infosec Archives • Page 34 of 45 • Daily CyberSecurity

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines Xygeni Tag Poisoning CVE-2026-31976

The Mutable Tag Trap: Critical 9.4 CVSS Attack on Xygeni GitHub Action Exposes CI/CD Pipelines

Ddos March 12, 2026

In a sophisticated supply chain manipulation, the xygeni-action GitHub Action was recently targeted by a critical “tag...

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers Contagious Interview Invisible Ferret

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers

Ddos March 12, 2026

A recent report from Microsoft Defender Experts sheds light on the “Contagious Interview” campaign, a sophisticated social...

CISA Mandates Urgent Patch for Maximum 10.0 CVSS n8n RCE Flaw n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Mandates Urgent Patch for Maximum 10.0 CVSS n8n RCE Flaw

Ddos March 12, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a new, high-stakes entry to its Known...

High-Privilege Havoc: Splunk Patches RCE Flaw Lurking in File Previews Splunk Enterprise Vulnerabilities CVE-2026-20240 Splunk RCE CVE-2026-20204 Splunk RCE Vulnerability CVE-2026-20163 Splunk Enterprise Vulnerabilities CVE-2026-20140 Splunk Permission Flaw, Local Privilege Escalation Splunk Vulnerabilities CVE-2024-53247 - Splunk Secure Gateway App CVE-2025-20229 & CVE-2025-20231

High-Privilege Havoc: Splunk Patches RCE Flaw Lurking in File Previews

Ddos March 12, 2026

Splunk has released a critical security advisory regarding a high-severity Remote Command Execution (RCE) vulnerability, tracked as...

Cyber Escalation in the Middle East: Disruption, Deception, and the Quest for Data

Ddos March 12, 2026

A new report from Rapid7 Labs highlights a significant spike in retaliatory cyber activity targeting both regional...

Root Access via CLI: Cisco Patches Critical IOS XR Privilege Escalation Flaws Cisco IOS XR Vulnerability CVE-2026-20040

Root Access via CLI: Cisco Patches Critical IOS XR Privilege Escalation Flaws

Ddos March 12, 2026

Cisco has issued a high-priority security advisory regarding multiple vulnerabilities in its IOS XR Software that could...

The Dark Side of Telegram: How Cybercriminals Weaponize Bot APIs for Stealthy Data Exfiltration

Ddos March 12, 2026

While millions use Telegram for secure, instant messaging, a darker side of the platform is emerging in...

Chrome 146 Arrives with 29 Security Fixes: Critical WebML Flaw Discovered Chrome 146 Security CVE-2026-3913

Chrome 146 Arrives with 29 Security Fixes: Critical WebML Flaw Discovered

Ddos March 12, 2026

Google has officially promoted Chrome 146 to the stable channel for Windows, Mac, and Linux, kicking off...

Code Red: GitLab’s Latest Security Update Patches High-Severity XSS and API DoS Vulnerabilities GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

Code Red: GitLab’s Latest Security Update Patches High-Severity XSS and API DoS Vulnerabilities

Ddos March 12, 2026

GitLab has released critical security updates—versions 18.9.2, 18.8.6, and 18.7.6—for both Community Edition (CE) and Enterprise Edition...

Operation False Siren: The Weaponization of Israel’s Red Alert App for Geo-Fenced Espionage Goldoon Botnet Operation False Siren Red Alert Spyware

Goldoon Botnet Operation False Siren Red Alert Spyware

Operation False Siren: The Weaponization of Israel’s Red Alert App for Geo-Fenced Espionage

Ddos March 12, 2026

A highly targeted mobile espionage campaign has been uncovered targeting Israeli citizens. Dubbed Operation False Siren, this...

Gaslighting Android: How the ‘Digital Lutera’ Attack Uses LSPosed to Bypass UPI SIM-Binding UPI SIM-Binding Bypass LSPosed Framework

Gaslighting Android: How the ‘Digital Lutera’ Attack Uses LSPosed to Bypass UPI SIM-Binding

Ddos March 12, 2026

According to a critical new report from CloudSEK, threat actors have moved beyond simple app modifications to...

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

WordPress 6.9.2 WordPress 6.9.2 WordPress Security Update WordPress Security Update WordPress.org Suspended

The ‘Must-Patch’ Release: WordPress 6.9.2 Scrambles to Fix 10 Critical Flaws from XSS to SSRF

Ddos March 11, 2026

The WordPress security team has issued an urgent call to action following the release of WordPress 6.9.2...

High-Severity SQL Injection in Ally WordPress Plugin Threatens 400K Sites Ally Plugin Vulnerability SQL Injection

High-Severity SQL Injection in Ally WordPress Plugin Threatens 400K Sites

Ddos March 11, 2026

A high-severity SQL Injection vulnerability was found in Ally, a popular web accessibility and usability WordPress plugin....

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

The Default Danger: Maximum 10.0 CVSS Vulnerability Leaves Honeywell IQ4x Controllers Wide Open

Ddos March 11, 2026

A critical security flaw has been uncovered in the Honeywell IQ4x Building Management System (BMS) Controller family,...

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday March 2026: 93 Vulnerabilities Addressed, Including Two Zero-Days

Ddos March 11, 2026

The March 2026 edition of Microsoft Patch Tuesday has arrived, bringing a massive wave of security updates...

Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE OneUptime Vulnerabilities CVE-2026-30956

Maximum 10.0 CVSS Flaws in OneUptime Allow Full Account Takeovers and RCE

Ddos March 11, 2026

OneUptime, a popular multi-tenant platform for monitoring websites and APIs, has released urgent patches to address two...

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Ddos March 11, 2026

In the modern development landscape, supply chain attacks remain one of the most effective ways for threat...

APT-C-23 Weaponized Israel’s ‘Red Alert’ App for Mobile Espionage Red Alert Trojan APT-C-23

APT-C-23 Weaponized Israel’s ‘Red Alert’ App for Mobile Espionage

Ddos March 11, 2026

The Acronis Threat Research Unit (TRU) has identified a calculated campaign distributing a trojanized version of the...

Microsoft Exposes How Hackers Use Generative Models as a Force Multiplier Malicious AI AI Memory Poisoning

Microsoft Exposes How Hackers Use Generative Models as a Force Multiplier

Ddos March 11, 2026

The same AI technologies revolutionizing global productivity are now being “operationalized” by cyber adversaries to sharpen their...

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads Claude Code Malvertising Amatera Malware

The Vibe-Coding Trap: Fake Claude Code Installers Unleash Amatera Malware via Search Ads

Ddos March 11, 2026

In the fast-paced world of AI development, “vibe-coding” has become a popular term for rapid, experimental building....