infosec

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn PureHVNC RAT Google Forms Phishing

PureHVNC RAT Google Forms Phishing

Google Forms Weaponized: New “PureHVNC” Campaign Targets Professionals via LinkedIn

Do Son March 27, 2026

A sophisticated new malware campaign is turning a trusted business tool into a launchpad for cyber espionage....

Inside MioLab, the Professional MaaS Hijacking macOS and Hardware Wallets OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

Inside MioLab, the Professional MaaS Hijacking macOS and Hardware Wallets

Do Son March 27, 2026

For years, macOS enjoyed a reputation as a “safe haven” from the rampant malware plagues affecting other...

Proof-of-Concept Released: Public Exploit Details for Windows Error Reporting LPE (CVE-2026-20817) Windows LPE CVE-2026-20817 PoC

Windows LPE CVE-2026-20817 PoC

Proof-of-Concept Released: Public Exploit Details for Windows Error Reporting LPE (CVE-2026-20817)

Do Son March 27, 2026

Researcher Clément Labro published a deep-dive analysis and a functional Proof-of-Concept (PoC) exploit for a critical security...

Critical 9.8 CVSS SpEL Injection and SSRF Flaws Hit Spring AI Framework Spring AI Vulnerability Remote Code Execution (RCE)

Spring AI Vulnerability Remote Code Execution (RCE)

Critical 9.8 CVSS SpEL Injection and SSRF Flaws Hit Spring AI Framework

Do Son March 26, 2026

Spring AI, the popular framework for integrating Artificial Intelligence into Java applications, is facing a series of...

BIND 9 Security Alert: ISC Releases Patches for Trio of Vulnerabilities CVE-2023-3341 BIND 9 Security DNS ACL Bypass

CVE-2023-3341 BIND 9 Security DNS ACL Bypass

BIND 9 Security Alert: ISC Releases Patches for Trio of Vulnerabilities

Do Son March 26, 2026

The Internet Systems Consortium (ISC) has issued an important security advisory for BIND 9, the world’s most...

High-Severity strongSwan Flaw Enables Remote VPN Gateway Crashes libstrongswan double-free exploit strongSwan CVE-2026-47895 CVE-2023-41913 strongSwan Vulnerability VPN Denial of Service

libstrongswan double-free exploit strongSwan CVE-2026-47895 CVE-2023-41913 strongSwan Vulnerability VPN Denial of Service

High-Severity strongSwan Flaw Enables Remote VPN Gateway Crashes

Do Son March 26, 2026

A high-severity security vulnerability has been uncovered in strongSwan, the widely used open-source IPsec-based VPN solution. The...

Zabbix API Vulnerability: High-Severity SQL Injection Threatens Network Monitoring Security Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix API Vulnerability: High-Severity SQL Injection Threatens Network Monitoring Security

Do Son March 26, 2026

A high-severity security vulnerability has been identified in the Zabbix API, a popular open-source monitoring solution used...

DHCP Down: High-Severity Stack Overflow Flaw Threatens to Paralyze Kea Networks critical BIND 9 flaws Kea DHCP Vulnerability CVE-2026-3608 CVE-2022-1183 CVE-2025-40779 Kea DHCP, vulnerability

critical BIND 9 flaws Kea DHCP Vulnerability CVE-2026-3608 CVE-2022-1183 CVE-2025-40779 Kea DHCP, vulnerability

DHCP Down: High-Severity Stack Overflow Flaw Threatens to Paralyze Kea Networks

Do Son March 26, 2026

The Internet Systems Consortium (ISC) has issued a high-severity security advisory regarding a critical vulnerability affecting the...

Critical RCE Flaw in PTC Windchill and FlexPLM Puts Product Data at Risk PTC Windchill RCE Insecure Deserialization

PTC Windchill RCE Insecure Deserialization

Critical RCE Flaw in PTC Windchill and FlexPLM Puts Product Data at Risk

Do Son March 26, 2026

PTC has issued a high-priority security advisory regarding a critical vulnerability affecting its Windchill and FlexPLM product...

GhostClaw Rising: AI-Assisted Malware Campaign Targets macOS via Malicious GitHub Repos GhostClaw Malware GitHub Supply Chain

GhostClaw Malware GitHub Supply Chain

GhostClaw Rising: AI-Assisted Malware Campaign Targets macOS via Malicious GitHub Repos

Do Son March 26, 2026

Jamf Threat Labs has released a new report detailing the evolution of GhostClaw, a sophisticated malware campaign...

