Daily CyberSecurity

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory

Browser Choice Alliance letter Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory

Do Son May 19, 2026

Security researcher recently disclosed that Microsoft Edge inherently loads all cached user credentials into active memory processes...

Canonical Unlocks Ubuntu 26.04 LTS Upgrade Path for Ubuntu 25.10 Users

Do Son May 19, 2026

Canonical successfully inaugurated Ubuntu 26.04 LTS (Long Term Support) in April 2026. Initially restricted exclusively to clean...

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Four-Faith F3x36 Mass Exploitation CVE-2024-9643 Hardcoded Credentials

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets

Do Son May 19, 2026

A critical authentication bypass flaw in industrial cellular routers has transitioned into a full-blown mass exploitation campaign,...

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace

Do Son May 19, 2026

A brief but dangerous supply chain attack briefly hijacked the official Visual Studio Code marketplace, targeting over...

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

PostgreSQL Security Update 2026 PostgreSQL CVE-2026-6637 Patch CVE-2024-10979 PostgreSQL vulnerability

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning

Do Son May 19, 2026

The PostgreSQL Global Development Group has issued a synchronized security update across all actively supported branches, eliminating...

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PostgreSQL pgcrypto PoC Exploit CVE-2026-2005 Public Disclosure

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE

Do Son May 19, 2026

A critical heap buffer overflow vulnerability lurking in PostgreSQL’s core cryptographic extension for over two decades has...

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE

Do Son May 19, 2026

A severe vulnerability discovered in the popular open-source generative AI development platform Flowise allows authenticated users to...

Critical Portainer Flaws Grant Restricted Users Root Access to the Host Portainer Container Escape CVE-2026-44849 Swarm Bypass

Critical Portainer Flaws Grant Restricted Users Root Access to the Host

Do Son May 19, 2026

A dangerous pair of critical authorization failures within the Portainer container management platform allows standard, restricted users...

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine Marten .NET SQL Injection CVE-2026-45288

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine

Do Son May 19, 2026

A severe vulnerability discovered in Marten, a highly popular .NET transactional document store and event store library,...

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access TencShell Malware Rshell C2 Framework

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access

Do Son May 18, 2026

Security researchers have exposed a highly stealthy attempted intrusion that weaponized an open-source framework into a potent...

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers CountLoader Malware EtherHiding Crypto Clipper

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers

Do Son May 18, 2026

A sprawling cybercriminal operation has been intercepted, but not before thousands of machines were quietly infected by...

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2 NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2

Do Son May 18, 2026

A sophisticated new command-and-control (C2) technique has emerged, revealing threat actors who operate more like modern SaaS...

Gamaredon Exploits WinRAR Path Traversal to Unleash GammaDrop Malware The Gentlemen Ransomware Leak Rocket Database RaaS

Gamaredon Exploits WinRAR Path Traversal to Unleash GammaDrop Malware

Do Son May 18, 2026

A new investigation has unmasked a relentless spearphishing campaign by the Russian-aligned threat actor Gamaredon, exposing their...

Windows 11 Finally Brings Back the Movable Taskbar and Resizable Start Menu Windows 11 context menu Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Windows 11 context menu Windows 11 KB5089549 update error 0x800f0922 Windows 11 taskbar relocation

Windows 11 Finally Brings Back the Movable Taskbar and Resizable Start Menu

Do Son May 18, 2026

Microsoft plans to initiate a monumental recalibration of the Windows 11 user interface, seeking to address prolonged...

OpenAI Debuts “Finances” Feature to Turn ChatGPT into Your Personal Wealth Manager ChatGPT Finances Plaid feature

OpenAI Debuts “Finances” Feature to Turn ChatGPT into Your Personal Wealth Manager

Do Son May 18, 2026

OpenAI has announced the debut of a pioneering personal wealth preview feature dubbed Finances, currently available exclusively...

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers CVE-2020-17519 Apache Flink Vulnerability CVE-2026-35194 RCE

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers

Do Son May 18, 2026

A critical severity vulnerability, tracked as CVE-2026-35194, has been disclosed in Apache Flink, exposing the distributed processing...

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE Strapi CMS Vulnerabilities CVE-2026-27886 Admin Takeover

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE

Do Son May 18, 2026

A pair of severe vulnerabilities discovered in Strapi, the widely used open-source headless Content Management System (CMS),...

The CVE Watchtower: Weekly Threat Intelligence Briefing (May 11 – May 17, 2026)

Do Son May 18, 2026

Welcome to your weekly vulnerability digest. If your security dashboards have been flashing red, your telemetry is...

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE

Do Son May 18, 2026

Technical teams using the popular workflow automation platform n8n are facing a high-stakes security advisory after researchers...

No Encryption Needed: New “GhostLock” Technique Weaponizes Windows SMB to Freeze Enterprise Files GhostLock Ransomware Evasion SMB File Share Lockout

GhostLock Ransomware Evasion SMB File Share Lockout

No Encryption Needed: New “GhostLock” Technique Weaponizes Windows SMB to Freeze Enterprise Files

Do Son May 18, 2026

Security researchers have unveiled a novel defensive bypass that allows any low-privileged domain user to lock down...

Critical Alert 2 Active Exploits Detected Today

Critical Alert

By Design No More: Microsoft Edge Vv148.0 to Block Plaintext Password Scrapes from Process Memory

Canonical Unlocks Ubuntu 26.04 LTS Upgrade Path for Ubuntu 25.10 Users

Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets

Massive PostgreSQL Update: 11 Vulnerabilities Patched as Version 14 Hits End-of-Life Warning

PoC Exploit Publicly Disclosed: 20-Year-Old PostgreSQL pgcrypto Flaw (CVE-2026-2005) Grants Full Superuser RCE

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE

Critical Portainer Flaws Grant Restricted Users Root Access to the Host

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers

SaaS-Style Cybercrime: Attackers Weaponize Langflow RCE and NATS Messaging for Ultra-Scalable C2

Gamaredon Exploits WinRAR Path Traversal to Unleash GammaDrop Malware

Windows 11 Finally Brings Back the Movable Taskbar and Resizable Start Menu

OpenAI Debuts “Finances” Feature to Turn ChatGPT into Your Personal Wealth Manager

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE

The CVE Watchtower: Weekly Threat Intelligence Briefing (May 11 – May 17, 2026)

Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE