Daily CyberSecurity

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover bui

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover

Do Son May 20, 2026

Budibase, the popular open-source operations platform known for saving engineers hundreds of hours building secure Agents, Apps,...

Details and PoC Exploit Code Released: Critical Cockpit RCE Flaw Grants Instant Root Shells Cockpit RCE Vulnerability CVE-2026-4802 PoC Exploit

Cockpit RCE Vulnerability CVE-2026-4802 PoC Exploit

Details and PoC Exploit Code Released: Critical Cockpit RCE Flaw Grants Instant Root Shells

Do Son May 20, 2026

A severe vulnerability has been uncovered in Cockpit, the widely used web-based Linux server administration tool developed...

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads NVIDIA Driver Security Update CVE-2026-24187 Linux

NVIDIA Driver Security Update CVE-2026-24187 Linux

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads

Do Son May 20, 2026

NVIDIA has released a software update for the NVIDIA Triton Inference Server to address a wave of...

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals FreePBX UCP Vulnerability CVE-2026-46376 Hard-Coded Credentials

FreePBX UCP Vulnerability CVE-2026-46376 Hard-Coded Credentials

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals

Do Son May 20, 2026

FreePBX, widely recognized as the world’s most popular open-source IP PBX platform for building customized phone systems,...

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users Arcane Docker Vulnerability CVE-2026-45625

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users

Do Son May 20, 2026

Arcane, the popular tool billed as “Modern Docker Management, Designed for Everyone”, has disclosed a severe security...

PoC Exploit Code Publicly Released: New “PinTheft” Linux Flaw Overwrites Page Cache for Instant Root PinTheft Linux Exploit Linux LPE PoC Disclosed

PinTheft Linux Exploit Linux LPE PoC Disclosed

PoC Exploit Code Publicly Released: New “PinTheft” Linux Flaw Overwrites Page Cache for Instant Root

Do Son May 20, 2026

A newly detailed vulnerability known as “PinTheft” is giving Linux system administrators serious pause. Discovered by Aaron...

Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM inforsec_sns_1_1777449269P69IHYw2A5

Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM

cybernewswire May 19, 2026

Torrance, United States / California, 19th May 2026, CyberNewswire

Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report Orchid_Identity_Gap_report_Cyber_Newswire_photo_1779130638YN9ZSkjgqG

Orchid_Identity_Gap_report_Cyber_Newswire_photo_1779130638YN9ZSkjgqG

Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report

cybernewswire May 19, 2026

New York, United States, 19th May 2026, CyberNewswire

GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs NVIDIA Driver Security Update CVE-2026-24187 Linux

GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs

Do Son May 19, 2026

NVIDIA has officially rolled out a comprehensive software security update for its GPU Display Driver to address...

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa OrBit Linux Rootkit Medusa Userland LD_PRELOAD Hooking

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa

Do Son May 19, 2026

In July 2022, security researchers dropped the first analysis of OrBit, a sophisticated, then-undocumented Linux userland rootkit....

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365 Tycoon 2FA Phishing Kit OAuth Device Code Phishing

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365

Do Son May 19, 2026

Just weeks after a massive international law enforcement operation dismantled its primary server infrastructure, the notorious Tycoon...

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure

Do Son May 19, 2026

A relentless cyber-espionage operation has targeted an Azerbaijani oil and gas company, demonstrating that advanced persistent threats...

Boot Partition Bottleneck: Microsoft Confirms Windows 11 Update KB5089549 Fails with Error 0x800f0922 Windows 11 context menu Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Windows 11 context menu Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Boot Partition Bottleneck: Microsoft Confirms Windows 11 Update KB5089549 Fails with Error 0x800f0922

Do Son May 19, 2026

Following the recent distribution of Windows 11 monthly routine cumulative update KB5089549, a segment of the user...

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory

Do Son May 19, 2026

A massive and highly coordinated supply chain assault is currently ripping through the JavaScript developer ecosystem. Security...

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA Device Code Phishing EvilTokens PhaaS

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA

Do Son May 19, 2026

A once-obscure technique for bypassing multifactor authentication is exploding across the threat landscape, supercharged by AI “vibe...

C Windows SecureBoot folder KB5089549 Windows 11 BSOD Microsoft Windows, Rust programming WINS Service Deprecation Windows Server DNS Migration Windows Driver Standard OEM Kernel Privileges Windows Agentic OS Task Manager Bug, Windows 11 Performance Windows 11, Microsoft, WinRE, Update Bug, Tech Support Windows 11 OOBE, Microsoft Account Mandatory Windows 11, SSD failures Windows 11 Recovery, Black Screen of Death Windows 11 Update Issue, KB5062324 Windows 11, Indicator Bar

Microsoft Explains the New “SecureBoot” Folder in Windows 11 KB5089549 Update

Do Son May 19, 2026

Following the deployment of the Windows 11 May update (KB5089549) and its subsequent evolutionary iterations, Microsoft instantiates...

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet Shai-Hulud worm NPM supply chain attack

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet

Do Son May 19, 2026

The threat collective recognized as TeamPCP, historically notorious for orchestrating supply chain incursions within the NPM ecosystem,...

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers NGINX Rift CVE-2026-42945

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers

Do Son May 19, 2026

The renowned open-source reverse proxy server, NGINX, has disclosed a critical security vulnerability designated as CVE-2026-42945, garnering...

Microsoft Announces Driver Quality Initiative to Fix Windows 11 Sleep Battery Drain Windows Driver Quality Initiative WinHEC 2026

Microsoft Announces Driver Quality Initiative to Fix Windows 11 Sleep Battery Drain

Do Son May 19, 2026

Patrons deploying Windows 10 or Windows 11 laptops have routinely encountered a vexing phenomenon wherein a device,...

Browser Choice Alliance letter Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory

Do Son May 19, 2026

Security researcher recently disclosed that Microsoft Edge inherently loads all cached user credentials into active memory processes...

Critical Alert 2 Active Exploits Detected Today

Critical Alert

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover

Details and PoC Exploit Code Released: Critical Cockpit RCE Flaw Grants Instant Root Shells

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users

PoC Exploit Code Publicly Released: New “PinTheft” Linux Flaw Overwrites Page Cache for Instant Root

Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM

Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure

Boot Partition Bottleneck: Microsoft Confirms Windows 11 Update KB5089549 Fails with Error 0x800f0922

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA

Microsoft Explains the New “SecureBoot” Folder in Windows 11 KB5089549 Update

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet

NGINX Rift: Critical 18-Year-Old Flaw CVE-2026-42945 Actively Exploited to Crash Servers

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory