cybersecurity Archives • Page 16 of 86 • Daily CyberSecurity

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems

Ddos March 18, 2026

Aryaka Threat Labs has unmasked a sophisticated malware operation dubbed BlackSanta. This Russian-speaking threat actor has spent...

Critical Craft CMS Flaw Grants Instant Admin Access Craft CMS Vulnerability CVE-2026-32267 CVE-2023-41892 Craft CMS CVE-2025-32432

Critical Craft CMS Flaw Grants Instant Admin Access

Ddos March 18, 2026

In the world of web development, the “Live Preview” button is a staple for content editors—a harmless...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

The EU Strikes Back: New Sanctions Target Chinese and Iranian Cyber Threat Actors

Ddos March 18, 2026

In a decisive move to protect the digital sovereignty of its member states, the Council of the...

Pandora’s Box: IBM X-Force Uncovers Likely AI-Generated “Slopoly” Malware Weaponizable AI AI Cyber Threats

Pandora’s Box: IBM X-Force Uncovers Likely AI-Generated “Slopoly” Malware

Ddos March 18, 2026

Cybersecurity investigators at IBM X-Force have identified a disturbing new milestone in the evolution of digital threats:...

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Edge of Disaster: Critical 9.8 CVSS Flaw in Oracle Cloud Infrastructure Toolkit Allows Complete Takeover

Ddos March 18, 2026

A critical vulnerability has been identified in a key component of Oracle’s open-source portfolio, potentially handing the...

The Cyber Nexus: Iranian Group ‘Muddy Water’ Caught Deploying Russian ‘Tsundere’ Botnet via EtherHiding Tsundere Botnet Muddy Water

The Cyber Nexus: Iranian Group ‘Muddy Water’ Caught Deploying Russian ‘Tsundere’ Botnet via EtherHiding

Ddos March 18, 2026

Cybersecurity investigators at eSentire’s Threat Response Unit (TRU) have uncovered a high-stakes digital alignment between two major...

Critical Spring AI Flaws Expose Databases to SQL and JSONPath Injection Spring AI Vulnerability Remote Code Execution (RCE) Spring AI Vulnerability CVE-2026-22730

Spring AI Vulnerability Remote Code Execution (RCE) Spring AI Vulnerability CVE-2026-22730

Critical Spring AI Flaws Expose Databases to SQL and JSONPath Injection

Ddos March 17, 2026

Security researchers have issued a dual-threat alert for developers utilizing the Spring AI framework, a popular tool...

Publicly Disclosed: Bishop Fox Reveals Critical Pre-Auth SQL Injection in FortiClient EMS FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

Publicly Disclosed: Bishop Fox Reveals Critical Pre-Auth SQL Injection in FortiClient EMS

Ddos March 17, 2026

Cybersecurity researchers at Bishop Fox have released a technical deep-dive into a critical vulnerability affecting FortiClient EMS,...

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights File Browser Vulnerability CVE-2026-32760

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights

Ddos March 17, 2026

Security researchers have issued a high-priority alert for users of File Browser, a popular open-source self-hosted cloud...

CVE Watchtower Launches Enterprise Automation Suite Featuring 30-Day Intelligence Dashboards, Predictive EPSS Scoring, REST API, and ITSM Webhooks

ddos-admin March 17, 2026

CVE Watchtower has announced a major expansion to its threat intelligence platform, introducing a comprehensive suite of...

Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles Authlib Vulnerabilities CVE-2026-27962

Broken Keys: Critical Authlib Flaws Expose Millions to JWT Forgery and Padding Oracles

Ddos March 17, 2026

Security researchers exposed three critical vulnerabilities in Authlib, the widely used library for building OAuth and OpenID...

GlassWorm Abuses VS Code Extensions to Fuel Supply Chain Attacks GlassWorm Malware Open VSX Supply Chain

GlassWorm Abuses VS Code Extensions to Fuel Supply Chain Attacks

Ddos March 17, 2026

The threat actor known as GlassWorm has significantly escalated its operations, pivoting from simple malicious listings to...

Weaponized Browsers: How the ‘DRILLAPP’ Backdoor Turns Microsoft Edge into an Espionage Tool DRILLAPP Backdoor Browser Exploitation

Weaponized Browsers: How the ‘DRILLAPP’ Backdoor Turns Microsoft Edge into an Espionage Tool

Ddos March 17, 2026

Cybersecurity researchers at LAB52, the threat intelligence arm of S2 Group, have uncovered a novel campaign targeting...

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization

Ddos March 17, 2026

A significant security vulnerability has been unearthed in the Angular runtime and compiler, potentially exposing thousands of...

Operation CamelClone: New Global Espionage Campaign Hijacks Public Cloud Tools Operation CamelClone Cloud Storage Abuse

Operation CamelClone: New Global Espionage Campaign Hijacks Public Cloud Tools

Ddos March 17, 2026

Cybersecurity researchers at Seqrite Labs have identified a widespread and highly targeted espionage operation dubbed “Operation CamelClone”....

The Fake VPN Trap: Microsoft Warns of Storm-2561 SEO Poisoning Campaigns Stealing Corporate Credentials

Ddos March 17, 2026

Cybersecurity investigators at Microsoft Defender Experts have sounded the alarm on a deceptive credential theft campaign targeting...

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS OphimCMS Malware Packagist Supply Chain Attack

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS

Ddos March 17, 2026

Cybersecurity investigators at Socket’s Threat Research Team have sounded the alarm after discovering a cluster of malicious...

CISA Flags Actively Exploited Wing FTP Server Flaw Wing FTP Server CVE-2025-47813

CISA Flags Actively Exploited Wing FTP Server Flaw

Ddos March 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive after adding a new vulnerability...

Backdoored React Native Packages Target Developers with Crypto-Stealing Malware PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Backdoored React Native Packages Target Developers with Crypto-Stealing Malware

Ddos March 16, 2026

The JavaScript development community is on high alert following a coordinated supply chain attack targeting two popular...

The Poisoned Pickle: Critical Unpatched RCE Flaws Expose SGLang AI Infrastructure

Ddos March 16, 2026

Security researchers have issued a warning to the AI development community following the discovery of critical vulnerabilities...

Critical Alert 1 Active Exploit Detected Today