infosec Archives • Page 38 of 45 • Daily CyberSecurity

Critical RCE Vulnerability Discovered in OpenStack Vitrage Root Cause Analysis Service OpenStack Vitrage RCE CVE-2026-28370

Critical RCE Vulnerability Discovered in OpenStack Vitrage Root Cause Analysis Service

Ddos March 4, 2026

Security researcher Khalil Lemtaffah from Nokia has identified a critical remote code execution (RCE) vulnerability in OpenStack...

Critical Auth Bypass in Apache Artemis: Attackers Can Hijack Message Queues ActiveMQ security flaws Jolokia web console exploit ActiveMQ RCE Jolokia Spring Vulnerability ActiveMQ MQTT Vulnerability CVE-2025-66168 Apache Artemis Vulnerability CVE-2026-27446

ActiveMQ security flaws Jolokia web console exploit ActiveMQ RCE Jolokia Spring Vulnerability ActiveMQ MQTT Vulnerability CVE-2025-66168 Apache Artemis Vulnerability CVE-2026-27446

Critical Auth Bypass in Apache Artemis: Attackers Can Hijack Message Queues

Ddos March 4, 2026

A critical security vulnerability has been uncovered in Apache Artemis, the high-performance, multi-protocol message broker used by...

Django Releases Security Patches to Address DoS and Permission Vulnerabilities Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Releases Security Patches to Address DoS and Permission Vulnerabilities

Ddos March 4, 2026

The Django security team has issued important updates for all supported versions of the framework to address...

CISA Adds Qualcomm and VMware Flaws to Known Exploited Catalog Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Adds Qualcomm and VMware Flaws to Known Exploited Catalog

Ddos March 4, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding two...

Critical Vulnerabilities in AVideo: From SQL Injection to Remote Code Execution AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

AVideo RCE YPTSocket Vulnerability AVideo Vulnerabilities Streaming Platform Security AVideo Vulnerabilities CVE-2026-28501

Critical Vulnerabilities in AVideo: From SQL Injection to Remote Code Execution

Ddos March 4, 2026

Security researchers have identified two severe vulnerabilities in AVideo, a popular open-source video streaming platform used by...

WordPress Security Alert: Critical Privilege Escalation Flaw in Popular Membership Plugin WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Security Alert: Critical Privilege Escalation Flaw in Popular Membership Plugin

Ddos March 4, 2026

A massive security hole has been discovered in the User Registration & Membership plugin for WordPress, a...

OAuth Hijack: Phishing Campaigns Weaponize Legitimate Redirection to Bypass Defenses OAuth Phishing Redirect URI Abuse

OAuth Hijack: Phishing Campaigns Weaponize Legitimate Redirection to Bypass Defenses

Ddos March 4, 2026

Microsoft Defender researchers have exposed a series of sophisticated phishing campaigns that exploit the inherent trust in...

ClickFix Alert: Fake Venture Capitalists Target Web3 Pros with “Terminal” Phishing ClickFix Malware Crypto VC Scam

ClickFix Alert: Fake Venture Capitalists Target Web3 Pros with “Terminal” Phishing

Ddos March 4, 2026

Cybersecurity researchers at Moonlock Lab have unmasked a coordinated malware operation targeting cryptocurrency and Web3 professionals. The...

Trojanized FileZilla FTP Client Targets Developer Credentials via DLL Sideloading FileZilla Malware DLL Hijacking

Trojanized FileZilla FTP Client Targets Developer Credentials via DLL Sideloading

Ddos March 4, 2026

Cybersecurity researchers from Malwarebytes have identified a dangerous new campaign circulating a trojanized version of the popular...

Critical RCE Flaw in Qwik Framework Allows Server Takeover via Single Request Qwik RCE CVE-2026-27971

Critical RCE Flaw in Qwik Framework Allows Server Takeover via Single Request

Ddos March 4, 2026

Security researchers have identified a critical vulnerability in Qwik, the popular web framework known for its “instant-on”...

The BurrowShell Threat: Inside ‘Sloppy Lemming’s’ Stealthy Cyber Espionage Campaign in South Asia Sloppy Lemming BurrowShell Malware

The BurrowShell Threat: Inside ‘Sloppy Lemming’s’ Stealthy Cyber Espionage Campaign in South Asia

Ddos March 4, 2026

Cybersecurity researchers at Arctic Wolf have released a comprehensive analysis of a massive, year-long cyber espionage operation...

AuraStealer: The “Result-Oriented” Malware Rising from the Post-Lumma Void AuraStealer Malware Infostealer

AuraStealer: The “Result-Oriented” Malware Rising from the Post-Lumma Void

Ddos March 4, 2026

Following the high-profile takedown of the Lumma stealer infrastructure in 2025, a new threat is rapidly maneuvering...

The Trojan Prompt: How an Autonomous AI Hijacked Aqua Trivy to Weaponize Developer Copilots AI Prompt Injection Aqua Trivy Breach AI Assistant Apertus, open-source AI .ai domain milestone

AI Prompt Injection Aqua Trivy Breach AI Assistant Apertus, open-source AI .ai domain milestone

The Trojan Prompt: How an Autonomous AI Hijacked Aqua Trivy to Weaponize Developer Copilots

Ddos March 4, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated security breach affecting the popular Aqua Trivy VS Code...

PlugX Evolves: New “Meeting Invitation” Phishing Campaign Leverages Trusted Security Software Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

PlugX Evolves: New “Meeting Invitation” Phishing Campaign Leverages Trusted Security Software

Ddos March 4, 2026

Cybersecurity researchers at LAB52 have released a detailed analysis of a new infection chain for the long-running...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Cyber Escalation: Multi-Vector Attacks Surge Following “Operation Epic Fury”

Ddos March 3, 2026

In the wake of the massive joint offensive launched by the United States and Israel on February...

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware

Ddos March 3, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated multi-stage malware operation, dubbed “StegaBin,” specifically designed to harvest...

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Security Alert: Android March 2026 Update Targets Actively Exploited Zero-Day

Ddos March 3, 2026

Google has released its most substantial security update in years, addressing a total of 129 vulnerabilities in...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2026-2256: Unpatched Flaw in MS-Agent Lets Hackers Hijack AI Assistants

Ddos March 3, 2026

We are officially entering the era of the “autonomous agent”—smart AI programs that don’t just chat with...

Beyond the Router: How the Zerobotv9 Botnet is Hijacking Enterprise Automation Zerobotv9 Botnet n8n Vulnerability VMware ESXi Ransomware

Beyond the Router: How the Zerobotv9 Botnet is Hijacking Enterprise Automation

Ddos March 3, 2026

According to a recent investigation by the Akamai Security Intelligence and Response Team (SIRT), a notorious malware...

High-Severity XSS Flaw in Angular i18n Turns Language Files into Backdoors Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

High-Severity XSS Flaw in Angular i18n Turns Language Files into Backdoors

Ddos March 3, 2026

A newly security flaw was found in the widely used Angular web building platform. Identified as CVE-2026-27970...