infosec Archives • Page 12 of 45 • Daily CyberSecurity

AI’s Open Secret: Why Your Cursor Extensions Can Silently Siphon Your API Keys Cursor AI Credential Theft AI Editor Security Oversight

AI’s Open Secret: Why Your Cursor Extensions Can Silently Siphon Your API Keys

Ddos April 30, 2026

In the fast-moving world of AI-assisted development, a significant security oversight has been uncovered in Cursor, a...

Broken by Design: How VECT 2.0 Ransomware Becomes a Permanent Data Wiper

Ddos April 30, 2026

A new investigation by Check Point Research (CPR) has revealed that the “ambitious” VECT 2.0 ransomware—currently targeting...

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

Jenkins Plugin RCE CI/CD Security Advisory Jenkins Vulnerability CVE-2026-33001 Jenkins CLI DoS, Coverage Plugin XSS Jenkins SAML Hijacking, Plaintext Secrets CVE-2023-43495 - Jenkins Vulnerability

High-Severity RCE and XSS Flaws Found in Popular CI/CD Jenkins Plugins

Ddos April 30, 2026

The Jenkins project has released a security advisory, addressing several vulnerabilities across its plugin ecosystem. The fixes...

The Great Convergence: When Traditional Malware Becomes a Crypto-Hunting Machine Crypto Drainer Convergence Blockchain Infrastructure Attack

Crypto Drainer Convergence Blockchain Infrastructure Attack

The Great Convergence: When Traditional Malware Becomes a Crypto-Hunting Machine

Ddos April 30, 2026

A new report from LevelBlue SpiderLabs’ Cyber Threat Intelligence Team details a “progressive convergence” where traditional malware...

SonicWall Issues Fixes for SonicOS Vulnerabilities SonicWall Security Advisory SonicOS Patch 2026 CVE-2025-23006 SonicWall, SMA 100 Vulnerabilities

SonicWall Issues Fixes for SonicOS Vulnerabilities

Ddos April 30, 2026

SonicWall has released a critical security advisory addressing three distinct vulnerabilities in SonicOS that could allow attackers...

Exploit Exposed: Public PoC Disclosed for Critical Root RCE in ASUSTOR ADM (CVE-2026-6644) ASUSTOR ADM Root RCE CVE-2026-6644 PoC

Exploit Exposed: Public PoC Disclosed for Critical Root RCE in ASUSTOR ADM (CVE-2026-6644)

Ddos April 30, 2026

A critical vulnerability was found in ASUSTOR ADM, the operating system powering ASUSTOR’s Network Attached Storage (NAS)...

Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431) Linux Kernel Root Exploit Copy Fail CVE-2026-31431

Linux Kernel Root Exploit Copy Fail CVE-2026-31431

Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431)

Ddos April 29, 2026

Security researchers have unveiled a critical logic bug in the Linux kernel that allows an unprivileged user...

The Global Takedown: FBI and International Allies Dismantle Billion-Dollar Pig-Butchering Empires Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

Romanian hacker sentenced identity theft conviction Pig-Butchering Crackdown Operation Level Up Oleksandr Didenko North Korean IT Workers Coinbase TaskUs insider breach, Hyderabad police Coinbase arrest Scattered Spider, Cybercrime Scattered Spider group

The Global Takedown: FBI and International Allies Dismantle Billion-Dollar Pig-Butchering Empires

Ddos April 29, 2026

An unprecedented cooperation between the FBI, Dubai Police, and the Chinese Ministry of Public Security has resulted...

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines SAP Supply Chain Attack Mini Shai-Hulud Malware

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

Ddos April 29, 2026

Security researchers have sounded the alarm on a precision-targeted supply-chain compromise striking the SAP developer ecosystem. The...

Legacy Leak: Deprecated GNU C Library Functions Spark New Security Fears glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

Legacy Leak: Deprecated GNU C Library Functions Spark New Security Fears

Ddos April 29, 2026

The GNU C Library (glibc), a cornerstone of the Linux ecosystem, has issued a security advisory. The...

The Shittrix Disclosure: 89 Flaws Collapse 20 Years of Trust in Citrix and XCP-ng Shittrix Disclosure Hypervisor Vulnerabilities

The Shittrix Disclosure: 89 Flaws Collapse 20 Years of Trust in Citrix and XCP-ng

Ddos April 29, 2026

Independent security researcher Jakob Wolffhechel has publicly disclosed 89 vulnerabilities impacting Citrix XenServer/Hypervisor and its open-source counterpart,...

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access WattBox Vulnerability Root Access Exploit

Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access

Ddos April 29, 2026

A critical vulnerability has been identified in the Snap One WattBox 800 and 820 series power controllers....

NVIDIA FLARE Alert: Critical SDK Vulnerabilities Open Doors to Full System Takeover NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Alert: Critical SDK Vulnerabilities Open Doors to Full System Takeover

Ddos April 29, 2026

NVIDIA has issued an urgent software update for the NVIDIA FLARE SDK, addressing multiple security vulnerabilities that...

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm npm Supply Chain Attack DPRK Malware Factory

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Ddos April 29, 2026

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware...

Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection ProFTPD SQL Injection CVE-2026-42167 Exploit

ProFTPD SQL Injection CVE-2026-42167 Exploit

Full Exploit Disclosed: Public PoC and Technical Details Released for Critical ProFTPD SQL Injection

Ddos April 29, 2026

Analysts from ZeroPath Research have uncovered a critical SQL injection vulnerability within the mod_sql extension of ProFTPD,...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Checkmarx Falls Victim to Credential Harvesting Attack

Ddos April 29, 2026

Checkmarx, a global leader in application security testing, has disclosed a significant breach of its internal systems....

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

CISA Sounds the Alarm: State-Sponsored Hackers Weaponize New Windows and ScreenConnect Flaws

Ddos April 29, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding two...

Vimeo Data Exposed in Anodot Supply Chain Attack Third-Party Risk Vimeo Data Breach

Vimeo Data Exposed in Anodot Supply Chain Attack

Ddos April 29, 2026

Vimeo, the global video hosting giant, announced it has been swept up in a security incident involving...

Exploited in the Wild: PoC Released for cPanel CVE-2026-41940 Authentication Bypass Zero-Day CVE-2026-41940 cPanel Authentication

Exploited in the Wild: PoC Released for cPanel CVE-2026-41940 Authentication Bypass Zero-Day

Ddos April 29, 2026

cPanel, the industry-standard control panel that powers the graphical interfaces of millions of websites, has issued an...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Chrome Security Alert: Google Patches 30 Vulnerabilities in Massive Desktop Update

Ddos April 29, 2026

Google has released a significant security update for the Chrome stable channel, addressing 30 security fixes. The...