Daily CyberSecurity • Page 35 of 733 • Zero-hour alerts. Unmatched analysis.

Operational Blackout: How Kyber Ransomware Targets the Heart of Virtualized Environments Kyber Ransomware ESXi Virtualization Attack

Operational Blackout: How Kyber Ransomware Targets the Heart of Virtualized Environments

Do Son April 24, 2026

Researchers at Rapid7 have uncovered Kyber, a specialized ransomware family that recently hit enterprise environments with a...

Supply Chain Sabotage: Bitwarden CLI Compromised in Global “Checkmarx” Campaign Bitwarden CLI Compromise Dune Supply Chain Attack

Supply Chain Sabotage: Bitwarden CLI Compromised in Global “Checkmarx” Campaign

Do Son April 24, 2026

The password management world was rocked this week as researchers from Socket revealed a major supply chain...

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

Arcane Door Reopened: The Cisco Firepower Backdoor That Only a Hard Reboot Can Kill

Do Son April 24, 2026

Cisco Talos has released a critical update on the threat actor known as UAT-4356 (also associated with...

Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Goes Cross-Platform: New Linux Backdoor Abuses Microsoft Graph API

Do Son April 24, 2026

The sophisticated threat actor known as Harvester is expanding its horizons. Traditionally known for targeting Windows environments,...

Windows Python Users Warned of High-Severity “asyncio” Memory Flaw Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Python asyncio Vulnerability Windows Buffer Overflow ormar SQL Injection CVE-2026-26198 CVE-2024-49768 - Waitress WSGI server

Windows Python Users Warned of High-Severity “asyncio” Memory Flaw

Do Son April 23, 2026

Python developers and system administrators on Windows are being urged to update their environments following the discovery...

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover mailcow XSS CVE-2026-40872

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Do Son April 23, 2026

The popular open-source groupware suite mailcow: dockerized is facing a high-stakes security challenge. A critical Stored Cross-Site...

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory

Do Son April 23, 2026

A critical unauthenticated remote information disclosure vulnerability has been uncovered in Ollama, the popular open-source tool used...

Critical Authentication Bypass in Apache HttpClient 5.6 Apache HttpClient Vulnerability SCRAM-SHA-256 Auth Bypass

Critical Authentication Bypass in Apache HttpClient 5.6

Do Son April 23, 2026

The Apache Software Foundation has issued an urgent advisory for a vulnerability in its widely used HttpClient...

Critical 9.8 CVSS Flaws Hit ArcGIS Infrastructure

Do Son April 23, 2026

Esri has issued an urgent security bulletin regarding two critical vulnerabilities affecting developer credentials within ArcGIS Online,...

The Lotus Evolves: Mustang Panda Targets Indian Banks in a New Espionage Pivot Mustang Panda LOTUSLITE Financial Cyber-Espionage

The Lotus Evolves: Mustang Panda Targets Indian Banks in a New Espionage Pivot

Do Son April 23, 2026

The Acronis Threat Research Unit (TRU) has identified a significant shift in the operations of Mustang Panda,...

Lotus Wiper: A Destructive New Threat Strikes Venezuela’s Energy Sector Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper: A Destructive New Threat Strikes Venezuela’s Energy Sector

Do Son April 23, 2026

A novel and devastating file wiper has been discovered targeting critical infrastructure in South America. Against the...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

In the Wild: Information Disclosure (CVE-2026-20133) Exploited in Cisco SD-WAN Manager

Do Son April 23, 2026

The networking giant Cisco has issued an urgent warning to enterprise administrators. In April 2026, the Cisco...

Cisco Talos Unveils “Living-off-the-Land” Tactics Threatening macOS macOS LOTL Techniques Enterprise Mac Security

Cisco Talos Unveils “Living-off-the-Land” Tactics Threatening macOS

Do Son April 23, 2026

As macOS adoption reaches record highs in the enterprise—now serving as the primary workstation for over 45...

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers Void Dokkaebi Supply Chain Infected VS Code Tasks

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers

Do Son April 23, 2026

A new report from researchers at TrendMicro has exposed the evolution of Void Dokkaebi (also known as...

Linux Privilege Escalation: “Pack2TheRoot” Flaw Impacts Major Distributions Pack2TheRoot Vulnerability PackageKit Privilege Escalation

Linux Privilege Escalation: “Pack2TheRoot” Flaw Impacts Major Distributions

Do Son April 23, 2026

A long-standing security flaw has been unearthed in a core component of the modern Linux desktop and...

Over 400,000 WordPress Sites at Risk as “Breeze” Plugin Zero-Day Is Exploited in the Wild WordPress RCE Breeze Plugin Vulnerability

Over 400,000 WordPress Sites at Risk as “Breeze” Plugin Zero-Day Is Exploited in the Wild

Do Son April 23, 2026

A major security threat is currently sweeping through the WordPress ecosystem. Breeze, a highly popular caching plugin...

CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines CVE-2026-33626 LMDeploy SSRF

CVE-2026-33626: High-Severity SSRF Exploited in the Wild to Hijack AI Inference Engines

Do Son April 23, 2026

On April 21, 2026, a high-severity Server-Side Request Forgery (SSRF) vulnerability was disclosed in LMDeploy, a popular...

TeamPCP Hijacks Checkmarx in Sprawling Supply Chain Strike Checkmarx Supply Chain Attack TeamPCP

TeamPCP Hijacks Checkmarx in Sprawling Supply Chain Strike

Do Son April 23, 2026

The cybersecurity world is facing a sprawling supply chain compromise as official distribution channels for Checkmarx, a...

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference Xinference Supply Chain Attack TeamPCP

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference

Do Son April 23, 2026

The Python ecosystem is reeling from a sophisticated supply chain attack targeting Xinference (Xorbits Inference), a widely...

PureRAT Unmasked: The Stealthy, Multi-Stage “Dynamic Loader” Targeting Windows PureRAT Malware Steganography Evasion

PureRAT Unmasked: The Stealthy, Multi-Stage “Dynamic Loader” Targeting Windows

Do Son April 23, 2026

The Trellix Advanced Research Center has released an in-depth analysis of PureRAT, an advanced remote access trojan...

Critical Alert 1 Active Exploit Detected Today