infosec Archives • Page 35 of 45 • Daily CyberSecurity

Zscaler Uncovers 8,000+ Domains and APT Backdoors Exploiting Middle East Tensions Middle East Cyber Threats

Zscaler Uncovers 8,000+ Domains and APT Backdoors Exploiting Middle East Tensions

Ddos March 11, 2026

Zscaler ThreatLabz is currently tracking a significant surge in cybercriminal operations that capitalize on the elevated political...

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets DEV#POPPER OmniStealer

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets

Ddos March 11, 2026

The eSentire’s Threat Response Unit (TRU) recently uncovered a sophisticated campaign involving a Remote Access Trojan (RAT)...

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure CL-UNK-1068 Chinese APT

CL-UNK-1068: The Stealthy Chinese Threat Actor Haunting Asian Infrastructure

Ddos March 11, 2026

Since 2020, a sophisticated cluster of activity has been quietly infiltrating high-value organizations across South, Southeast, and...

Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation CVE-2022-36926 Zoom Vulnerability CVE-2026-30903

CVE-2022-36926 Zoom Vulnerability CVE-2026-30903

Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation

Ddos March 10, 2026

Zoom has released a series of security advisories detailing four significant vulnerabilities affecting its Windows clients, including...

The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV

Ddos March 10, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding three...

The Silent Rhythm: How BeatBanker Malware Uses a Looping Audio File to Hijack Android Devices BeatBanker Android Malware

The Silent Rhythm: How BeatBanker Malware Uses a Looping Audio File to Hijack Android Devices

Ddos March 10, 2026

In a sophisticated new campaign targeting users in Brazil, researchers at Kaspersky Labs have uncovered BeatBanker, an...

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Dutch Intelligence Warning: Russian State Actors Targeting Signal and WhatsApp

Ddos March 10, 2026

In a significant Cybersecurity Advisory released in March 2026, the Netherlands Defence Intelligence and Security Service (MIVD)...

Critical Alert: SAP’s Latest Security Update Fixes 9.8 CVSS RCE and Deserialization Flaws SAP Security Patches CVE-2026-27685 SAP Security Update CVE-2026-0488 CVE-2024-47578 - CVE-2025-0070 and CVE-2025-0066

SAP Security Patches CVE-2026-27685 SAP Security Update CVE-2026-0488 CVE-2024-47578 - CVE-2025-0070 and CVE-2025-0066

Critical Alert: SAP’s Latest Security Update Fixes 9.8 CVSS RCE and Deserialization Flaws

Ddos March 10, 2026

Today, 2026, SAP released its monthly security patch update, addressing 15 new security notes across its product...

Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Budibase RCE SSRF Vulnerability Budibase Vulnerabilities Authentication Bypass

Total Platform Compromise: Critical 9.6 CVSS Flaws in Budibase Expose Production Secrets

Ddos March 10, 2026

Budibase, the popular open-source low-code platform designed for building internal business applications, has released critical security patches...

Under Active Attack: Critical 9.8 CVSS Tutor LMS Pro Flaw Exploited in the Wild for Full Site Takeover CVE-2024-11972 - Hunk Companion

Under Active Attack: Critical 9.8 CVSS Tutor LMS Pro Flaw Exploited in the Wild for Full Site Takeover

Ddos March 10, 2026

A high-severity vulnerability has been uncovered in Tutor LMS Pro, a popular WordPress plugin used by over...

Home Network Alert: TP-Link Patches RCE Vulnerability in Archer AXE75 Routers

Ddos March 10, 2026

TP-Link has issued an urgent security advisory for users of its high-performance Archer AXE75 routers. A newly...

Kubernetes Security Alert: “Ingress-Nginx” Injection Flaw Risks Cluster-Wide Secret Exposure ingress-nginx Vulnerability CVE-2026-3288

Kubernetes Security Alert: “Ingress-Nginx” Injection Flaw Risks Cluster-Wide Secret Exposure

Ddos March 10, 2026

A critical security vulnerability has been identified in ingress-nginx, the widely used Ingress controller for Kubernetes. Tracked...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2026-0866: Malformed ZIP Headers Allow Malware to Slip Past EDR Scanners

Ddos March 10, 2026

A newly detailed vulnerability, CVE-2026-0866, is highlighting a fundamental blind spot in how many Antivirus (AV) and...

Fake CleanMyMac Site Unleashes SHub Stealer to Drain macOS Crypto Wallets SHub Stealer Mac Malware

Fake CleanMyMac Site Unleashes SHub Stealer to Drain macOS Crypto Wallets

Ddos March 10, 2026

Mac users are the target of a convincing new “brand impersonation” campaign that turns the popular utility...

Malicious “Hex Visualizer” Chrome Extension Targeting imToken Users Crypto Wallet Drainer ImToken Phishing

Malicious “Hex Visualizer” Chrome Extension Targeting imToken Users

Ddos March 10, 2026

In a sophisticated blend of deceptive branding and technical trickery, Socket’s Threat Research Team has uncovered a...

Critical 9.3 CVSS Flaw in Gogs Turns Repositories into Malware Delivery Vectors Gogs LFS Vulnerability CVE-2026-25921

Critical 9.3 CVSS Flaw in Gogs Turns Repositories into Malware Delivery Vectors

Ddos March 10, 2026

The Gogs project, a popular self-hosted Git service prized for its simplicity and painless setup, has been...

Agencies Issue Urgent Warning on INC Ransom Healthcare Attacks INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

Agencies Issue Urgent Warning on INC Ransom Healthcare Attacks

Ddos March 10, 2026

A new joint advisory released by the Australian Cyber Security Centre (ACSC), CERT Tonga, and New Zealand’s...

Critical Request Smuggling & Cache Flaws Discovered in Cloudflare’s Pingora Pingora Vulnerabilities Cloudflare Pingora

Critical Request Smuggling & Cache Flaws Discovered in Cloudflare’s Pingora

Ddos March 10, 2026

Security researchers have disclosed three significant vulnerabilities in Pingora, the high-performance Rust framework developed by Cloudflare to...

The Spy in Your Sidebar: Fake AI Browser Extensions Steal Data from 900,000 Users Malicious AI Extensions Chromium Browser Security

The Spy in Your Sidebar: Fake AI Browser Extensions Steal Data from 900,000 Users

Ddos March 10, 2026

A seemingly helpful AI assistant could be a silent spy in your browser. Microsoft Defender Security Research...

The ‘Contagious Interview’ Trap: How a Web3 CEO Unmasked North Korean Stealth Malware Contagious Interview North Korean Malware

The ‘Contagious Interview’ Trap: How a Web3 CEO Unmasked North Korean Stealth Malware

Ddos March 10, 2026

It started with a routine direct message on LinkedIn: a recruiter named “Nazar” pitching a role at...