cybersecurity

New “Pheno” Malware Hijacks Microsoft Phone Link to Steal SMS and OTPs NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

New “Pheno” Malware Hijacks Microsoft Phone Link to Steal SMS and OTPs

Do Son May 7, 2026

Security researchers at Cisco Talos have uncovered a sophisticated campaign that allows attackers to steal SMS messages...

High-Severity WatchGuard Agent Flaws Grant Full SYSTEM Privileges on Windows WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

High-Severity WatchGuard Agent Flaws Grant Full SYSTEM Privileges on Windows

Do Son May 7, 2026

WatchGuard has released a critical security update for its Windows-based agent software to remediate a series of...

Critical 9.0 CVSS Flaw in ArcadeDB Allows Total Cross-Database Access ArcadeDB Authorization Bypass CVE-2026-44221

ArcadeDB Authorization Bypass CVE-2026-44221

Critical 9.0 CVSS Flaw in ArcadeDB Allows Total Cross-Database Access

Do Son May 7, 2026

ArcadeDB, the high-performance Multi-Model DBMS known for its “Alien Technology” engine and extreme “mechanical sympathy” optimizations, has...

Critical Spring Cloud Config Flaws Expose Arbitrary Files and GCP Secrets Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Spring Cloud Config Vulnerability CVE-2026-40982 Spring Boot Vulnerability CVSS 9.1 Bypass CVE-2022-31692 Spring Boot Vulnerability Authentication Bypass

Critical Spring Cloud Config Flaws Expose Arbitrary Files and GCP Secrets

Do Son May 7, 2026

The Spring Cloud Config project, a vital component for centralizing external configuration in distributed systems, has released...

Bitcoin Core Fixes High-Severity Remote Crash Vulnerability Bitcoin Core Node Crash CVE-2024-52911 CVE-2024-35202 - Bitcoin Core

Bitcoin Core Node Crash CVE-2024-52911 CVE-2024-35202 - Bitcoin Core

Bitcoin Core Fixes High-Severity Remote Crash Vulnerability

Do Son May 7, 2026

Bitcoin Core developers have released a critical fix for a long-standing vulnerability that could have allowed an...

Chrome’s Security Overhaul: 127 Fixes and $100k+ in Bounties Power the New Chrome 148 Stable Release Chrome 148 Security Update CVE-2026-7896

Chrome 148 Security Update CVE-2026-7896

Chrome’s Security Overhaul: 127 Fixes and $100k+ in Bounties Power the New Chrome 148 Stable Release

Do Son May 7, 2026

The Google Chrome team has officially promoted Chrome 148 to the stable channel for Windows, Mac, and...

Critical Redis Patches Fix RCE and Memory Corruption Flaws Redis RCE Vulnerabilities CVE-2026-25243 CVE-2024-31449 - Redis

Redis RCE Vulnerabilities CVE-2026-25243 CVE-2024-31449 - Redis

Critical Redis Patches Fix RCE and Memory Corruption Flaws

Do Son May 7, 2026

The popular in-memory data structure store Redis has released a series of security updates to address five...

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover OpenMRS RCE Vulnerability CVE-2026-41258

OpenMRS RCE Vulnerability CVE-2026-41258

Critical OpenMRS Flaws Enable Patient Data Theft and Remote Server Takeover

Do Son May 6, 2026

OpenMRS, the world’s leading open-source electronic medical record (EMR) platform used extensively in resource-constrained environments, has issued...

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Critical 9.0 CVSS Flaw in Thymeleaf Enables Remote Server Injection

Do Son May 6, 2026

The Thymeleaf project, a cornerstone for Java developers building modern server-side web applications, has issued a critical...

Trojanized Tools: DAEMON Tools Supply Chain Attack Compromises Global Systems

DAEMON Tools Supply Chain Attack QUIC RAT Malware

Trojanized Tools: DAEMON Tools Supply Chain Attack Compromises Global Systems

Do Son May 6, 2026

Kaspersky has uncovered a sophisticated supply chain attack targeting DAEMON Tools, the widely used disk imaging software....

