infosec Archives • Page 32 of 45 • Daily CyberSecurity

Leaving the Doors Unlocked: Critical 9.0 CVSS ScreenConnect Flaw Exposes Machine Keys ScreenConnect Vulnerability CVE-2026-3564

Leaving the Doors Unlocked: Critical 9.0 CVSS ScreenConnect Flaw Exposes Machine Keys

Ddos March 18, 2026

ConnectWise recently issued a critical security update for its ScreenConnect platform, addressing a significant vulnerability that could...

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems

Ddos March 18, 2026

Aryaka Threat Labs has unmasked a sophisticated malware operation dubbed BlackSanta. This Russian-speaking threat actor has spent...

Critical Craft CMS Flaw Grants Instant Admin Access Craft CMS Vulnerability CVE-2026-32267 CVE-2023-41892 Craft CMS CVE-2025-32432

Critical Craft CMS Flaw Grants Instant Admin Access

Ddos March 18, 2026

In the world of web development, the “Live Preview” button is a staple for content editors—a harmless...

New Ubuntu Vulnerability Turns System Cleanup into a Root Access Backdoor CIFSwitch local root exploit cifs-utils privilege escalation Linux Kernel Root Exploit CVE-2025-39946 PoC CVE-2023-2598 PoC Ubuntu LPE Vulnerability CVE-2026-3888

CIFSwitch local root exploit cifs-utils privilege escalation Linux Kernel Root Exploit CVE-2025-39946 PoC CVE-2023-2598 PoC Ubuntu LPE Vulnerability CVE-2026-3888

New Ubuntu Vulnerability Turns System Cleanup into a Root Access Backdoor

Ddos March 18, 2026

The Qualys Threat Research Unit has detailed a new Local Privilege Escalation (LPE) vulnerability, tracked as CVE-2026-3888,...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

The EU Strikes Back: New Sanctions Target Chinese and Iranian Cyber Threat Actors

Ddos March 18, 2026

In a decisive move to protect the digital sovereignty of its member states, the Council of the...

Pandora’s Box: IBM X-Force Uncovers Likely AI-Generated “Slopoly” Malware Weaponizable AI AI Cyber Threats

Pandora’s Box: IBM X-Force Uncovers Likely AI-Generated “Slopoly” Malware

Ddos March 18, 2026

Cybersecurity investigators at IBM X-Force have identified a disturbing new milestone in the evolution of digital threats:...

Critical Spring AI Flaws Expose Databases to SQL and JSONPath Injection Spring AI Vulnerability Remote Code Execution (RCE) Spring AI Vulnerability CVE-2026-22730

Spring AI Vulnerability Remote Code Execution (RCE) Spring AI Vulnerability CVE-2026-22730

Critical Spring AI Flaws Expose Databases to SQL and JSONPath Injection

Ddos March 17, 2026

Security researchers have issued a dual-threat alert for developers utilizing the Spring AI framework, a popular tool...

Publicly Disclosed: Bishop Fox Reveals Critical Pre-Auth SQL Injection in FortiClient EMS FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

FortiSandbox Vulnerability Unauthenticated RCE FortiClient EMS Vulnerability CVE-2026-21643 FortiClient EMS Vulnerability CVE-2026-21643 CVE-2023-34992 - CVE-2023-37936 Fortinet Vulnerabilities CVE-2025-64155

Publicly Disclosed: Bishop Fox Reveals Critical Pre-Auth SQL Injection in FortiClient EMS

Ddos March 17, 2026

Cybersecurity researchers at Bishop Fox have released a technical deep-dive into a critical vulnerability affecting FortiClient EMS,...

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights File Browser Vulnerability CVE-2026-32760

Instant Hijack: Critical 10.0 CVSS File Browser Flaw Grants Automatic Admin Rights

Ddos March 17, 2026

Security researchers have issued a high-priority alert for users of File Browser, a popular open-source self-hosted cloud...

Weaponized Browsers: How the ‘DRILLAPP’ Backdoor Turns Microsoft Edge into an Espionage Tool DRILLAPP Backdoor Browser Exploitation

Weaponized Browsers: How the ‘DRILLAPP’ Backdoor Turns Microsoft Edge into an Espionage Tool

Ddos March 17, 2026

Cybersecurity researchers at LAB52, the threat intelligence arm of S2 Group, have uncovered a novel campaign targeting...

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity Angular XSS Flaw Bypasses Built-In Sanitization

Ddos March 17, 2026

A significant security vulnerability has been unearthed in the Angular runtime and compiler, potentially exposing thousands of...

Operation CamelClone: New Global Espionage Campaign Hijacks Public Cloud Tools Operation CamelClone Cloud Storage Abuse

Operation CamelClone: New Global Espionage Campaign Hijacks Public Cloud Tools

Ddos March 17, 2026

Cybersecurity researchers at Seqrite Labs have identified a widespread and highly targeted espionage operation dubbed “Operation CamelClone”....

The Fake VPN Trap: Microsoft Warns of Storm-2561 SEO Poisoning Campaigns Stealing Corporate Credentials

Ddos March 17, 2026

Cybersecurity investigators at Microsoft Defender Experts have sounded the alarm on a deceptive credential theft campaign targeting...

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS OphimCMS Malware Packagist Supply Chain Attack

Malicious Packagist Themes Target Vietnamese OphimCMS Sites with Trojanized JS

Ddos March 17, 2026

Cybersecurity investigators at Socket’s Threat Research Team have sounded the alarm after discovering a cluster of malicious...

CISA Flags Actively Exploited Wing FTP Server Flaw Wing FTP Server CVE-2025-47813

CISA Flags Actively Exploited Wing FTP Server Flaw

Ddos March 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive after adding a new vulnerability...

Backdoored React Native Packages Target Developers with Crypto-Stealing Malware PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Backdoored React Native Packages Target Developers with Crypto-Stealing Malware

Ddos March 16, 2026

The JavaScript development community is on high alert following a coordinated supply chain attack targeting two popular...

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines TinaCMS Vulnerability CVE-2026-28792

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

Ddos March 16, 2026

Security researchers have exposed a devastating vulnerability in TinaCMS, a popular headless content management system used by...

Root of the Problem: Sudo Flaw Exposes Linux Systems to Local Privilege Escalation Sudo Vulnerability Local Privilege Escalation

Root of the Problem: Sudo Flaw Exposes Linux Systems to Local Privilege Escalation

Ddos March 16, 2026

A significant security vulnerability has been identified in Sudo, the ubiquitous utility that allows system administrators to...

High-Severity Flaw Exposes LiteSpeed Web Servers to OS Command Injection LiteSpeed Vulnerability CVE-2026-31386

High-Severity Flaw Exposes LiteSpeed Web Servers to OS Command Injection

Ddos March 16, 2026

A significant security warning has been issued for administrators utilizing LiteSpeed Web Server, a popular high-performance replacement...

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The $800M Inside Job: OFAC Sanctions North Korean IT Network Defrauding U.S. Businesses

Ddos March 16, 2026

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a major sanctions...

Critical Alert 1 Active Exploit Detected Today