Cyber Security Archives • Page 2 of 11 • Daily CyberSecurity

New Apache Camel K Flaw (CVE-2026-45760) Enables Cross-Namespace Attacks Apache Camel K Vulnerability CVE-2026-45760 Build Deputy Apache Camel Security CVE-2026-23552 CVE-2025-27636 CVE-2025-29891 PoC

Apache Camel K Vulnerability CVE-2026-45760 Build Deputy Apache Camel Security CVE-2026-23552 CVE-2025-27636 CVE-2025-29891 PoC

New Apache Camel K Flaw (CVE-2026-45760) Enables Cross-Namespace Attacks

Do Son May 22, 2026

A newly disclosed vulnerability was found in Apache Camel K, a widely trusted open-source integration framework designed...

Critical Five Critical vm2 Vulnerabilities Grant Instant Node.js Host RCE vm2 Sandbox Escape Vulnerabilities CVE-2026-47140 Node.js RCE

Critical Five Critical vm2 Vulnerabilities Grant Instant Node.js Host RCE

Do Son May 22, 2026

In the world of Node.js development, the vm2 library has long served as a popular mechanism for...

Critical Print-Path RCE Exposed: Critical HP Linux Driver Flaws (CVE-2026-8631) Grant Root Privileges HPLIP Security Vulnerabilities CVE-2026-8631 Linux Flaw

HPLIP Security Vulnerabilities CVE-2026-8631 Linux Flaw

Critical Print-Path RCE Exposed: Critical HP Linux Driver Flaws (CVE-2026-8631) Grant Root Privileges

Do Son May 22, 2026

A fresh security advisory has issued an urgent warning for open-source environments and enterprise Linux deployments utilizing...

High Splunk Patches High-Severity Bugs Granting DoS and Internal Log Leaks

Do Son May 22, 2026

Splunk has issued a coordinated batch of security advisories targeting vulnerabilities across Splunk Enterprise, Splunk Cloud Platform,...

Fortra BoKS vulnerability OS command injection, CVE-2026-9862 Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Critical Critical Altium Enterprise Server Flaws Grant RCE and Database Access

Do Son May 22, 2026

Altium Enterprise Server, the backbone platform used by engineering teams globally to manage complex printed circuit board...

PowerDNS Fixes Flaws Granting Server Crashes and Memory Corruption PowerDNS Authoritative Server Vulnerabilities CVE-2026-42001 DoS CVE-2024-25581 DNSdist vulnerability, DNS DoS

PowerDNS Authoritative Server Vulnerabilities CVE-2026-42001 DoS CVE-2024-25581 DNSdist vulnerability, DNS DoS

PowerDNS Fixes Flaws Granting Server Crashes and Memory Corruption

Do Son May 22, 2026

PowerDNS has issued a coordinated set of security advisories addressing multiple vulnerabilities discovered within its Authoritative Server...

CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA KEV Catalog Updates Langflow CVE-2025-34291 Exploit SharePoint Spoofing CISA KEV Catalog Actively Exploited Vulnerability

CISA Sound the Alarm: Langflow AI Platform and Trend Micro Added to KEV Catalog Due to Active Exploitation

Do Son May 21, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two newly weaponized security vulnerabilities to its...

KongTuke Abandoning “ClickFix” to Launch Direct Microsoft Teams Attacks KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Abandoning “ClickFix” to Launch Direct Microsoft Teams Attacks

Do Son May 21, 2026

Corporate collaboration platforms have officially moved to the top of the initial access broker playbook. A new...

PawsRunner Steganography Loader PureLogs Infostealer Campaign

New PawsRunner Steganography Loader Evades EDR to Deploy PureLogs Infostealer

Do Son May 21, 2026

The use of steganography—the ancient art of hiding secret messages inside seemingly ordinary files—is experiencing a massive...

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker Gremlin Stealer Unit 42 Session Hijacking Malware

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker

Do Son May 21, 2026

Information stealers are no longer just basic, entry-level scripts designed to lift saved passwords from standard browser...