Nix Vulnerability Grants Root Access via NAR Parser Overflow CVE-2026-25137 Nix Daemon Privilege Escalation CVE-2026-44028

CVE-2026-25137 Nix Daemon Privilege Escalation CVE-2026-44028

Nix Vulnerability Grants Root Access via NAR Parser Overflow

Do Son May 6, 2026

Nix, the robust package manager celebrated for bringing reliability and reproducibility to Linux and Unix systems, has...

GitOps Security Breach: Critical 9.6 CVSS Argo CD Flaw Exposes Plaintext Kubernetes Secrets Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

Argo CD Secret Leak CVE-2026-42880 CVE-2024-28175 Argo CD DoS, Webhook Flaws

GitOps Security Breach: Critical 9.6 CVSS Argo CD Flaw Exposes Plaintext Kubernetes Secrets

Do Son May 6, 2026

Argo CD, the leading GitOps continuous delivery tool for Kubernetes, has issued a high-priority patch for a...

Exploited in the Wild: Critical PAN-OS Buffer Overflow Grants Root Access to Palo Alto Firewalls PAN-OS Active Exploitation CVE-2026-0300 Root RCE

PAN-OS Active Exploitation CVE-2026-0300 Root RCE

Exploited in the Wild: Critical PAN-OS Buffer Overflow Grants Root Access to Palo Alto Firewalls

Do Son May 6, 2026

Palo Alto Networks has issued an urgent security advisory for a critical vulnerability in its PAN-OS software...

Conti Ransomware Leader Sentenced for Pediatric Extortion and Global Terror Conti ransomware guilty plea, ransomware attacks Deniss Zolotarjovs Sentencing Karakurt Ransomware Leader

Conti ransomware guilty plea, ransomware attacks Deniss Zolotarjovs Sentencing Karakurt Ransomware Leader

Conti Ransomware Leader Sentenced for Pediatric Extortion and Global Terror

Do Son May 5, 2026

The long arm of federal law enforcement dismantled the leadership of a major Russian ransomware syndicate. Deniss...

Root RCE and Authentication Lockout Bypass: Public PoC Released for Critical OPNsense Firewall Vulnerabilities OPNsense Root RCE PoC Exploit Disclosed

OPNsense Root RCE PoC Exploit Disclosed

Root RCE and Authentication Lockout Bypass: Public PoC Released for Critical OPNsense Firewall Vulnerabilities

Do Son May 5, 2026

OPNsense, the widely deployed FreeBSD-based firewall and routing platform, has released a critical security update to address...

The Compliance Trap: How a 13,000-Org Phishing Wave Bypasses MFA via AiTM Proxying AiTM Phishing Campaign Microsoft MFA Bypass

AiTM Phishing Campaign Microsoft MFA Bypass

The Compliance Trap: How a 13,000-Org Phishing Wave Bypasses MFA via AiTM Proxying

Do Son May 5, 2026

Microsoft’s Defender Security Research and Threat Intelligence teams have sounded the alarm on a massive, highly sophisticated...

The AI-Powered Cybercrime Factory: Unmasking the Bluekit “All-in-One” Phishing Revolution Bluekit Phishing AI-Powered Phishing

Bluekit Phishing AI-Powered Phishing

The AI-Powered Cybercrime Factory: Unmasking the Bluekit “All-in-One” Phishing Revolution

Do Son May 5, 2026

Security researchers at Varonis Threat Labs have dissected a new, all-in-one phishing platform dubbed Bluekit that is...

Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover

Do Son May 5, 2026

Qualcomm has released its May 2026 Security Bulletin, disclosing a series of high-impact vulnerabilities across its proprietary...

Gremlin Injection Flaw in Apache Atlas Exposes Enterprise Data CVE-2024-46910 Apache Atlas Vulnerability Gremlin Code Injection

CVE-2024-46910 Apache Atlas Vulnerability Gremlin Code Injection

Gremlin Injection Flaw in Apache Atlas Exposes Enterprise Data

Do Son May 5, 2026

Apache Atlas, the foundational governance service that many enterprises rely on to manage compliance and data catalogs...

Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction

Do Son May 5, 2026

Google has issued an urgent warning in its May 2026 Android Security Bulletin regarding a critical vulnerability...