cybersecurity Archives • Page 4 of 86 • Daily CyberSecurity

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom Mini Shai-Hulud Packagist Supply Chain Attack

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom

Ddos May 2, 2026

Security researchers at Socket have identified a major expansion of the “Mini Shai-Hulud” supply chain campaign, which...

Active In-The-Wild Exploit: “Copy Fail” Grants Root Privileges on Millions of Linux Systems Copy Fail CVE-2026-31431 Linux Root Privilege Exploit

Active In-The-Wild Exploit: “Copy Fail” Grants Root Privileges on Millions of Linux Systems

Ddos May 2, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2026-31431 to its Known Exploited Vulnerabilities (KEV)...

44,000 IPs Hijacked: cPanel’s 9.8 CVSS Authentication Bypass Triggers Global Ransomware Surge cPanel Authentication Bypass CVE-2026-41940

44,000 IPs Hijacked: cPanel’s 9.8 CVSS Authentication Bypass Triggers Global Ransomware Surge

Ddos May 2, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning, adding a critical vulnerability in...

Crashing the Shield: The One-Line Script Taking Down ModSecurity v3 WAFs libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

Crashing the Shield: The One-Line Script Taking Down ModSecurity v3 WAFs

Ddos May 1, 2026

Security researchers have identified two significant vulnerabilities in libmodsecurity3, the core library of the ModSecurity v3 project....

Operation Road Trap: Inside the 79,000-Message Smishing Wave Hitting Drivers Worldwide Smishing Operation

Operation Road Trap: Inside the 79,000-Message Smishing Wave Hitting Drivers Worldwide

Ddos May 1, 2026

Security researchers at Bitdefender Labs have uncovered a massive, ongoing “smishing” (SMS phishing) operation that called Operation...

Unmasking the Phoenix System’s Rogue BTS Smishing Empire Phoenix System PhaaS Rogue BTS Smishing

Unmasking the Phoenix System’s Rogue BTS Smishing Empire

Ddos May 1, 2026

While analyzing global smishing operations spanning APAC, LATAM, Europe, and MEA, Group-IB researchers have uncovered a centralized...

The 11-Step Trap: How a Fake DHL OTP Trick Steals Your Password DHL Phishing OTP Social Engineering

The 11-Step Trap: How a Fake DHL OTP Trick Steals Your Password

Ddos May 1, 2026

Researchers at Forcepoint X-Labs have recently identified a clever phishing campaign targeting everyday consumers by impersonating the...

Minirat’s Stealth Supply Chain Attack Targets macOS Developers Minirat macOS Malware Go-based RAT

Minirat’s Stealth Supply Chain Attack Targets macOS Developers

Ddos May 1, 2026

Security researchers at Iru have detailed a sophisticated new threat targeting macOS users through the software supply...

Critical Wazuh Vulnerability Enables Lateral Movement and Root Access Wazuh Cluster RCE CVE-2026-30893

Critical Wazuh Vulnerability Enables Lateral Movement and Root Access

Ddos April 30, 2026

Wazuh, the widely deployed open-source platform for threat detection and response, has addressed a critical path traversal...

NVIDIA Patches High-Severity “Prompt Injection” Flaw in NemoClaw NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA Patches High-Severity “Prompt Injection” Flaw in NemoClaw

Ddos April 30, 2026

NVIDIA has released a critical software update for NVIDIA NemoClaw, addressing a high-severity vulnerability that could allow...

AI’s Open Secret: Why Your Cursor Extensions Can Silently Siphon Your API Keys Cursor AI Credential Theft AI Editor Security Oversight

AI’s Open Secret: Why Your Cursor Extensions Can Silently Siphon Your API Keys

Ddos April 30, 2026

In the fast-moving world of AI-assisted development, a significant security oversight has been uncovered in Cursor, a...

Broken by Design: How VECT 2.0 Ransomware Becomes a Permanent Data Wiper

Ddos April 30, 2026

A new investigation by Check Point Research (CPR) has revealed that the “ambitious” VECT 2.0 ransomware—currently targeting...

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins

Ddos April 30, 2026

The Jenkins project has released a security advisory, addressing several vulnerabilities across its plugin ecosystem. The fixes...

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access WattBox Vulnerability Root Access Exploit

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access

Ddos April 29, 2026

A critical vulnerability has been identified in the Snap One WattBox 800 and 820 series power controllers....

NVIDIA FLARE Alert: Critical SDK Vulnerabilities Open Doors to Full System Takeover NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Alert: Critical SDK Vulnerabilities Open Doors to Full System Takeover

Ddos April 29, 2026

NVIDIA has issued an urgent software update for the NVIDIA FLARE SDK, addressing multiple security vulnerabilities that...

Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection ProFTPD SQL Injection CVE-2026-42167 Exploit

ProFTPD SQL Injection CVE-2026-42167 Exploit

Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection

Ddos April 29, 2026

Analysts from ZeroPath Research have uncovered a critical SQL injection vulnerability within the mod_sql extension of ProFTPD,...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Checkmarx Falls Victim to Credential Harvesting Attack

Ddos April 29, 2026

Checkmarx, a global leader in application security testing, has disclosed a significant breach of its internal systems....

Vimeo Data Exposed in Anodot Supply Chain Attack Third-Party Risk Vimeo Data Breach

Vimeo Data Exposed in Anodot Supply Chain Attack

Ddos April 29, 2026

Vimeo, the global video hosting giant, announced it has been swept up in a security incident involving...

Exploited in the Wild: PoC Released for cPanel CVE-2026-41940 Authentication Bypass Zero-Day CVE-2026-41940 cPanel Authentication

Exploited in the Wild: PoC Released for cPanel CVE-2026-41940 Authentication Bypass Zero-Day

Ddos April 29, 2026

cPanel, the industry-standard control panel that powers the graphical interfaces of millions of websites, has issued an...

ClickUp Discloses Exposure of Customer Emails and API Token Feature Flag Exposure ClickUp Data Breach

ClickUp Discloses Exposure of Customer Emails and API Token

Ddos April 29, 2026

Productivity platform ClickUp has disclosed a configuration oversight that exposed the personal information of nearly 900 customers....

Critical Alert 1 Active Exploit Detected Today