: Multi-Stage Loader Evolves to Evade Detection and Deliver Ransomware INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

OysterLoader: Multi-Stage Loader Evolves to Evade Detection and Deliver Ransomware

Do Son February 16, 2026

A detailed analysis by the Sekoia TDR team has shed new light on OysterLoader, a sophisticated malware...

“Distillation” Theft: Attackers Target AI Models in New Wave of Intellectual Property Heists Model Extraction Attacks AI API Theft

Model Extraction Attacks AI API Theft

“Distillation” Theft: Attackers Target AI Models in New Wave of Intellectual Property Heists

Do Son February 16, 2026

A new report from the Google Threat Intelligence Group (GTIG) has revealed a sharp rise in a...

JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw

Do Son February 16, 2026

A critical security vulnerability in FileZen, the popular file transfer appliance from Soliton Systems K.K., is currently...

Critical ZLAN5143D Flaws (CVSS 9.8) Allow Total Takeover, No Patch Available

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical ZLAN5143D Flaws (CVSS 9.8) Allow Total Takeover, No Patch Available

Do Son February 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding high-severity vulnerabilities in industrial connectivity...

Surveillance for Sale: ZeroDayRAT Turns Phones into Spies via Telegram ZeroDayRAT Mobile Spyware

ZeroDayRAT Mobile Spyware

Surveillance for Sale: ZeroDayRAT Turns Phones into Spies via Telegram

Do Son February 16, 2026

A new and powerful mobile spyware platform has emerged on the cybercrime market, offering sophisticated surveillance capabilities...

HAProxy Patches High-Severity QUIC Flaws That Can Kill the Load Balancer

HAProxy Patches High-Severity QUIC Flaws That Can Kill the Load Balancer

Do Son February 16, 2026

Maintainers of the widely-used load balancer HAProxy have issued urgent security updates to address two high-severity vulnerabilities...

AI Data at Risk: Critical Milvus Flaw (CVSS 9.8) Exposes Database via Port 9091 Milvus Vulnerability Vector Database Security

Milvus Vulnerability Vector Database Security

AI Data at Risk: Critical Milvus Flaw (CVSS 9.8) Exposes Database via Port 9091

Do Son February 16, 2026

A critical vulnerability has been discovered in Milvus, the high-performance vector database that powers many of the...

Trusted Tool Weaponized: Lotus Blossom Hijacks Notepad++ Updates

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Trusted Tool Weaponized: Lotus Blossom Hijacks Notepad++ Updates

Do Son February 16, 2026

A new report from Unit 42 has exposed a highly targeted supply chain attack that turned one...

Exploited in the Wild: Critical BeyondTrust Flaw (CVSS 9.9) Opens Door to Network Takeover BeyondTrust Vulnerability CVE-2026-1731

BeyondTrust Vulnerability CVE-2026-1731

Exploited in the Wild: Critical BeyondTrust Flaw (CVSS 9.9) Opens Door to Network Takeover

Do Son February 15, 2026

A critical vulnerability in widely used remote access software is currently under active attack, with threat actors...

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild

Do Son February 15, 2026

Google has pushed an urgent security update for its Chrome browser, racing to patch a high-severity zero-day...

Inside Job: Abandoned Outlook Add-in “AgreeTo” Steals 4,000 Credentials Outlook Add-in Phishing AgreeTo Malicious Add-in

Outlook Add-in Phishing AgreeTo Malicious Add-in

Inside Job: Abandoned Outlook Add-in “AgreeTo” Steals 4,000 Credentials

Do Son February 13, 2026

In a disturbing first for enterprise security, researchers at Koi Security have uncovered a malicious Microsoft Outlook...

Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection

Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection

Do Son February 13, 2026

Zimbra has rolled out a significant security update for its collaboration suite, releasing Zimbra 10.1.16 to address...

Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware

Do Son February 13, 2026

A new report from ReliaQuest has uncovered a dangerous alliance between a China-based threat actor and a...

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware

Do Son February 13, 2026

The notorious North Korean hacking syndicate, Lazarus Group, has launched a new, highly sophisticated branch of its...

The Human Hack: LummaStealer Returns with Deceptive “ClickFix” Attacks Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

The Human Hack: LummaStealer Returns with Deceptive “ClickFix” Attacks

Do Son February 13, 2026

A new report from Bitdefender has revealed a troubling resurgence in LummaStealer activity, proving that even coordinated...

Back to the Future: SSHStalker Botnet Revives 2009 Tactics to Hijack Linux Servers SSHStalker Botnet Linux IRC Malware

SSHStalker Botnet Linux IRC Malware

Back to the Future: SSHStalker Botnet Revives 2009 Tactics to Hijack Linux Servers

Do Son February 13, 2026

A previously undocumented Linux botnet has been discovered prowling the internet, using a mix of ancient tactics...

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed Muddled Libra Rogue VM

Muddled Libra Rogue VM

Trojan Horse in the Server Room: Muddled Libra’s Rogue VM Strategy Exposed

Do Son February 13, 2026

A new investigation by Unit 42 has pulled back the curtain on the operations of Muddled Libra,...

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust Telegram Phishing Account Takeover

Telegram Phishing Account Takeover

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust

Do Son February 13, 2026

A new phishing campaign is targeting Telegram users by turning the platform’s own security features into a...

🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version...
CVE-2018-1273CVSS 9.8
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a...
CVE-2026-20230CVSS 8.6
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified...
CVE-2026-12569
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The...
CVE-2026-28496CVSS 9.4
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
CVE-2026-21509CVSS 7.8
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a...
CVE-2026-34908CVSS 10.0
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi...
CVE-2026-34909CVSS 10.0
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS...
CVE-2026-34910CVSS 10.0
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi...
CVE-2025-67038CVSS 9.8
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write...