infosec Archives • Page 39 of 45 • Daily CyberSecurity

The Invisible Trap: How Hackers Weaponize the Internet’s Root Infrastructure (.arpa) to Bypass Security Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

The Invisible Trap: How Hackers Weaponize the Internet’s Root Infrastructure (.arpa) to Bypass Security

Ddos March 3, 2026

We all know the standard signs of a phishing email: bad spelling, urgent demands, and sketchy-looking “.com”...

OpenAI Exposes the Massive Global Underworld of Malicious AI OpenAI Threat Report Cyber Special Operations

OpenAI Exposes the Massive Global Underworld of Malicious AI

Ddos March 3, 2026

Artificial intelligence is now a part of everyday life, making the fight to keep it safe more...

Bridging the Gap: North Korean APT37 Deploys ‘Ruby Jumper’ to Infiltrate Isolated Air-Gapped Networks CVE-2024-3393 - Zservers sanctions

Bridging the Gap: North Korean APT37 Deploys ‘Ruby Jumper’ to Infiltrate Isolated Air-Gapped Networks

Ddos March 3, 2026

In a sophisticated escalation of cyber espionage, the North Korean-linked threat group APT37 (also known as ScarCruft...

The High Cost of ‘Free’: How PiviGames Became a Lovecraftian Malware Hub for HijackLoader and ACRStealer Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

The High Cost of ‘Free’: How PiviGames Became a Lovecraftian Malware Hub for HijackLoader and ACRStealer

Ddos March 3, 2026

In the world of PC gaming, the lure of “free” pirated content has always carried risks. However,...

Critical Backup Flaws Expose Vitess Environments to Complete Takeover Vitess Backup Poisoning CVE-2026-27969

Critical Backup Flaws Expose Vitess Environments to Complete Takeover

Ddos March 2, 2026

Vitess is a cloud-native horizontally-scalable distributed database system that is built around MySQL. It allows organizations to...

Critical 9.8 Flaw in Langflow’s AI CSV Agent Opens a Direct Path to Root Shell Langflow Vulnerability CVE-2026-42048 Langflow RCE CVE-2026-27966 Langflow Vulnerabilities CVE-2026-33017

Langflow Vulnerability CVE-2026-42048 Langflow RCE CVE-2026-27966 Langflow Vulnerabilities CVE-2026-33017

Critical 9.8 Flaw in Langflow’s AI CSV Agent Opens a Direct Path to Root Shell

Ddos March 2, 2026

Artificial intelligence is making it easier than ever to build complex applications, but a newly discovered vulnerability...

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers Vikunja Persistent Takeover CVE-2026-28268

Critical Flaws in Vikunja Expose Users to Persistent Account Takeovers

Ddos March 2, 2026

Vikunja is a popular open-source, self-hostable to-do application designed to help users organize their tasks using list,...

The Cryptography Trojan: Malicious Go Module Impersonates Foundational Library to Steal Passwords and Deploy Root Backdoors Go Supply Chain Attack Rekoobe Backdoor

The Cryptography Trojan: Malicious Go Module Impersonates Foundational Library to Steal Passwords and Deploy Root Backdoors

Ddos March 2, 2026

Socket’s Threat Research Team recently uncovered a dangerous new supply chain attack: a malicious Go programming module...

Dohdoor: New Stealth Backdoor Targets US Healthcare and Education Dohdoor Backdoor UAT-10027

Dohdoor: New Stealth Backdoor Targets US Healthcare and Education

Ddos March 2, 2026

A sophisticated cyber espionage campaign has been quietly infiltrating the United States education and healthcare sectors for...

The GTFire Scheme: How Cybercriminals are Weaponizing Google’s Trusted Services for Global Phishing GTFire Phishing Campaign Google Firebase Abuse

GTFire Phishing Campaign Google Firebase Abuse

The GTFire Scheme: How Cybercriminals are Weaponizing Google’s Trusted Services for Global Phishing

Ddos March 2, 2026

Modern cybercriminals are evolving, increasingly hiding their malicious activities within the very legitimate cloud services that businesses...

OCRFix: When Fake CAPTCHAs, AI, and Blockchains Collide to Build a Botnet OCRFix Malware Campaign ClickFix Tactic

OCRFix: When Fake CAPTCHAs, AI, and Blockchains Collide to Build a Botnet

Ddos March 2, 2026

A highly deceptive cyberattack is currently making the rounds, blending simple social engineering tricks with cutting-edge evasion...

CVE-2026-27728 (CVSS 10): Critical Command Injection Flaw in OneUptime Probe Enables Full Server Takeover OneUptime RCE CVE-2026-27728

CVE-2026-27728 (CVSS 10): Critical Command Injection Flaw in OneUptime Probe Enables Full Server Takeover

Ddos March 2, 2026

If your organization relies on OneUptime to keep a watchful eye on website availability, APIs, and online...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

Ddos March 2, 2026

With over 18 million downloads, basic-ftp is a cornerstone utility for Node.js developers, offering a robust, Promise-based...

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Angular hostname hijacking vulnerability Angular SSRF Origin Hijacking Angular XSS Vulnerability CVE-2026-32635 Angular i18n XSS CVE-2026-27970 Angular SSR SSRF CVE-2026-27739 Angular Vulnerability CVE-2026-22610 CVE-2025-59052 Angular security Angular XSS Bypass, SVG Injection

Steering the Server: Critical 9.2 Severity SSRF Flaw in Angular SSR Allows Internal Network Probing

Ddos March 2, 2026

Developers relying on Angular’s Server-Side Rendering (SSR) capabilities need to double-check their security configurations. A highly critical...

The New Voice of Fraud: Cybercrime ‘Supergroup’ Recruits Female Callers to Breach Corporate IT Help Desks CRussian Market, "Fly" (Flyded) hange Healthcare Cyberattack - CVE-2024-50603 Exploit

CRussian Market, "Fly" (Flyded) hange Healthcare Cyberattack - CVE-2024-50603 Exploit

The New Voice of Fraud: Cybercrime ‘Supergroup’ Recruits Female Callers to Breach Corporate IT Help Desks

Ddos March 2, 2026

Cybersecurity threats are no longer just about malicious code and zero-day vulnerabilities; they are increasingly about human...

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets UNC2814 Espionage GRIDTIDE Backdoor

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets

Ddos March 2, 2026

A massive, years-long cyber espionage campaign has been successfully dismantled. Recently, a coordinated effort led by the...

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

EV2GO Charging Platform ICSA-26-057-04 Lazarus Group, Crypto Hacks LazyStealer

Critical CISA Advisory Unmasks Severe Flaws in EV2GO Charging Networks

Ddos February 28, 2026

Electric vehicles are rapidly becoming the new standard on our roads, but the infrastructure powering them is...

Massive SonicWall Reconnaissance Campaign Signals Imminent Ransomware Strikes SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

Massive SonicWall Reconnaissance Campaign Signals Imminent Ransomware Strikes

Ddos February 28, 2026

Between February 22 and February 25, 2026, threat intelligence firm GreyNoise detected a highly coordinated reconnaissance campaign...

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain Stripe.net Typosquatting NuGet Supply Chain Attack

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain

Ddos February 27, 2026

Late last year, the cybersecurity community was put on high alert when the ReversingLabs research team uncovered...

The Explorer Trap: How Hackers Turn Windows File Explorer into a Silent Portal for Remote Access Trojans Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

The Explorer Trap: How Hackers Turn Windows File Explorer into a Silent Portal for Remote Access Trojans

Ddos February 27, 2026

Security researchers at Cofense Intelligence have uncovered a stealthy and growing malware delivery campaign that bypasses traditional...