Daily CyberSecurity • Page 122 of 739 • Zero-hour alerts. Unmatched analysis.

Attacking from Within: How Adobe ColdFusion Admins Can Weaponize Remote Shares ColdFusion Archive (CAR), UNC Path Exploitation

Attacking from Within: How Adobe ColdFusion Admins Can Weaponize Remote Shares

Do Son January 6, 2026

Adobe has issued critical updates for its ColdFusion platform after security researcher Brian Reilly uncovered a clever...

MediaTek Kicks Off 2026 with Major Security Overhaul for Mobile Chipsets MediaTek Modem Vulnerabilities, January 2026 Security Bulletin MediaTek Vulnerabilities, Chipset Security CVE-2024-20103 & CVE-2024-20100 - CVE-2024-20154 - February 2025 Product Security Bulletin

MediaTek Kicks Off 2026 with Major Security Overhaul for Mobile Chipsets

Do Son January 6, 2026

MediaTek has kicked off the new year with a critical security bulletin, releasing patches for a slew...

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets GlassWorm Wave 4, macOS Supply Chain Attack

GlassWorm Wave 4, macOS Supply Chain Attack

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets

Do Son January 6, 2026

The resilient “GlassWorm” threat actor, known for embedding malicious code into Visual Studio Code extensions, has returned...

Researcher Details Stack Buffer Overflow Flaw in Net-SNMP snmptrapd with PoC Net-SNMP, CVE-2025-68615

Researcher Details Stack Buffer Overflow Flaw in Net-SNMP snmptrapd with PoC

Do Son January 6, 2026

A critical vulnerability in the widely used Net-SNMP suite has been uncovered, exposing a dangerous logic flaw...

New TCC Bypass (CVE-2025-43530) Exposes macOS to Unchecked Automation macOS TCC Bypass, CVE-2025-43530

New TCC Bypass (CVE-2025-43530) Exposes macOS to Unchecked Automation

Do Son January 6, 2026

Apple’s privacy fortress, the Transparency, Consent, and Control (TCC) framework, has been breached once again. Security researcher...

Microsoft Developer Account Suspension Microsoft Web Activation Portal Driver Signing Account Suspension Windows 11 Smart App Control Windows 11 SE end of support, Microsoft education hardware pivot Microsoft Product Activation Portal 2025, Windows telephone activation discontinued Windows Update Naming, Microsoft Update Microsoft earnings, OpenAI valuation VBScript deprecation Microsoft Pakistan, Office Closure Microsoft job cuts Microsoft Own AI Models

The Chromebook Killer Fails: Microsoft to Kill Windows 11 SE in 2026

Do Son January 6, 2026

Microsoft has now confirmed that support for Windows 11 SE will be discontinued at the end of...

Riot Games Login Outage Traced to Expired SSL Certificate Riot Games, Certificate Expiration

Riot Games Login Outage Traced to Expired SSL Certificate

Do Son January 5, 2026

The well-known game developer Riot Games recently suffered another widespread service disruption after failing to renew an...

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal Quake III Arena, Zero-Day Vulnerability

Fragged Files: Critical Zero-Day Hits Quake III Arena Engines via Directory Traversal

Do Son January 5, 2026

The Quake III Arena engine, a cornerstone of FPS history open-sourced by id Software, has been hit...

Pinterest AI layoffs 2026, Pinterest workforce reduction 15% OpenAI Pinterest acquisition 2026, multimodal AI training data Pinterest Assistant, AI Search, Visual Discovery

The Scrapbook Strategy: Why OpenAI is Betting $17 Billion on Pinterest

Do Son January 5, 2026

As 2026 begins, rumors of consolidation in the AI market show no sign of abating. According to...

Systems over Slop: Nadella’s 2026 AI Vision Sparks “Microslop” Revolt Microsoft Copilot Terms of Service Satya Nadella SN Scratchpad, Microsoft Microslop backlash

Microsoft Copilot Terms of Service Satya Nadella SN Scratchpad, Microsoft Microslop backlash

Systems over Slop: Nadella’s 2026 AI Vision Sparks “Microslop” Revolt

Do Son January 5, 2026

As the first week of 2026 unfolds, Microsoft CEO Satya Nadella published his latest reflections on the...

The Unpatchable Leak: Sony’s PS5 Security Crumples as BootROM Keys Hit the Web Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

The Unpatchable Leak: Sony’s PS5 Security Crumples as BootROM Keys Hit the Web

Do Son January 5, 2026

Last week, an unidentified hacker leaked a critical security key used by Sony to protect the trust...

The Hacker Returns: Bitfinex Mastermind Ilya Lichtenstein Freed Early via Trump Law Ilya Lichtenstein Bitfinex release, Trump First Step Act Bitfinex

Ilya Lichtenstein Bitfinex release, Trump First Step Act Bitfinex

The Hacker Returns: Bitfinex Mastermind Ilya Lichtenstein Freed Early via Trump Law

Do Son January 5, 2026

The well-known cryptocurrency exchange Bitfinex suffered a major cyberattack in 2016, during which it lost 119,756 bitcoins....

Private Intelligence: Telegram’s 2026 Update Brings AI Summaries via the Cocoon Network Telegram AI summary iOS update, Cocoon decentralized AI network

Telegram AI summary iOS update, Cocoon decentralized AI network

Private Intelligence: Telegram’s 2026 Update Brings AI Summaries via the Cocoon Network

Do Son January 5, 2026

Telegram has recently rolled out its first update of 2026. This release primarily targets the iOS version...

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE AdonisJS RCE, CVE-2026-21440

CVE-2026-21440: New AdonisJS 9.2 Critical Flaw Allows Arbitrary File Writes and RCE

Do Son January 5, 2026

A critical security vulnerability has been discovered in AdonisJS, a popular full-stack Node.js web framework known for...

“Sliver” in the Stack: Exposed Logs Reveal Targeted FortiWeb Exploitation Campaign Sliver C2, React2Shell (CVE-2025-55182)

“Sliver” in the Stack: Exposed Logs Reveal Targeted FortiWeb Exploitation Campaign

Do Son January 5, 2026

A sophisticated threat actor has been caught leveraging exposed logs and databases to orchestrate a targeted campaign...

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts VVS Stealer, Pyarmor Obfuscation

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts

Do Son January 5, 2026

A new, highly sophisticated malware strain is making the rounds on the cybercrime underground, targeting the massive...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-66848: Critical Flaw in JD Cloud Routers Grants Hackers Root Access

Do Son January 5, 2026

A security vulnerability has been uncovered in a popular line of NAS routers from JD Cloud, potentially...

Transparent Tribe Weaponizes “JLPT” Tests in New Cyber-Espionage Campaign Against India Operation IconCat, UNG0801 AFP cyberattack -NetWalker Ransomware VShell RAT

Operation IconCat, UNG0801 AFP cyberattack -NetWalker Ransomware VShell RAT

Transparent Tribe Weaponizes “JLPT” Tests in New Cyber-Espionage Campaign Against India

Do Son January 5, 2026

A seemingly harmless notification about a Japanese language proficiency exam has become the latest vector for state-aligned...

New WordPress Phishing Scam Steals Credit Cards via Telegram Telegram Exfiltration, WordPress Phishing

New WordPress Phishing Scam Steals Credit Cards via Telegram

Do Son January 5, 2026

A sophisticated new phishing campaign is targeting WordPress site owners with fake “domain renewal” notices, tricking victims...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Eaton UPS Software Flaws Expose Systems to High-Risk Code Execution

Do Son January 5, 2026

Power management giant Eaton dropped a critical security advisory on Christmas Eve, warning users of its UPS...