infosec Archives • Page 22 of 45 • Daily CyberSecurity

Denial of Service Alert: React Server Components Vulnerability Causes CPU Spikes

React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

Denial of Service Alert: React Server Components Vulnerability Causes CPU Spikes

Do Son April 9, 2026

React, the popular JavaScript library used by millions of developers for building user interfaces, has issued an...

Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access Flatpak Sandbox Escape CVE-2026-34078

Sandbox Escape: Critical Flatpak Flaw Grants Full Host Access

Do Son April 9, 2026

Flatpak, the widely-used system for building, distributing, and running sandboxed desktop applications on Linux, has been hit...

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight Cookie-Gated Web Shell Stealth C2

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

Do Son April 9, 2026

A technical analysis from the Microsoft Defender Security Research Team has revealed that threat actors are increasingly...

The Human Element: How a Single GitHub Token Leak Put Apache HTTP Server in the Spotlight Apache HTTP Server credential leak

The Human Element: How a Single GitHub Token Leak Put Apache HTTP Server in the Spotlight

Do Son April 9, 2026

The recent code modifications published by the esteemed open-source project, Apache HTTP Server (httpd), have ignited widespread...

Qilin’s “EDR Killer” Dismantles 300+ Security Drivers EDR Killer Qilin Ransomware

Qilin’s “EDR Killer” Dismantles 300+ Security Drivers

Do Son April 9, 2026

A technical deep-dive from Cisco Talos has exposed a sophisticated “EDR killer” deployed during Qilin ransomware attacks,...

Ghosts in the Hypervisor: Mandiant Exposes the 400-Day vSphere Takeover Hypervisor Persistence vSphere Security

Ghosts in the Hypervisor: Mandiant Exposes the 400-Day vSphere Takeover

Do Son April 9, 2026

A new deep-dive report from Mandiant (part of Google Cloud) explores the evolving threats facing the VMware...

Palo Alto Networks Patches Trio of Security Flaws: From Agent Disabling to System Privileges PAN-OS IKEv2 Buffer Overflow CVE-2026-0263 Palo Alto Cortex XDR Privilege Escalation Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Palo Alto Networks Patches Trio of Security Flaws: From Agent Disabling to System Privileges

Do Son April 9, 2026

Palo Alto Networks has released critical updates to address three distinct vulnerabilities across its security ecosystem. The...

Security Alert: GitLab Issues Patch for High-Severity Vulnerabilities Across CE and EE GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

Security Alert: GitLab Issues Patch for High-Severity Vulnerabilities Across CE and EE

Do Son April 9, 2026

GitLab has released critical security updates for Community Edition (CE) and Enterprise Edition (EE). Versions 18.10.3, 18.9.5,...

SonicWall Issues Critical Patch for SMA 1000 Series to Stop SQL Injection and MFA Bypasses SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall SMA 1000 MFA Bypass SonicWall SSLVPN Flaw CVE-2025-40601 SonicOS vulnerability - CVE-2024-53704

SonicWall Issues Critical Patch for SMA 1000 Series to Stop SQL Injection and MFA Bypasses

Do Son April 9, 2026

SonicWall has released a series of patches for its SMA 1000 series appliances to address four distinct...

New Phishing Campaign Abuses GitHub to Target South Korea GitHub C2 LNK Malware

New Phishing Campaign Abuses GitHub to Target South Korea

Do Son April 9, 2026

A sophisticated new cyberespionage campaign is leveraging the trust of major public platforms to slip past corporate...

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Warning: Critical Ivanti EPMM Code Injection Vulnerability Under Active Attack

Do Son April 9, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical code injection vulnerability in Ivanti...

Storm: 2026’s Newest Infostealer Bypasses Chrome to Hijack Your MFA Sessions Storm Infostealer Session Cookie Theft

Storm: 2026’s Newest Infostealer Bypasses Chrome to Hijack Your MFA Sessions

Do Son April 9, 2026

A new and highly efficient threat has emerged on underground cybercrime networks, signaling a significant shift in...

High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server NVIDIA AI Security Deserialization Exploit

High-Severity Patches: NVIDIA Secures DALI and Triton Inference Server

Do Son April 8, 2026

NVIDIA has released two significant security updates addressing high-severity vulnerabilities across its DALI and Triton Inference Server...

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

Do Son April 8, 2026

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to...

Apache ActiveMQ Patches RCE and Path Traversal Flaws ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

ActiveMQ RCE Jolokia Exploit ActiveMQ CVE-2025-27533 ActiveMQ Deserialization RCE, CVE-2025-54539

Apache ActiveMQ Patches RCE and Path Traversal Flaws

Do Son April 8, 2026

Apache ActiveMQ, the widely used open-source message broker, has released critical security updates to address two vulnerabilities...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Critical Zero-Day: Unauthenticated RCE Exploited in Weaver E-cology 10.0

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2026-22679, has been identified in Weaver (Fanwei) E-cology 10.0, one of...

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System....

Team Cymru Mapped the Yurei Ransomware Toolkit Before It Could Strike Yurei Ransomware Open-Source Malware

Team Cymru Mapped the Yurei Ransomware Toolkit Before It Could Strike

Do Son April 8, 2026

A new investigation by Team Cymru has detailed how the proactive collection of internet telemetry allowed researchers...

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft Adobe Reader Zero-Day PDF Exploit

Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft

Do Son April 8, 2026

A highly-sophisticated zero-day exploit has been discovered targeting Adobe Reader users, allowing attackers to steal local files...

Phorpiex’s New P2P Upgrade Makes This 15-Year-Old Botnet Unstoppable Phorpiex Botnet P2P Malware Resilience

Phorpiex’s New P2P Upgrade Makes This 15-Year-Old Botnet Unstoppable

Do Son April 8, 2026

In the fast-moving world of cybercrime, few names carry as much historical weight as Phorpiex. Also known...

Critical Alert 1 Active Exploit Detected Today