cybersecurity Archives • Page 12 of 88 • Daily CyberSecurity

Qilin’s “EDR Killer” Dismantles 300+ Security Drivers EDR Killer Qilin Ransomware

Qilin’s “EDR Killer” Dismantles 300+ Security Drivers

Do Son April 9, 2026

A technical deep-dive from Cisco Talos has exposed a sophisticated “EDR killer” deployed during Qilin ransomware attacks,...

Palo Alto Networks Patches Trio of Security Flaws: From Agent Disabling to System Privileges PAN-OS IKEv2 Buffer Overflow CVE-2026-0263 Palo Alto Cortex XDR Privilege Escalation Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Palo Alto Networks Patches Trio of Security Flaws: From Agent Disabling to System Privileges

Do Son April 9, 2026

Palo Alto Networks has released critical updates to address three distinct vulnerabilities across its security ecosystem. The...

SonicWall Issues Critical Patch for SMA 1000 Series to Stop SQL Injection and MFA Bypasses SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall Issues Critical Patch for SMA 1000 Series to Stop SQL Injection and MFA Bypasses

Do Son April 9, 2026

SonicWall has released a series of patches for its SMA 1000 series appliances to address four distinct...

The $86,000 Patch: Chrome 147 Crushes “Critical” WebML Memory Flaws Chrome 147 Security WebML Vulnerabilities

The $86,000 Patch: Chrome 147 Crushes “Critical” WebML Memory Flaws

Do Son April 9, 2026

The Google Chrome team has officially promoted Chrome 147 to the stable channel for Windows, Mac, and...

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack

Do Son April 9, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti...

Storm: 2026’s Newest Infostealer Bypasses Chrome to Hijack Your MFA Sessions Storm Infostealer Session Cookie Theft

Storm: 2026’s Newest Infostealer Bypasses Chrome to Hijack Your MFA Sessions

Do Son April 9, 2026

A new and highly efficient threat has emerged on underground cybercrime networks, signaling a significant shift in...

High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server NVIDIA AI Security Deserialization Exploit

High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server

Do Son April 8, 2026

NVIDIA has released two significant security updates addressing high-severity vulnerabilities across its DALI and Triton Inference Server...

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

Do Son April 8, 2026

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Critical Zero-Day: Unauthenticated RCE Exploited in Weaver E-cology 10.0

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2026-22679, has been identified in Weaver (Fanwei) E-cology 10.0, one of...

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System....

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft Adobe Reader Zero-Day PDF Exploit

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft

Do Son April 8, 2026

A highly-sophisticated zero-day exploit has been discovered targeting Adobe Reader users, allowing attackers to steal local files...

Phorpiex’s New P2P Upgrade Makes This 15-Year-Old Botnet Unstoppable Phorpiex Botnet P2P Malware Resilience

Phorpiex’s New P2P Upgrade Makes This 15-Year-Old Botnet Unstoppable

Do Son April 8, 2026

In the fast-moving world of cybercrime, few names carry as much historical weight as Phorpiex. Also known...

Critical Security Update: IBM Patches Multiple Vulnerabilities in Verify Identity and Access IBM Verify Root Escalation

Critical Security Update: IBM Patches Multiple Vulnerabilities in Verify Identity and Access

Do Son April 8, 2026

IBM has released a comprehensive bulletin addressing a series of vulnerabilities within its Verify Identity Access and...

OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Vulnerability RSA Memory Leak OpenSSL Vulnerability CVE-2025-15467 CVE-2022-2274 OpenSSL Vulnerabilities, Timing Side-Channel

OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed

Do Son April 8, 2026

OpenSSL has released a comprehensive security advisory detailing seven vulnerabilities ranging from Moderate to Low severity. The...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

APT28 Hijacks Home Routers to Steal Corporate Credentials

Do Son April 8, 2026

In a major technical disclosure, the UK National Cyber Security Centre (NCSC) has detailed a sophisticated campaign...

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets Venom Stealer Crypto Drainer MaaS

Venom Stealer Bypasses Chrome and “Auto-Cracks” Tonkeeper Wallets

Do Son April 8, 2026

A new Malware-as-a-Service (MaaS) platform is making waves in the cybercrime underground, promising operators an automated pipeline...

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Do Son April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

Malicious VeloraDEX SDK Compromises Developer Machines via npm npm Supply Chain Attack @velora-dex/sdk Malware

Malicious VeloraDEX SDK Compromises Developer Machines via npm

Do Son April 8, 2026

Security researchers at StepSecurity have sounded the alarm on a compromised version of the @velora-dex/sdk package. On...

Budibase Patches Critical RCE and SSRF Vulnerabilities Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Budibase Patches Critical RCE and SSRF Vulnerabilities

Do Son April 7, 2026

Budibase, the popular open-source low-code platform used by engineers to rapidly build internal tools, has released urgent...

10.0 CVSS Flaw in Kestra Grants Full Server Control Kestra RCE SQL Injection Vulnerability

10.0 CVSS Flaw in Kestra Grants Full Server Control

Do Son April 7, 2026

A critical security vulnerability has been unmasked in Kestra, the popular open-source, event-driven orchestration platform. The flaw,...