cybersecurity Archives • Page 19 of 86 • Daily CyberSecurity

The Sleeper in Your Toolbar: How a “Featured” Chrome Extension Turned Into a Full-Scale Infostealer ShotBird extension malware

The Sleeper in Your Toolbar: How a “Featured” Chrome Extension Turned Into a Full-Scale Infostealer

Ddos March 12, 2026

A once-reputable Chrome extension has been caught moonlighting as a sophisticated malware delivery vehicle. ShotBird, a tool...

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

Ddos March 11, 2026

The WordPress security team has issued an urgent call to action following the release of WordPress 6.9.2...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

The Default Danger: Maximum 10.0 CVSS Vulnerability Leaves Honeywell IQ4x Controllers Wide Open

Ddos March 11, 2026

A critical security flaw has been uncovered in the Honeywell IQ4x Building Management System (BMS) Controller family,...

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days

Ddos March 11, 2026

The March 2026 edition of Microsoft Patch Tuesday has arrived, bringing a massive wave of security updates...

Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE OneUptime Vulnerabilities CVE-2026-30956

Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE

Ddos March 11, 2026

OneUptime, a popular multi-tenant platform for monitoring websites and APIs, has released urgent patches to address two...

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Ddos March 11, 2026

In the modern development landscape, supply chain attacks remain one of the most effective ways for threat...

APT-C-23 Weaponized Israel’s ‘Red Alert’ App for Mobile Espionage Red Alert Trojan APT-C-23

APT-C-23 Weaponized Israel’s ‘Red Alert’ App for Mobile Espionage

Ddos March 11, 2026

The Acronis Threat Research Unit (TRU) has identified a calculated campaign distributing a trojanized version of the...

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads Claude Code Malvertising Amatera Malware

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads

Ddos March 11, 2026

In the fast-paced world of AI development, “vibe-coding” has become a popular term for rapid, experimental building....

Zscaler Uncovers 8,000+ Domains and APT Backdoors Exploiting Middle East Tensions Middle East Cyber Threats

Zscaler Uncovers 8,000+ Domains and APT Backdoors Exploiting Middle East Tensions

Ddos March 11, 2026

Zscaler ThreatLabz is currently tracking a significant surge in cybercriminal operations that capitalize on the elevated political...

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets DEV#POPPER OmniStealer

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets

Ddos March 11, 2026

The eSentire’s Threat Response Unit (TRU) recently uncovered a sophisticated campaign involving a Remote Access Trojan (RAT)...

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure CL-UNK-1068 Chinese APT

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure

Ddos March 11, 2026

Since 2020, a sophisticated cluster of activity has been quietly infiltrating high-value organizations across South, Southeast, and...

Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters

Ddos March 11, 2026

Energy management systems are under the microscope following a security advisory from CERT@VDE, which reveals multiple critical...

Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation CVE-2022-36926 Zoom Vulnerability CVE-2026-30903

CVE-2022-36926 Zoom Vulnerability CVE-2026-30903

Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation

Ddos March 10, 2026

Zoom has released a series of security advisories detailing four significant vulnerabilities affecting its Windows clients, including...

The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV

Ddos March 10, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding three...

The Silent Rhythm: How BeatBanker Malware Uses a Looping Audio File to Hijack Android Devices BeatBanker Android Malware

The Silent Rhythm: How BeatBanker Malware Uses a Looping Audio File to Hijack Android Devices

Ddos March 10, 2026

In a sophisticated new campaign targeting users in Brazil, researchers at Kaspersky Labs have uncovered BeatBanker, an...

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp

Ddos March 10, 2026

In a significant Cybersecurity Advisory released in March 2026, the Netherlands Defence Intelligence and Security Service (MIVD)...

Critical Alert: SAP’s Latest Security Update Fixes 9.8 CVSS RCE and Deserialization Flaws SAP Security Patches CVE-2026-27685 SAP Security Update CVE-2026-0488 CVE-2024-47578 - CVE-2025-0070 and CVE-2025-0066

SAP Security Patches CVE-2026-27685 SAP Security Update CVE-2026-0488 CVE-2024-47578 - CVE-2025-0070 and CVE-2025-0066

Critical Alert: SAP’s Latest Security Update Fixes 9.8 CVSS RCE and Deserialization Flaws

Ddos March 10, 2026

Today, 2026, SAP released its monthly security patch update, addressing 15 new security notes across its product...

Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets

Ddos March 10, 2026

Budibase, the popular open-source low-code platform designed for building internal business applications, has released critical security patches...

Under Active Attack: Critical 9.8 CVSS Tutor LMS Pro Flaw Exploited in the Wild for Full Site Takeover CVE-2024-11972 - Hunk Companion

Under Active Attack: Critical 9.8 CVSS Tutor LMS Pro Flaw Exploited in the Wild for Full Site Takeover

Ddos March 10, 2026

A high-severity vulnerability has been uncovered in Tutor LMS Pro, a popular WordPress plugin used by over...

Home Network Alert: TP-Link Patches RCE Vulnerability in Archer AXE75 Routers

Ddos March 10, 2026

TP-Link has issued an urgent security advisory for users of its high-performance Archer AXE75 routers. A newly...

Critical Alert 1 Active Exploit Detected Today