infosec Archives • Page 26 of 45 • Daily CyberSecurity

The Return of Operation Triangulation: Coruna Exploit Kit Targets M3 and A17 Chips in Massive iOS Offensive Coruna Exploit Kit iOS Kernel Vulnerability

Coruna Exploit Kit iOS Kernel Vulnerability

The Return of Operation Triangulation: Coruna Exploit Kit Targets M3 and A17 Chips in Massive iOS Offensive

Ddos April 2, 2026

On March 4, 2026, reports from Google and iVerify shed light on Coruna, a highly sophisticated exploit...

macOS Malware Hijacks Ledger Live with “Invisible” Electron Archives OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

macOS Malware Hijacks Ledger Live with “Invisible” Electron Archives

Ddos April 2, 2026

The macOS threat landscape is evolving, moving away from simple malicious binaries toward sophisticated “trojanization” of the...

Ghost in the Drone: Unauthenticated Shell Access in PX4 Autopilot’s 9.8 CVSS Nightmare PX4 Autopilot Vulnerability MAVLink 2.0 Security

Ghost in the Drone: Unauthenticated Shell Access in PX4 Autopilot’s 9.8 CVSS Nightmare

Ddos April 1, 2026

A critical security advisory has been issued for the PX4 Autopilot system. The vulnerability, tracked as CVE-2026-1579,...

NocoBase Critical Alert: Sandbox Escape Grants Attackers Root Access NocoBase RCE Sandbox Escape

NocoBase Critical Alert: Sandbox Escape Grants Attackers Root Access

Ddos April 1, 2026

A critical vulnerability has been unearthed in NocoBase, the AI-powered platform designed for infinite extensibility. The flaw,...

ASUS Issues Security Patch for Router Vulnerability CVE-2023-39238 ASUS Router Update CVE-2025-15101

ASUS Issues Security Patch for Router Vulnerability

Ddos April 1, 2026

In a move to fortify home and office networks, ASUS has released a security update for several...

2 Million Monthly Users at Risk: Critical 9.3 CVSS SQL Injection Hits MikroORM in “Duck-Typed” Disaster MikroORM SQL Injection CVE-2026-34220

2 Million Monthly Users at Risk: Critical 9.3 CVSS SQL Injection Hits MikroORM in “Duck-Typed” Disaster

Ddos April 1, 2026

A critical vulnerability has been identified in MikroORM, a widely used TypeScript Object-Relational Mapper (ORM) for Node.js....

NVIDIA Patches High-Severity “Insecure Deserialization” Flaws in BioNeMo Framework NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA FLARE Vulnerability Federated Learning Security NVIDIA Jetson Linux Edge AI Security BioNeMo Vulnerability Insecure Deserialization NVIDIA RTX 50 Super delay NVIDIA Nsight Vulnerability Merlin Transformers4Rec NVIDIA AI Bubble $57 Billion Revenue H20 AI chip NVIDIA earnings Blackwell AI Nvidia DGX-1 Vulnerabilities CVE-2024-0143 NVIDIA Linux Gaming, VKD3D Performance

NVIDIA Patches High-Severity “Insecure Deserialization” Flaws in BioNeMo Framework

Ddos April 1, 2026

NVIDIA has issued an important security update for its BioNeMo Framework, a critical tool used by researchers...

NCSC’s High-Stakes Warning on State-Sponsored Hijacking of Your Messaging Apps Cyber Operations Messaging App Security State-Sponsored Hijacking

Cyber Operations Messaging App Security State-Sponsored Hijacking

NCSC’s High-Stakes Warning on State-Sponsored Hijacking of Your Messaging Apps

Ddos April 1, 2026

In an era where digital connectivity is the lifeblood of professional and personal life, the National Cyber...

Exploited in the Wild: Google Issues Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component Chrome Zero-Day CVE-2026-5281

Exploited in the Wild: Google Issues Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component

Ddos April 1, 2026

Google has released a critical security update for the Chrome Stable channel to address 21 security vulnerabilities....

Vim Modeline Vulnerability: How a Crafted File Can Hijack Your System Vim RCE Modeline Vulnerability Vim RCE Modeline Sandbox Bypass

Vim Modeline Vulnerability: How a Crafted File Can Hijack Your System

Ddos April 1, 2026

The Vim project has issued a critical security advisory regarding a high-severity vulnerability that could allow attackers...

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor

Ddos April 1, 2026

The Google Threat Intelligence Group (GTIG) has issued an urgent warning regarding a sophisticated software supply chain...

The Unpatched Kyverno SSRF Flaw That Turns Policies Into Cluster-Wide Backdoors Kyverno SSRF Kubernetes Policy Engine Kyverno Privilege Escalation CVE-2026-22039

Kyverno SSRF Kubernetes Policy Engine Kyverno Privilege Escalation CVE-2026-22039

The Unpatched Kyverno SSRF Flaw That Turns Policies Into Cluster-Wide Backdoors

Ddos March 31, 2026

A critical security boundary in Kubernetes environments has been compromised. A new vulnerability note from CERT/CC has...

Critical Vulnerability in Perl Core Modules Leaves Systems Exposed

Ddos March 31, 2026

A high-severity security flaw has been identified within the core of the Perl programming language. Designated as...

Public PoC Exploit and Full Details Disclosed for Nginx UI’s 9.4 CVSS Backup Flaw Backup Tampering Exploit

Public PoC Exploit and Full Details Disclosed for Nginx UI’s 9.4 CVSS Backup Flaw

Ddos March 31, 2026

The “one-click” simplicity of Nginx UI has hit a major security roadblock. Researchers have unveiled a critical...

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection CrewAI Vulnerabilities AI Agent Security

Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection

Ddos March 31, 2026

The rapidly growing field of multi-agent AI systems has hit a significant security speed bump. A new...

Under Active Attack: Nginx UI’s Critical 9.8 Vulnerability Exploited in the Wild Nginx UI RCE CVE-2026-42238 Nginx UI PoC CVE-2026-33032

Under Active Attack: Nginx UI’s Critical 9.8 Vulnerability Exploited in the Wild

Ddos March 31, 2026

The popular web-based management interface, Nginx UI, is under fire following the public disclosure of a critical...

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw

Ddos March 31, 2026

The digital ink had barely dried on the disclosure of CVE-2026-21962 before threat actors began a relentless...

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Ddos March 31, 2026

Security researchers at StepSecurity have issued an emergency warning regarding a high-stakes supply chain attack targeting axios,...

CISA Issues Emergency Mandate as Critical 9.3 NetScaler Flaw “Bleeds” Admin Sessions Citrix NetScaler Vulnerability CVE-2026-3055

CISA Issues Emergency Mandate as Critical 9.3 NetScaler Flaw “Bleeds” Admin Sessions

Ddos March 31, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability impacting Citrix NetScaler ADC...

High-Severity RCE Discovered in Foreman’s WebSocket Proxy Foreman RCE Command Injection

High-Severity RCE Discovered in Foreman’s WebSocket Proxy

Ddos March 30, 2026

Security researchers have identified a high-severity vulnerability in Foreman, the popular open-source lifecycle management tool used by...

Critical Alert 1 Active Exploit Detected Today