infosec Archives • Page 25 of 45 • Daily CyberSecurity

Password Hijack in the Modern Stack: Payload CMS Patches Critical 9.1 CVSS Reset Flaw Payload CMS Vulnerability CVE-2026-34751

Password Hijack in the Modern Stack: Payload CMS Patches Critical 9.1 CVSS Reset Flaw

Do Son April 3, 2026

The rapid-growth, fullstack Next.js framework Payload—known for giving developers “instant backend superpowers” —is facing a serious security...

CVE-2026-4370 (CVSS 10): Critical Juju Flaw Grants Attackers Total Infrastructure Control

Do Son April 3, 2026

The cybersecurity community is on high alert following the discovery of a critical security flaw in Juju,...

Breaking the Input: Sandbox Escape Hits libinput, Exposing Leading Linux Desktops libinput Sandbox Escape CVE-2026-35093

Breaking the Input: Sandbox Escape Hits libinput, Exposing Leading Linux Desktops

Do Son April 3, 2026

The core of modern Linux input handling is facing a significant security challenge. libinput, the essential library...

The MuPDF Vulnerability Turning “Safe” PDFs into System Hijackers MuPDF RCE Integer Overflow

The MuPDF Vulnerability Turning “Safe” PDFs into System Hijackers

Do Son April 3, 2026

A significant security flaw has been unearthed in Artifex MuPDF, a popular framework prized for its speed...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

The EU’s AWS “Master Key”: How a Compromised Trivy Update Leaked 340GB of Data

Do Son April 3, 2026

The digital defenses of the European Union faced a significant test this March as a sophisticated supply-chain...

OpenSSH 10.3 Patches Command Execution and “scp” Privilege Escalation OpenSSH 10.3 Patch SSH Command Injection CVE-2023-38408 OpenSSH Vulnerability CVE-2026-3497

OpenSSH 10.3 Patch SSH Command Injection CVE-2023-38408 OpenSSH Vulnerability CVE-2026-3497

OpenSSH 10.3 Patches Command Execution and “scp” Privilege Escalation

Do Son April 3, 2026

In the critical infrastructure of the internet, OpenSSH stands as one of the most vital gatekeepers for...

Critical 9.8 CVSS RCE Vulnerabilities Exposed in Progress ShareFile Progress ShareFile RCE Storage Zones Controller

Critical 9.8 CVSS RCE Vulnerabilities Exposed in Progress ShareFile

Do Son April 3, 2026

A duo of severe security vulnerabilities has been uncovered in Progress ShareFile, a widely used managed file...

Targeting the Cloud: IRGC Claims Strike on Oracle’s Dubai Data Sanctuary IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Targeting the Cloud: IRGC Claims Strike on Oracle’s Dubai Data Sanctuary

Do Son April 3, 2026

According to dispatches from Iranian state media, the Islamic Revolutionary Guard Corps (IRGC) has proclaimed the execution...

The BPO Backdoor: How “Mr. Raccoon” Swiped 13 Million Adobe Support Tickets Adobe BPO Breach Mr. Raccoon Hacker

The BPO Backdoor: How “Mr. Raccoon” Swiped 13 Million Adobe Support Tickets

Do Son April 3, 2026

The cybersecurity world is reeling following reports of a massive data breach at Adobe, orchestrated by a...

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover Perfmatters Vulnerability WordPress Site Takeover

200,000+ Sites at Risk: Perfmatters Flaw Enables Full WordPress Site Takeover

Do Son April 3, 2026

Researchers expose a critical vulnerability in Perfmatters, a popular performance-optimization WordPress plugin with over 200,000 active installations....

TikTok for Business Under Siege: New Phishing Campaign Exploits “Login with Google” TikTok for Business Phishing AiTM Phishing Kit

TikTok for Business Under Siege: New Phishing Campaign Exploits “Login with Google”

Do Son April 3, 2026

Researchers at Push Security have identified and blocked a novel campaign targeting TikTok for Business accounts—the very...

Joomla! Issues Security Patch: Critical File Deletion and Webservice Flaws Exposed Joomla Vulnerability CVE-2026-23898

Joomla! Issues Security Patch: Critical File Deletion and Webservice Flaws Exposed

Do Son April 2, 2026

Joomla! CMS has released a series of critical security updates to address two high-severity vulnerabilities—CVE-2026-23898 and CVE-2026-23899—both...

Lodash Patches High-Severity Code Injection Vulnerability Lodash Code Injection CVE-2026-4800

Lodash Patches High-Severity Code Injection Vulnerability

Do Son April 2, 2026

In the world of modern JavaScript, Lodash is the undisputed heavyweight champion of utility libraries, providing the...

NVIDIA Patches High-Severity Flaws Threatening Jetson Edge AI Systems NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA Patches High-Severity Flaws Threatening Jetson Edge AI Systems

Do Son April 2, 2026

NVIDIA has issued a software update for its Jetson Linux platform to address several security flaws that...

The xmldom CDATA Flaw That Puts 23 Million Weekly Users at Risk xmldom Vulnerability XML Injection

The xmldom CDATA Flaw That Puts 23 Million Weekly Users at Risk

Do Son April 2, 2026

A significant vulnerability has been discovered in xmldom, a massive JavaScript library with over 23.5 million weekly...

Security Alert: Critical Vulnerability Hits Anritsu Remote Spectrum Monitors Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Security Alert: Critical Vulnerability Hits Anritsu Remote Spectrum Monitors

Do Son April 2, 2026

A recent security advisory summarized by CISA highlights a critical design flaw in Anritsu Remote Spectrum Monitors...

“ChatGPT Ad Blocker” Extension Caught Harvesting Your Private Conversations ChatGPT Ad Blocker OpenAI Malware

“ChatGPT Ad Blocker” Extension Caught Harvesting Your Private Conversations

Do Son April 2, 2026

As OpenAI shifts toward serving advertisements to users on its free tier, a new wave of opportunistic...

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia UNC5221 HAFNIUM Extradition PRC State Espionage

UNC5221 HAFNIUM Extradition PRC State Espionage

The Triple-Headed Dragon: Inside the Three-Cluster Chinese Cyberespionage Campaign Targeting SE Asia

Do Son April 2, 2026

A recent investigation by Unit 42 researchers has exposed a massive, persistent cyberespionage campaign targeting a high-value...

Inside the BRUSHWORM Malware Campaign Bridging Air-Gaps with USB “Sleeper” Cells Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT