infosec Archives • Page 29 of 45 • Daily CyberSecurity

Streaming Nightmare: Unpatched CVSS 10.0 Flaws Leave AVideo Servers Wide Open AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

Streaming Nightmare: Unpatched CVSS 10.0 Flaws Leave AVideo Servers Wide Open

Ddos March 25, 2026

AVideo, a popular streaming platform used by creators and businesses to manage and monetize video content, is...

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers LiteLLM PyPI Supply Chain Attack

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers

Ddos March 25, 2026

A relentless cyber-espionage campaign has expanded its reach into the heart of the AI development ecosystem. Security...

From Viewer to SYSTEM: Critical 10.0 CVSS Flaw in GeoVision ERM Allows Full Host Takeover GeoVision CVE-2026-4606 Local Privilege Escalation

From Viewer to SYSTEM: Critical 10.0 CVSS Flaw in GeoVision ERM Allows Full Host Takeover

Ddos March 25, 2026

In a major security alert for the surveillance industry, GeoVision has disclosed a critical vulnerability in its...

Tax Season Terror: Phishing Campaigns Weaponize Urgency to Deliver Remote Access Tools Tax Phishing ScreenConnect RAT

Tax Season Terror: Phishing Campaigns Weaponize Urgency to Deliver Remote Access Tools

Ddos March 24, 2026

As the April 15 tax deadline looms in the United States, a familiar digital predator has resurfaced....

High-Severity JSON Schema Flaw Threatens MariaDB Database Stability MariaDB Vulnerability JSON Schema Overflow

High-Severity JSON Schema Flaw Threatens MariaDB Database Stability

Ddos March 24, 2026

MariaDB, the widely used open-source relational database and community-developed fork of MySQL, has released critical updates to...

‘Keenadu’ Firmware Backdoor Hijacks Android from the Inside Out Keenadu Malware Android Firmware Backdoor

‘Keenadu’ Firmware Backdoor Hijacks Android from the Inside Out

Ddos March 24, 2026

Security analysts have uncovered a sophisticated firmware-level infection targeting the heart of the Android operating system. A...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Checkmarx Alert: Malicious Plugins and GitHub Actions Hit OpenVSX in New Supply Chain Attack

Ddos March 24, 2026

Today, security firm Checkmarx has identified a recent supply chain security incident. The breach involved the publication...

Master Keys and Open Backdoors: TP-Link Issues Urgent Patch for Archer NX-Series Routers

Ddos March 24, 2026

In a major security alert, TP-Link has released a series of critical firmware updates to patch several...

High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF

Ddos March 24, 2026

A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide...

8 High-Severity Risks Fixed: Chrome Desktop Update Fixes Critical Memory and Buffer Flaws Chrome Security Update High-Severity Flaws

8 High-Severity Risks Fixed: Chrome Desktop Update Fixes Critical Memory and Buffer Flaws

Ddos March 24, 2026

In a significant move to bolster user safety, a new Chrome Stable Channel Update has been launched...

Memory Leaks and Mixed Sessions: NetScaler’s Critical 9.3 CVSS Flaw Demands Immediate Action NetScaler Vulnerability CVE-2026-3055 Citrix VDA, Privilege Escalation NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

NetScaler Vulnerability CVE-2026-3055 Citrix VDA, Privilege Escalation NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

Memory Leaks and Mixed Sessions: NetScaler’s Critical 9.3 CVSS Flaw Demands Immediate Action

Ddos March 24, 2026

On March 23, 2026, Cloud Software Group released a high-priority security bulletin addressing two vulnerabilities in NetScaler...

Copyright Lures and “Fileless” Shadows: Inside the PureLog Stealer Campaign PureLog Stealer Fileless Malware

Copyright Lures and “Fileless” Shadows: Inside the PureLog Stealer Campaign

Ddos March 24, 2026

A highly organized malware campaign is currently stalking key industries by weaponizing something every professional fears: a...

Critical 9.1 CVSS Flaws Threaten Total Wazuh Cluster Takeover Wazuh Vulnerability Security Cluster RCE

Critical 9.1 CVSS Flaws Threaten Total Wazuh Cluster Takeover

Ddos March 24, 2026

Wazuh, the popular open-source security platform trusted by organizations to protect cloud and on-premises workloads, is facing...

One Character to Rule Them All: How a Missing Slash Bypasses gRPC-Go Security (CVE-2026-33186) gRPC-Go Vulnerability Authorization Bypass

One Character to Rule Them All: How a Missing Slash Bypasses gRPC-Go Security (CVE-2026-33186)

Ddos March 23, 2026

A significant security flaw has been identified in gRPC-Go, the high-performance Go implementation of the gRPC framework....

PoC Exploit Code Now Public: Windows .lnk Shortcut Flaw Leaks Sensitive Network Data Windows .lnk Vulnerability CVE-2026-25185

PoC Exploit Code Now Public: Windows .lnk Shortcut Flaw Leaks Sensitive Network Data

Ddos March 23, 2026

Security researcher Christopher Paschen of TrustedSec has unveiled a vulnerability within a ubiquitous part of the Windows...

The Undocumented Backdoor: Critical 10.0 CVSS Flaw Hits WAGO Managed Switches

Ddos March 23, 2026

A severe vulnerability has been uncovered in several models of WAGO Managed Switches, potentially leaving industrial networks...

Vibe Coding the Apocalypse: McAfee Uncovers AI-Generated Malware Scaling Global Attacks AI-Generated Malware Vibe Coding Attacks

Vibe Coding the Apocalypse: McAfee Uncovers AI-Generated Malware Scaling Global Attacks

Ddos March 23, 2026

A widespread malware campaign has been caught casting a massive net across the internet, hiding malicious code...

The “Accidental” Breach: How a Misconfigured Endpoint Led to a Major SharePoint Data Leak Spring Boot Actuator Malware-less Attack

The “Accidental” Breach: How a Misconfigured Endpoint Led to a Major SharePoint Data Leak

Ddos March 23, 2026

A recent investigation by Trend Micro has revealed a case study where a devastating data exfiltration incident...

New “StoatWaffle” Malware Emerges in North Korean “Contagious Interview” Campaign StoatWaffle WaterPlum

New “StoatWaffle” Malware Emerges in North Korean “Contagious Interview” Campaign

Ddos March 23, 2026

A new modular malware threat has been identified in the wild, signaling a shift in tactics for...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled

Ddos March 23, 2026

The past seven days have been an exceptionally busy period for cybersecurity defenders. Between March 16 and...

Critical Alert 1 Active Exploit Detected Today