Cyber Security Archives • Page 2 of 11 • Daily CyberSecurity

Critical Altium Enterprise Server Flaws Grant RCE and Database Access

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Critical Altium Enterprise Server Flaws Grant RCE and Database Access

Ddos May 22, 2026

Altium Enterprise Server, the backbone platform used by engineering teams globally to manage complex printed circuit board...

PowerDNS Fixes Flaws Granting Server Crashes and Memory Corruption PowerDNS Authoritative Server Vulnerabilities CVE-2026-42001 DoS CVE-2024-25581 DNSdist vulnerability, DNS DoS

PowerDNS Authoritative Server Vulnerabilities CVE-2026-42001 DoS CVE-2024-25581 DNSdist vulnerability, DNS DoS

PowerDNS Fixes Flaws Granting Server Crashes and Memory Corruption

Ddos May 22, 2026

PowerDNS has issued a coordinated set of security advisories addressing multiple vulnerabilities discovered within its Authoritative Server...

CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation

Ddos May 21, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two newly weaponized security vulnerabilities to its...

KongTuke Abandoning “ClickFix” to Launch Direct Microsoft Teams Attacks KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Abandoning “ClickFix” to Launch Direct Microsoft Teams Attacks

Ddos May 21, 2026

Corporate collaboration platforms have officially moved to the top of the initial access broker playbook. A new...

PawsRunner Steganography Loader PureLogs Infostealer Campaign

New PawsRunner Steganography Loader Evades EDR to Deploy PureLogs Infostealer

Ddos May 21, 2026

The use of steganography—the ancient art of hiding secret messages inside seemingly ordinary files—is experiencing a massive...

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker Gremlin Stealer Unit 42 Session Hijacking Malware

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker

Ddos May 21, 2026

Information stealers are no longer just basic, entry-level scripts designed to lift saved passwords from standard browser...

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise Microsoft Teams External Phishing Rapid7 Labs Incident Response

Microsoft Teams External Phishing Rapid7 Labs Incident Response

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise

Ddos May 21, 2026

A newly detailed incident response investigation highlights a critical reality for corporate security teams: the perimeter of...

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

Ddos May 21, 2026

A massive, fast-moving software supply chain attack has struck the global JavaScript development ecosystem. Over the past...

Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens Coder Token Theft Vulnerability CVE-2026-46354 Azure Identity

Coder Token Theft Vulnerability CVE-2026-46354 Azure Identity

Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens

Ddos May 21, 2026

Coder, the prominent self-hosted platform used by enterprises to build cloud development environments and manage AI coding...

CVSS 10.0 Alert: Critical Cisco Secure Workload Exploit Grants Unauthenticated Site Admin Access Cisco Secure Workload Vulnerability CVE-2026-20223 CVSS 10

Cisco Secure Workload Vulnerability CVE-2026-20223 CVSS 10

CVSS 10.0 Alert: Critical Cisco Secure Workload Exploit Grants Unauthenticated Site Admin Access

Ddos May 21, 2026

Cisco has issued an urgent security advisory addressing a maximum-severity vulnerability discovered within its zero-trust microsegmentation and...

Unpatched CVSS 10 Alert: ChromaDB Python Server Grants Pre-Auth RCE via Malicious Hugging Face Models ChromaDB Pre-Auth RCE CVE-2026-45829

Unpatched CVSS 10 Alert: ChromaDB Python Server Grants Pre-Auth RCE via Malicious Hugging Face Models

Ddos May 21, 2026

ChromaDB, one of the most widely adopted open-source vector databases engineered to enable semantic matching, retrieval-augmented generation...

Double Critical Threat: Google Chrome Rushes Out Urgent Fixes for WebRTC and UI Sandbox Flaws Google Chrome Security Update CVE-2026-9111 Critical Patch

Google Chrome Security Update CVE-2026-9111 Critical Patch

Double Critical Threat: Google Chrome Rushes Out Urgent Fixes for WebRTC and UI Sandbox Flaws

Ddos May 21, 2026

Google has officially released a security update for the Google Chrome Stable channel on Desktop, addressing 16...

Exploited in the Wild: Critical Drupal SQL Injection (CVE-2026-9082) Grants Attacker Root Access CVE-2022-39261 Drupal SQL Injection Vulnerability CVE-2026-9082 PostgreSQL Flaw

CVE-2022-39261 Drupal SQL Injection Vulnerability CVE-2026-9082 PostgreSQL Flaw

Exploited in the Wild: Critical Drupal SQL Injection (CVE-2026-9082) Grants Attacker Root Access

Ddos May 21, 2026

The Drupal Security Team has released an urgent advisory detailing a highly critical vulnerability lurking within the...

Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws

Ddos May 21, 2026

The Apache OFBiz project has released a critical security update to patch several important vulnerabilities affecting its...

Public Exploit Exposes Root Privilege Escalation Flaw in VMware Fusion VMware Fusion TOCTOU Exploit CVE-2026-41702 PoC

Public Exploit Exposes Root Privilege Escalation Flaw in VMware Fusion

Ddos May 21, 2026

Mathieu Farrell, an independent security researcher operating under the handle @coiffeur0x90, has publicly disclosed the inner workings...

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT

Ddos May 20, 2026

A comprehensive deep dive by the research team at Point Wild has laid bare the internal mechanics...

The Missed Token: Grafana Labs Suffers Source Code Theft via Shai-Hulud npm Worm Campaign CVE-2023-1550 Grafana Labs Cyberattack Mini Shai-Hulud npm Worm

CVE-2023-1550 Grafana Labs Cyberattack Mini Shai-Hulud npm Worm

The Missed Token: Grafana Labs Suffers Source Code Theft via Shai-Hulud npm Worm Campaign

Ddos May 20, 2026

Grafana Labs has broken its silence regarding a targeted corporate cyberattack that culminated in the theft of...

Critical ZKTeco CCTV Flaw (CVE-2026-8598) Leaks Admin Credentials Without Authentication ZKTeco CCTV Vulnerability CVE-2026-8598 Patch

Critical ZKTeco CCTV Flaw (CVE-2026-8598) Leaks Admin Credentials Without Authentication

Ddos May 20, 2026

A newly disclosed, critical vulnerability in ZKTeco CCTV cameras is serving as a reminder that the devices...

Keys to the Kingdom: Critical 9.9 CVSS Budibase Flaw Allows Total Tenant Takeover

Ddos May 20, 2026

Budibase, the popular open-source operations platform known for saving engineers hundreds of hours building secure Agents, Apps,...

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads NVIDIA Driver Security Update CVE-2026-24187 Linux

NVIDIA Driver Security Update CVE-2026-24187 Linux

Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads

Ddos May 20, 2026

NVIDIA has released a software update for the NVIDIA Triton Inference Server to address a wave of...