Cyber Security Archives • Page 3 of 11 • Daily CyberSecurity

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals FreePBX UCP Vulnerability CVE-2026-46376 Hard-Coded Credentials

FreePBX UCP Vulnerability CVE-2026-46376 Hard-Coded Credentials

VoIP Backbone Exposed: Critical FreePBX Flaw (CVE-2026-46376) Allows Unauthenticated Access to User Portals

Ddos May 20, 2026

FreePBX, widely recognized as the world’s most popular open-source IP PBX platform for building customized phone systems,...

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users Arcane Docker Vulnerability CVE-2026-45625

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users

Ddos May 20, 2026

Arcane, the popular tool billed as “Modern Docker Management, Designed for Everyone”, has disclosed a severe security...

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365 Tycoon 2FA Phishing Kit OAuth Device Code Phishing

Resurgent Tycoon 2FA Adopts OAuth Device Code Phishing to Hijack Microsoft 365

Ddos May 19, 2026

Just weeks after a massive international law enforcement operation dismantled its primary server infrastructure, the notorious Tycoon...

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory

Ddos May 19, 2026

A massive and highly coordinated supply chain assault is currently ripping through the JavaScript developer ecosystem. Security...

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA Device Code Phishing EvilTokens PhaaS

AI “Vibe Coding” Fuels a Phishing Free-For-All: How EvilTokens Bypasses Microsoft 365 MFA

Ddos May 19, 2026

A once-obscure technique for bypassing multifactor authentication is exploding across the threat landscape, supercharged by AI “vibe...

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace

Ddos May 19, 2026

A brief but dangerous supply chain attack briefly hijacked the official Visual Studio Code marketplace, targeting over...

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Breaking the AI Sandbox: Critical Flowise Flaw (CVE-2026-46442) Grants Host-Level RCE

Ddos May 19, 2026

A severe vulnerability discovered in the popular open-source generative AI development platform Flowise allows authenticated users to...

Critical Portainer Flaws Grant Restricted Users Root Access to the Host Portainer Container Escape CVE-2026-44849 Swarm Bypass

Critical Portainer Flaws Grant Restricted Users Root Access to the Host

Ddos May 19, 2026

A dangerous pair of critical authorization failures within the Portainer container management platform allows standard, restricted users...

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine Marten .NET SQL Injection CVE-2026-45288

Critical 9.8 CVSS: Severe SQL Injection Flaw Exposed in Marten .NET Document Store Engine

Ddos May 19, 2026

A severe vulnerability discovered in Marten, a highly popular .NET transactional document store and event store library,...

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access TencShell Malware Rshell C2 Framework

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access

Ddos May 18, 2026

Security researchers have exposed a highly stealthy attempted intrusion that weaponized an open-source framework into a potent...

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers CountLoader Malware EtherHiding Crypto Clipper

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers

Ddos May 18, 2026

A sprawling cybercriminal operation has been intercepted, but not before thousands of machines were quietly infected by...

Unmasked: 16GB “Rocket” Database Leak Exposes The Gentlemen Ransomware Cartel The Gentlemen Ransomware Leak Rocket Database RaaS

Unmasked: 16GB “Rocket” Database Leak Exposes The Gentlemen Ransomware Cartel

Ddos May 18, 2026

A massive internal data leak has blown the lid off “The Gentlemen,” a highly organized Ransomware-as-a-Service (RaaS)...

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers CVE-2020-17519 Apache Flink Vulnerability CVE-2026-35194 RCE

Critical RCE Flaw in Apache Flink (CVE-2026-35194) Threatens TaskManagers

Ddos May 18, 2026

A critical severity vulnerability, tracked as CVE-2026-35194, has been disclosed in Apache Flink, exposing the distributed processing...

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE Strapi CMS Vulnerabilities CVE-2026-27886 Admin Takeover

Critical Strapi Flaws Enable Unauthenticated Admin Takeover and Server RCE

Ddos May 18, 2026

A pair of severe vulnerabilities discovered in Strapi, the widely used open-source headless Content Management System (CMS),...

The CVE Watchtower: Weekly Threat Intelligence Briefing (May 11 – May 17, 2026)

Ddos May 18, 2026

Welcome to your weekly vulnerability digest. If your security dashboards have been flashing red, your telemetry is...

No Encryption Needed: New “GhostLock” Technique Weaponizes Windows SMB to Freeze Enterprise Files GhostLock Ransomware Evasion SMB File Share Lockout

GhostLock Ransomware Evasion SMB File Share Lockout

No Encryption Needed: New “GhostLock” Technique Weaponizes Windows SMB to Freeze Enterprise Files

Ddos May 18, 2026

Security researchers have unveiled a novel defensive bypass that allows any low-privileged domain user to lock down...

CVSS 10 Alert: Quest KACE SMA Auth Bypass Exploited to Hijack Managed Endpoints Quest KACE SMA Vulnerability CVE-2025-32975 Exploit

CVSS 10 Alert: Quest KACE SMA Auth Bypass Exploited to Hijack Managed Endpoints

Ddos May 16, 2026

Cybersecurity researchers have just dropped a report on a critical “management plane” threat that has spent the...

Paper Werewolf Unleashed: Custom Stealers and AI-Assisted Loaders Target Global Industrial Hubs Paper Werewolf Espionage PaperGrabber Malware

Paper Werewolf Espionage PaperGrabber Malware

Paper Werewolf Unleashed: Custom Stealers and AI-Assisted Loaders Target Global Industrial Hubs

Ddos May 15, 2026

A new wave of cyber espionage has been unleashed against Russian industrial, financial, and transport sectors, revealing...

PoC Released: Critical Linux Kernel ptrace Flaw Publicly Disclosed—Unprivileged Root File Access Possible

Ddos May 15, 2026

A critical “sanity check” gap in the Linux kernel’s ptrace logic has finally been addressed, but not...

cPanel & WHM Patch 5 High-Severity Flaws, Including 8.6 Severity File Read and SQLi cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

cPanel & WHM Patch 5 High-Severity Flaws, Including 8.6 Severity File Read and SQLi

Ddos May 15, 2026

Recently, cPanel & WHM and WP Squared have issued patches for five critical vulnerabilities. These flaws range...