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise Microsoft Teams External Phishing Rapid7 Labs Incident Response

Microsoft Teams External Phishing Rapid7 Labs Incident Response

Beyond Email: Attackers Hijack Microsoft Teams External Access to Launch Deep Network Compromise

Do Son May 21, 2026

A newly detailed incident response investigation highlights a critical reality for corporate security teams: the perimeter of...

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

Do Son May 21, 2026

A massive, fast-moving software supply chain attack has struck the global JavaScript development ecosystem. Over the past...

9.1 Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens Coder Token Theft Vulnerability CVE-2026-46354 Azure Identity

Coder Token Theft Vulnerability CVE-2026-46354 Azure Identity

9.1 Signature Bypass Alert: Critical Coder Flaw (CVE-2026-46354) Exposes Git Keys and Developer Tokens

Do Son May 21, 2026

Coder, the prominent self-hosted platform used by enterprises to build cloud development environments and manage AI coding...

10.0 CVSS 10.0 Alert: Critical Cisco Secure Workload Exploit Grants Unauthenticated Site Admin Access Cisco Secure Workload Vulnerability CVE-2026-20223 CVSS 10

Cisco Secure Workload Vulnerability CVE-2026-20223 CVSS 10

10.0 CVSS 10.0 Alert: Critical Cisco Secure Workload Exploit Grants Unauthenticated Site Admin Access

Do Son May 21, 2026

Cisco has issued an urgent security advisory addressing a maximum-severity vulnerability discovered within its zero-trust microsegmentation and...

10 Unpatched CVSS 10 Alert: ChromaDB Python Server Grants Pre-Auth RCE via Malicious Hugging Face Models ChromaDB Pre-Auth RCE CVE-2026-45829

10 Unpatched CVSS 10 Alert: ChromaDB Python Server Grants Pre-Auth RCE via Malicious Hugging Face Models

Do Son May 21, 2026

ChromaDB, one of the most widely adopted open-source vector databases engineered to enable semantic matching, retrieval-augmented generation...

Critical Double Critical Threat: Google Chrome Rushes Out Urgent Fixes for WebRTC and UI Sandbox Flaws Google Chrome Security Update CVE-2026-9111 Critical Patch

Google Chrome Security Update CVE-2026-9111 Critical Patch

Critical Double Critical Threat: Google Chrome Rushes Out Urgent Fixes for WebRTC and UI Sandbox Flaws

Do Son May 21, 2026

Google has officially released a security update for the Google Chrome Stable channel on Desktop, addressing 16...

6.5 Exploited in the Wild: Critical Drupal SQL Injection (CVE-2026-9082) Grants Attacker Root Access CVE-2022-39261 Drupal SQL Injection Vulnerability CVE-2026-9082 PostgreSQL Flaw

CVE-2022-39261 Drupal SQL Injection Vulnerability CVE-2026-9082 PostgreSQL Flaw

6.5 Exploited in the Wild: Critical Drupal SQL Injection (CVE-2026-9082) Grants Attacker Root Access

Do Son May 21, 2026

The Drupal Security Team has released an urgent advisory detailing a highly critical vulnerability lurking within the...

Critical Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

CVE-2022-25371 - CVE-2025-26865 Apache OFBiz RCE Vulnerability CVE-2026-45434 Authentication Bypass

Critical Critical RCE Exploits Exposed: Apache OFBiz Patches Severe Authentication Bypass Flaws

Do Son May 21, 2026

The Apache OFBiz project has released a critical security update to patch several important vulnerabilities affecting its...

Public Exploit Exposes Root Privilege Escalation Flaw in VMware Fusion VMware Fusion TOCTOU Exploit CVE-2026-41702 PoC

Public Exploit Exposes Root Privilege Escalation Flaw in VMware Fusion

Do Son May 21, 2026

Mathieu Farrell, an independent security researcher operating under the handle @coiffeur0x90, has publicly disclosed the inner workings...

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT

Do Son May 20, 2026

A comprehensive deep dive by the research team at Point Wild has laid bare the internal mechanics...