infosec Archives • Page 18 of 45 • Daily CyberSecurity

Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

Critical 9.1 Bypass in OAuth2 Proxy Exposes Upstream Resources

Ddos April 16, 2026

In the world of cloud-native security, OAuth2 Proxy serves as a vital gatekeeper, providing a flexible and...

CVE-2026-38526: Critical CVSS 10 Vulnerability Discovered in Krayin CRM Krayin CRM RCE CVE-2026-38526

CVE-2026-38526: Critical CVSS 10 Vulnerability Discovered in Krayin CRM

Ddos April 16, 2026

A maximum-severity security flaw has been unearthed in Krayin CRM, a popular open-source framework built on Laravel...

CVE-2026-40884: Critical 9.8 Bypass Hits goshs SFTP Servers goshs Authentication Bypass CVE-2026-40884

CVE-2026-40884: Critical 9.8 Bypass Hits goshs SFTP Servers

Ddos April 16, 2026

In the fast-paced environment of penetration testing and CTF challenges, tools that prioritize speed and ease of...

The New Lockdown: How Microsoft’s April 2026 Update Silos Remote Desktop to Kill Phishing Microsoft source code Windows RDP Security Update

The New Lockdown: How Microsoft’s April 2026 Update Silos Remote Desktop to Kill Phishing

Ddos April 16, 2026

Within the April 2026 update cycle, Microsoft has implemented rigorous security enhancements to the Remote Desktop Protocol....

OpenAI’s GPT-5.4-Cyber Challenges the “Superhuman” Hacking of Claude Mythos

Ddos April 16, 2026

Anthropic previously inaugurated Claude Mythos for a select cadre of preeminent technology firms. This model is primarily...

High-Severity Use-After-Free Vulnerability Uncovered in Rsync Rsync Vulnerability Use-After-Free CVE-2022-29154 & CVE-2024-12084 CVE-2024-120845 PoC

Rsync Vulnerability Use-After-Free CVE-2022-29154 & CVE-2024-12084 CVE-2024-120845 PoC

High-Severity Use-After-Free Vulnerability Uncovered in Rsync

Ddos April 16, 2026

Rsync, the high-performance and extraordinarily versatile tool relied upon by millions for remote and local file synchronization,...

VIPERTUNNEL Hijacks Python for Stealthy Ransomware Access VIPERTUNNEL Backdoor Python Persistence Tactics

VIPERTUNNEL Hijacks Python for Stealthy Ransomware Access

Ddos April 16, 2026

A recent investigation into a DragonForce ransomware engagement has pulled back the curtain on a highly sophisticated...

Sustainable Security: NIST Abandons “Analyze Everything” Goal for NVD NIST NVD Overhaul Risk-Based Triage

Sustainable Security: NIST Abandons “Analyze Everything” Goal for NVD

Ddos April 16, 2026

In a major strategic shift, the National Institute of Standards and Technology (NIST) has announced a fundamental...

Open Access: How a Simple Fiverr Config Error Exposed 30,000 Private Documents to Google Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Open Access: How a Simple Fiverr Config Error Exposed 30,000 Private Documents to Google

Ddos April 16, 2026

The prominent gig-economy and freelance marketplace Fiverr has recently been embroiled in a controversy regarding the exfiltration...

RedSun: New Windows Defender Zero-Day Turns Protector into Attacker, PoC Publishes RedSun Zero-Day Windows Defender EoP

RedSun: New Windows Defender Zero-Day Turns Protector into Attacker, PoC Publishes

Ddos April 16, 2026

Just as the cybersecurity community began digesting the latest round of patches for the high-profile “BlueHammer” vulnerability,...

Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User Cisco Webex SSO Webex Impersonation Flaw

Critical 9.8 Webex Flaw Lets Attackers Impersonate Any User

Ddos April 16, 2026

In the modern enterprise, the Single Sign-On (SSO) portal is the master key to a company’s digital...

Splunk Issues Urgent Fixes for RCE and Clear-Text Token Leaks Splunk Enterprise Vulnerabilities CVE-2026-20240 Splunk RCE CVE-2026-20204 Splunk RCE Vulnerability CVE-2026-20163 Splunk Enterprise Vulnerabilities CVE-2026-20140 Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

Splunk Issues Urgent Fixes for RCE and Clear-Text Token Leaks

Ddos April 16, 2026

Splunk has released a series of security advisories detailing two significant vulnerabilities impacting Splunk Enterprise, Splunk Cloud...

Chrome 147 Update: Google Patches Critical $90,000 ANGLE Flaw and 30 Other Security Gaps Chrome Security Update $90K Bug Bounty

Chrome 147 Update: Google Patches Critical $90,000 ANGLE Flaw and 30 Other Security Gaps

Ddos April 16, 2026

Google has begun rolling out a high-stakes update for the Chrome stable channel, addressing a total of...

Root Access via Admin: The 9.9 RCE Crisis Threatening Cisco ISE Networks Cisco ISE RCE Identity Services Engine Vulnerability

Root Access via Admin: The 9.9 RCE Crisis Threatening Cisco ISE Networks

Ddos April 16, 2026

Cisco has issued an urgent security advisory following the discovery of high-stakes vulnerabilities in its Identity Services...

IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform OpenRemote RCE IoT Security

IoT Under Fire: Critical CVSS 10 Expression Injection Hits OpenRemote Platform

Ddos April 15, 2026

Security researchers have sounded a major alarm for the internet-of-things (IoT) sector as OpenRemote, a popular 100%...

Critical 9.1 SQL Injection Threatens Vendure Core Stores Vendure SQL Injection Shop API Vulnerability

Critical 9.1 SQL Injection Threatens Vendure Core Stores

Ddos April 15, 2026

Vendure Core, the open-source engine powering the enterprise commerce platform Vendure, has recently addressed a high-severity security...

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

No Patch Available: The CVSS 10 Flaw Turning AVideo into an Attacker’s Playground

Ddos April 15, 2026

AVideo, a versatile video streaming platform popular among content creators and businesses for hosting and monetizing content,...

High-Severity Authentication Bypass Discovered in MinIO Storage MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

High-Severity Authentication Bypass Discovered in MinIO Storage

Ddos April 15, 2026

A significant security vulnerability has been identified in MinIO, the high-performance, S3-compatible object storage solution widely used...

Attackers Weaponize Mailbox Rules to Control Your Inbox M365 Persistence Malicious Mailbox Rules

Attackers Weaponize Mailbox Rules to Control Your Inbox

Ddos April 15, 2026

In the modern landscape of Microsoft 365 security, the most dangerous threat might not be a sophisticated...

JanelaRAT Uses Fake Windows Updates to Empty LATAM Bank Accounts JanelaRAT LATAM Banking Malware

JanelaRAT Uses Fake Windows Updates to Empty LATAM Bank Accounts

Ddos April 15, 2026

In the diverse ecosystem of Latin American cybercrime, one threat continues to refine its ability to peer...

Critical Alert 1 Active Exploit Detected Today