The Rise of SILENTCONNECT: New Stealthy Loader Exploits Trusted Cloud Giants SILENTCONNECT loader RMM abuse

SILENTCONNECT loader RMM abuse

The Rise of SILENTCONNECT: New Stealthy Loader Exploits Trusted Cloud Giants

Do Son March 26, 2026

Elastic Security Labs has uncovered a sophisticated new infection chain involving a previously undocumented loader dubbed SILENTCONNECT....

NAS Under Siege: Critical 9.8 CVSS Bug in Synology Telnet Opens the Door to Total Hijack Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

NAS Under Siege: Critical 9.8 CVSS Bug in Synology Telnet Opens the Door to Total Hijack

Do Son March 26, 2026

Synology has issued an urgent security update for its DiskStation Manager (DSM) operating system to address a...

The Backup Backdoor: How a Simple File Edit Grants Full SYSTEM Control in IDrive for Windows IDrive Vulnerability Privilege Escalation

IDrive Vulnerability Privilege Escalation

The Backup Backdoor: How a Simple File Edit Grants Full SYSTEM Control in IDrive for Windows

Do Son March 26, 2026

A critical local privilege escalation vulnerability has been discovered in the IDrive Cloud Backup Client for Windows,...

F5 Out-of-Band Security Alert: Multiple Vulnerabilities Unveiled in NGINX Plus and Open Source NGINX heap buffer overflow vulnerability NGINX Vulnerability Buffer Overflow CVE-2024-24989, CVE-2024-24990 NGINX ACME

NGINX heap buffer overflow vulnerability NGINX Vulnerability Buffer Overflow CVE-2024-24989, CVE-2024-24990 NGINX ACME

F5 Out-of-Band Security Alert: Multiple Vulnerabilities Unveiled in NGINX Plus and Open Source

Do Son March 25, 2026

In a significant out-of-band security notification released on March 24, 2026, F5 has disclosed several critical and...

Node.js Issues Security Updates: High-Severity DoS and Permission Bypasses Patched CVE-2024-21892 Node.js Security Update Server Crash Vulnerability

CVE-2024-21892 Node.js Security Update Server Crash Vulnerability

Node.js Issues Security Updates: High-Severity DoS and Permission Bypasses Patched

Do Son March 25, 2026

The Node.js project has released a critical sweep of security updates across its 20.x, 22.x, 24.x, and...

Squid Caching Proxy Alert: Critical ICP Protocol Flaws Threaten Web Infrastructure CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

Squid Caching Proxy Alert: Critical ICP Protocol Flaws Threaten Web Infrastructure

Do Son March 25, 2026

Squid, the widely deployed open-source caching proxy, has been hit with a trio of significant security vulnerabilities...

GitLab Critical Alert: High-Severity Flaws Allow App Impersonation and AI Token Leaks GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Critical Alert: High-Severity Flaws Allow App Impersonation and AI Token Leaks

Do Son March 25, 2026

GitLab has released a critical security advisory alongside versions 18.10.1, 18.9.3, and 18.8.7 for its Community (CE)...

AI Infrastructure at Risk: NVIDIA Fixes Critical 9.0 RCE Flaw in Apex Library (CVE-2025-33244) NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

AI Infrastructure at Risk: NVIDIA Fixes Critical 9.0 RCE Flaw in Apex Library (CVE-2025-33244)

Do Son March 25, 2026

NVIDIA has issued an urgent security update for its Apex library to remediate a critical vulnerability that...

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack Harbor Registry Supply Chain Attack

Harbor Registry Supply Chain Attack

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack

Do Son March 25, 2026

The CERT Coordination Center (CERT/CC) has issued a critical security warning regarding GoHarbor’s Harbor, a widely used...

Code in the Wild: Full Technical Deep-Dive and Public GitHub PoC Released for Critical Linux TLS Root Exploit CIFSwitch local root exploit cifs-utils privilege escalation Linux Kernel Root Exploit CVE-2025-39946 PoC CVE-2023-2598 PoC Ubuntu LPE Vulnerability CVE-2026-3888

CIFSwitch local root exploit cifs-utils privilege escalation Linux Kernel Root Exploit CVE-2025-39946 PoC CVE-2023-2598 PoC Ubuntu LPE Vulnerability CVE-2026-3888

Code in the Wild: Full Technical Deep-Dive and Public GitHub PoC Released for Critical Linux TLS Root Exploit

Do Son March 25, 2026

Security researcher Ramdhan at StarLabs has published a deep-dive technical analysis of a critical vulnerability in the...