infosec Archives • Page 17 of 45 • Daily CyberSecurity

Critical 9.1 Auth Bypass Hits Budibase Operations Platform Budibase Authentication Bypass Regex URL Injection

Critical 9.1 Auth Bypass Hits Budibase Operations Platform

Ddos April 20, 2026

Budibase, the popular open-source platform used by engineers to build internal apps and automations, has issued a...

Fabricked: The 100% Deterministic Attack Breaking AMD’s Confidential Computing Vault Fabricked Attack AMD SEV-SNP

Fabricked: The 100% Deterministic Attack Breaking AMD’s Confidential Computing Vault

Ddos April 20, 2026

In the high-stakes world of cloud security, the promise of Confidential Computing is simple: your data should...

One Scan to Zero: The QR Code Trap Wiping Trust Wallets via Telegram Trust Wallet Drainer QR Code Phishing

One Scan to Zero: The QR Code Trap Wiping Trust Wallets via Telegram

Ddos April 20, 2026

A sophisticated and highly effective cryptocurrency theft campaign is currently sweeping through Telegram channels, turning a simple...

Root Access Unlocked: FortiSandbox CVE-2026-39808 Details and PoC Exploit Publicly Disclosed FortiSandbox RCE CVE-2026-39808 PoC

Root Access Unlocked: FortiSandbox CVE-2026-39808 Details and PoC Exploit Publicly Disclosed

Ddos April 20, 2026

A critical vulnerability in FortiSandbox has been disclosured. The flaw, tracked as CVE-2026-39808, carries a devastating CVSS...

JanaWare’s 5-Year Geofenced Ransomware Reign JanaWare Ransomware Geofenced Malware

JanaWare’s 5-Year Geofenced Ransomware Reign

Ddos April 20, 2026

A low-profile but remarkably persistent threat cluster has been unmasked by the Acronis TRU team, revealing a...

More Than a Miner: The Evasive MiningDropper Framework Hijacking Android Worldwide MiningDropper Android Malware Framework

More Than a Miner: The Evasive MiningDropper Framework Hijacking Android Worldwide

Ddos April 20, 2026

Security researchers are sounding the alarm over a versatile and evasive Android malware delivery system that is...

The Next.js Nightmare? Vercel Investigates “Critical” Internal Breach and Supply Chain Threat Vercel Supply Chain Next.js Security

The Next.js Nightmare? Vercel Investigates “Critical” Internal Breach and Supply Chain Threat

Ddos April 19, 2026

The global development community is on high alert following reports of a major security incident at Vercel,...

Dgraph’s Debug Endpoint Hands Over Admin Tokens to Anyone Dgraph Vulnerability CVSS 10.0 Dgraph Admin Leak CVE-2026-40173

Dgraph’s Debug Endpoint Hands Over Admin Tokens to Anyone

Ddos April 19, 2026

Dgraph, the horizontally scalable and distributed GraphQL database known for its ACID transactions and graph-backend performance, is...

North Korea’s UNC1069 Uses Fake Video Calls to Hijack Crypto UNC1069 Fake Meetings ClickFix Malware

North Korea’s UNC1069 Uses Fake Video Calls to Hijack Crypto

Ddos April 19, 2026

In a sophisticated escalation of cyber-enabled financial theft, security researchers from Validin have unmasked a sprawling campaign...

OAUTHBEARER Bypass and Sensitive Logging Leaks Hit Apache Kafka Kafka Authentication Bypass JWT Signature Validation Apache Kafka - CVE-2024-27309 & CVE-2024-31141

Kafka Authentication Bypass JWT Signature Validation Apache Kafka - CVE-2024-27309 & CVE-2024-31141

OAUTHBEARER Bypass and Sensitive Logging Leaks Hit Apache Kafka

Ddos April 19, 2026

Security researchers disclose two distinct vulnerabilities affecting Apache Kafka, the cornerstone of high-performance data pipelines and mission-critical...

Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine Thymeleaf SSTI Bypass CVE-2026-41901 Thymeleaf SSTI CVE-2026-40477

Critical 9.1 SSTI Flaws Unmasked in Thymeleaf Template Engine

Ddos April 17, 2026

Thymeleaf, a widely-used modern server-side Java template engine for both web and standalone environments, has released a...

Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors Froxlor RCE Persistent Backdoor

Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors

Ddos April 17, 2026

Security researchers have sounded the alarm on two critical vulnerabilities within Froxlor, the popular open-source server management...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Command Injection Flaw Hits upKeeper Instant Privilege Access

Ddos April 17, 2026

A critical security vulnerability has been unmasked in upKeeper Instant Privilege Access, a tool designed to give...

Critical Pre-Auth RCE Found in OpenAM Identity Platform OpenAM RCE CVE-2026-33439

Critical Pre-Auth RCE Found in OpenAM Identity Platform

Ddos April 17, 2026

OpenAM, the widely-deployed open-source access management solution, is facing a critical security challenge following the discovery of...

Wormable Bugs: Microsoft April 2026 Patch Tuesday Fixes Two “Zero-Interaction” RCE Flaws Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Wormable Bugs: Microsoft April 2026 Patch Tuesday Fixes Two “Zero-Interaction” RCE Flaws

Ddos April 17, 2026

The security landscape for Windows administrators just got significantly more urgent. As part of the April 2026...

220 Million at Risk: Critical 9.4 CVSS Remote Code Execution Hits protobuf.js protobuf.js RCE Protocol Buffers Vulnerability

220 Million at Risk: Critical 9.4 CVSS Remote Code Execution Hits protobuf.js

Ddos April 17, 2026

As a pure JavaScript implementation of Google’s Protocol Buffers, protobuf.js is a foundational component for Node.js and...

High-Severity SSRF Flaw Uncovered in Angular’s Server-Side Rendering Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity SSRF Flaw Uncovered in Angular’s Server-Side Rendering

Ddos April 17, 2026

Angular stands as a titan, powering everything from sleek mobile apps to massive enterprise desktop platforms. However,...

CISA Adds Critical Apache ActiveMQ RCE Flaw to KEV Catalog ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA Adds Critical Apache ActiveMQ RCE Flaw to KEV Catalog

Ddos April 17, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive after adding a high-severity vulnerability...

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware PolinRider Malware Git History Falsification

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware

Ddos April 17, 2026

Security researchers from the OpenSourceMalware (OSM) team have uncovered a massive and rapidly expanding threat campaign targeting...

Synology DSM Update Fixes High-Severity File Manipulation Flaws Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Synology DSM Update Fixes High-Severity File Manipulation Flaws

Ddos April 16, 2026

Synology has released an important security update for its DiskStation Manager (DSM) operating system to address a...

Critical Alert 1 Active Exploit Detected Today