infosec Archives • Page 24 of 45 • Daily CyberSecurity

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware Storm-1175 Medusa Ransomware

The 24-Hour Blitz: Storm-1175 Weaponizes Zero-Days for High-Velocity Ransomware

Ddos April 6, 2026

A new report from Microsoft Threat Intelligence has exposured on Storm-1175, a financially motivated threat actor that...

Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack Ninja Forms RCE WordPress Vulnerability

Ninja Forms Alert: Critical 9.8 RCE Vulnerability Under Active Attack

Ddos April 6, 2026

In a major alert for the WordPress community, a critical security flaw has been disclosed in the...

Keycloak Under Siege: Patch Now to Stop Token Theft and Account Takeovers Keycloak vulnerabilities Keycloak Security MFA Bypass

Keycloak Under Siege: Patch Now to Stop Token Theft and Account Takeovers

Ddos April 6, 2026

The popular open-source identity and access management solution Keycloak has released a critical security update, version 26.5.7,...

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM GroupOffice RCE, Insecure Deserialization

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM

Ddos April 6, 2026

In a significant discovery for enterprises and public sector organizations, a critical security vulnerability has been unmasked...

Whitespace Flaw Re-Opens Critical JWT “Algorithm Confusion” Bypass fast-jwt JWT Algorithm Confusion

Whitespace Flaw Re-Opens Critical JWT “Algorithm Confusion” Bypass

Ddos April 6, 2026

Security researchers have disclosed two major vulnerabilities within fast-jwt, a high-performance library used to implement JSON Web...

Exploit Code Live: Full Technical Details and PoC Disclosed for Critical CWP RCE Vulnerability CWP RCE PoC Disclosed

Exploit Code Live: Full Technical Details and PoC Disclosed for Critical CWP RCE Vulnerability

Ddos April 6, 2026

A severe security failure has been unearthed in Control Web Panel (CWP)—formerly known as CentOS Web Panel—that...

Iran-Linked “Password Spraying” Targets Municipal Response to Missile Strikes Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Iran-Linked “Password Spraying” Targets Municipal Response to Missile Strikes

Ddos April 6, 2026

Check Point Research (CPR) has been tracking an extensive password-spraying operation targeting Microsoft 365 environments, conducted by...

Double Agents in the Cloud: Unit 42 Unmasks Critical AI Vulnerabilities in Google Vertex AI Vertex AI Security AI Double Agents

Double Agents in the Cloud: Unit 42 Unmasks Critical AI Vulnerabilities in Google Vertex AI

Ddos April 6, 2026

As organizations race to integrate autonomous systems into their workflows, a new and subtle threat is emerging...

The “Special Invitation” Trap: STAC6405 Abuses Legitimate RMM Tools to Hijack Your PC STAC6405 Phishing RMM Abuse

The “Special Invitation” Trap: STAC6405 Abuses Legitimate RMM Tools to Hijack Your PC

Ddos April 6, 2026

Cybercriminals are increasingly trading custom-built malware for legitimate software to slip past corporate defenses. A new investigation...

Operation DualScript Bypasses Defenses to Hijack Crypto and Cash AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Operation DualScript Bypasses Defenses to Hijack Crypto and Cash

Ddos April 6, 2026

A sophisticated, multi-stage malware campaign dubbed Operation DualScript is currently bypassing traditional defenses to siphon funds from...

OpenAI OpenClaw acquisition OpenAI Prism GPT-5.2 LaTeX, scientific research AI workspace OpenAI, Mixpanel Breach ChatGPT Data Preservation, NYT Lawsuit ChatGPT Apps SDK, super app OpenAI Jony Ive, AI Hardware Delay Musk Apple lawsuit, App Store antitrust UK AI Partnership, OpenAI Collaboration Jony Ive OpenAI, DoD Contract OpenAI Lawsuit, ChatGPT Privacy North Korea ChatGPT - GPT-4.5 model OpenAI Models, AI Advancements OpenAI pricing, Flex API

The DNS Trap: How a “Hidden” Path Allowed ChatGPT to Silently Leak Your Private Data

Ddos April 6, 2026

In the world of AI, trust is built on a simple, unspoken agreement: what stays in the...

ResokerRAT Uses Telegram to Hijack Your PC and Disable Your Security Keys GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

ResokerRAT Uses Telegram to Hijack Your PC and Disable Your Security Keys

Ddos April 6, 2026

A new and sophisticated threat has emerged in the digital landscape, turning a popular messaging app into...

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026 PXA Stealer Surge Q1 2026 Malware Trends

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026

Ddos April 6, 2026

Following the high-profile takedowns of major players like Lumma and RedLine in 2025, CyberProof MDR analysts have...

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 30 – April 5, 2026) Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 30 – April 5, 2026)

Ddos April 6, 2026

Welcome to this week’s vulnerability digest. Whether you are a CISO charting out your risk management roadmap...

The $17 Million Bounty: Google Smashes Records and Launches AI Frontier for 15th VRP Anniversary Google VRP 2025 Bug Bounty Records

The $17 Million Bounty: Google Smashes Records and Launches AI Frontier for 15th VRP Anniversary

Ddos April 5, 2026

In an era of increasingly complex digital threats, Google’s strategy of “inviting the world to find its...

Zero Authentication, Total Control: Critical CVSS 10 Flaw Uncovered in Dgraph Database Dgraph Vulnerability CVSS 10.0 Dgraph Admin Leak CVE-2026-40173

Dgraph Vulnerability CVSS 10.0 Dgraph Admin Leak CVE-2026-40173

Zero Authentication, Total Control: Critical CVSS 10 Flaw Uncovered in Dgraph Database

Ddos April 5, 2026

A security vulnerability was found in Dgraph, the high-performance, horizontally scalable GraphQL database. The flaw, designated as...

Hackers are Using “Legit” IT Tools to Hijack the 2026 Tax Season 2026 Tax Phishing RMM Abuse

Hackers are Using “Legit” IT Tools to Hijack the 2026 Tax Season

Ddos April 5, 2026

As the 2026 tax season reaches its peak, cybersecurity researchers have identified a massive surge in digital...

Under Active Attack: Critical 9.1 CVSS FortiClient EMS Flaw Exploited in the Wild Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Under Active Attack: Critical 9.1 CVSS FortiClient EMS Flaw Exploited in the Wild

Ddos April 4, 2026

Security teams are on high alert as Fortinet confirms that a critical vulnerability in its FortiClient EMS...

Apache Traffic Server Patches “Double-Header” DoS and Request Smuggling Flaws Apache Traffic Server Vulnerabilities CVE-2024-56195 and CVE-2024-56196

Apache Traffic Server Patches “Double-Header” DoS and Request Smuggling Flaws

Ddos April 3, 2026

Apache Traffic Server, the high-performance web proxy cache responsible for keeping the modern web fast, is facing...

Password Hijack in the Modern Stack: Payload CMS Patches Critical 9.1 CVSS Reset Flaw Payload CMS Vulnerability CVE-2026-34751

Password Hijack in the Modern Stack: Payload CMS Patches Critical 9.1 CVSS Reset Flaw

Ddos April 3, 2026

The rapid-growth, fullstack Next.js framework Payload—known for giving developers “instant backend superpowers” —is facing a serious security...

Critical Alert 1 Active Exploit Detected Today