infosec Archives • Page 27 of 45 • Daily CyberSecurity

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap OpenBao Vulnerability OIDC Session Hijacking

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap

Ddos March 30, 2026

The OpenBao community, the open-source initiative dedicated to managing and distributing sensitive data like secrets and certificates,...

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution Prototype Pollution node-convict Vulnerability

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution

Ddos March 30, 2026

A critical vulnerability has been uncovered in node-convict, the widely used configuration management library designed to make...

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent OpenTelemetry Java Vulnerability Java RCE Exploit

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

Ddos March 30, 2026

A critical vulnerability has been uncovered in the OpenTelemetry Instrumentation for Java, a popular tool used by...

The 30-Year Glitch: RCE and ARM Exploits Uncovered in libpng Reference Library libpng Vulnerability CVE-2026-25646 libpng Vulnerability Remote Code Execution (RCE)

libpng Vulnerability CVE-2026-25646 libpng Vulnerability Remote Code Execution (RCE)

The 30-Year Glitch: RCE and ARM Exploits Uncovered in libpng Reference Library

Ddos March 30, 2026

Security researchers have disclosed two significant vulnerabilities in libpng, the official reference library for Portable Network Graphics...

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS ClickFix Social Engineering Living-off-the-Land (LotL) Attacks

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS

Ddos March 30, 2026

A sophisticated social engineering technique known as ClickFix has transitioned from a niche tactic into a standardized,...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

EU Confirms Data Exfiltration in Attack on Europa.eu Cloud Infrastructure

Ddos March 30, 2026

The European Commission has disclosed a significant cyber-attack targeting the cloud infrastructure that hosts its primary web...

Vim Under Fire: High-Severity “Tabpanel” Bug Allows RCE via Simple File Open Vim RCE Modeline Vulnerability Vim RCE Modeline Sandbox Bypass

Vim Under Fire: High-Severity “Tabpanel” Bug Allows RCE via Simple File Open

Ddos March 30, 2026

A critical bug chain has been discovered in Vim, the ubiquitous text editor used by millions of...

Critical libfuse io_uring Vulnerabilities Threaten Linux and Kubernetes Infrastructure libfuse vulnerability io_uring exploit

Critical libfuse io_uring Vulnerabilities Threaten Linux and Kubernetes Infrastructure

Ddos March 30, 2026

The FUSE (Filesystem in Userspace) project, a staple of the Linux ecosystem that allows non-privileged users to...

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon TheGentlemen Ransomware z1.bat script

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon

Ddos March 30, 2026

Researchers have uncovered a “structured, maintained operational toolkit” belonging to an affiliate of TheGentlemen ransomware-as-a-service (RaaS) group....

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026) Vulnerability Triage CISA KEV List

The CVE Watchtower: Weekly Threat Intelligence Briefing (March 23 – March 29, 2026)

Ddos March 30, 2026

Whether you are steering the organizational ship as a CISO or maintaining the operational engines as a...

Pay2Key’s New Linux Ransomware Strips Server Defenses to Hijack x64 and ARM64 Infrastructure Pay2Key Linux Ransomware Linux Server Security

Pay2Key’s New Linux Ransomware Strips Server Defenses to Hijack x64 and ARM64 Infrastructure

Ddos March 30, 2026

The landscape of Linux-based threats is shifting. While historically under-documented compared to Windows counterparts, a new report...

SQL to SSH: Critical 9.1 CVSS RCE in Grafana Turns Monitoring into a Remote Hijack CVE-2022-29170 Grafana RCE SQL Expressions Flaw

SQL to SSH: Critical 9.1 CVSS RCE in Grafana Turns Monitoring into a Remote Hijack

Ddos March 29, 2026

The Grafana team has released an urgent security advisory following the discovery of two significant vulnerabilities that...

Inside the AI-Driven “Lure Factory” Flooding GitHub with Trojans AI-Generated Malware GitHub Trojan Campaign

Inside the AI-Driven “Lure Factory” Flooding GitHub with Trojans

Ddos March 29, 2026

A sophisticated and highly automated malware operation is currently flooding GitHub with hundreds of trojanized repositories. Dubbed...

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Tax Audits and WhatsApp Clones: How “Silver Fox” is Redefining Cyber-Espionage in South Asia

Ddos March 29, 2026

A new report from Sekoia’s Threat Detection & Research (TDR) team has detailed the curtain on Silver...

CISA Issues Three-Days Patch Mandate for Critical 9.8 F5 BIG-IP RCE State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

CISA Issues Three-Days Patch Mandate for Critical 9.8 F5 BIG-IP RCE

Ddos March 29, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical Remote Code Execution (RCE) vulnerability...

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors n8n RCE Automation Security n8n Vulnerability Prototype Pollution RCE

Critical 9.4 CVSS RCE Flaws in n8n Turn Workflows into Backdoors

Ddos March 27, 2026

Security researchers have disclosed two critical vulnerabilities in n8n, the popular fair-code workflow automation platform used by...

Critical 9.3 CVSS Auth Bypass and XSS Flaws Hit MantisBT MantisBT Vulnerability Authentication Bypass

Critical 9.3 CVSS Auth Bypass and XSS Flaws Hit MantisBT

Ddos March 27, 2026

Security researchers have identified a trio of significant vulnerabilities within MantisBT, the popular open-source issue tracking system...

Telegram Denies “Zero-Click” Sticker Exploit as 9.8 CVSS Security Alert Ignites a Global Standoff Telegram Zero-Click ZDI-CAN-30207

Telegram Denies “Zero-Click” Sticker Exploit as 9.8 CVSS Security Alert Ignites a Global Standoff

Ddos March 27, 2026

A critical security flaw has been unearthed in Telegram, the world’s leading encrypted messaging platform, drawing significant...

The Contagious Interview: How NICKEL ALLEY Turns Your “Dream Job” into a North Korean Crypto Nightmare NICKEL ALLEY Contagious Interview

The Contagious Interview: How NICKEL ALLEY Turns Your “Dream Job” into a North Korean Crypto Nightmare

Ddos March 27, 2026

In a digital era where remote work and freelance gigs are the norm, a sophisticated threat group...

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn PureHVNC RAT Google Forms Phishing

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn

Ddos March 27, 2026

A sophisticated new malware campaign is turning a trusted business tool into a launchpad for cyber espionage....

Critical Alert 1 Active Exploit Detected Today