infosec Archives • Page 43 of 45 • Daily CyberSecurity

Foxveil: New Malware Loader Hides in Plain Sight Using Cloudflare and Discord Foxveil Malware

Foxveil: New Malware Loader Hides in Plain Sight Using Cloudflare and Discord

Ddos February 17, 2026

A new and elusive malware loader has been discovered prowling the legitimate infrastructure of the web, abusing...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Trusted Tool Weaponized: Lotus Blossom Hijacks Notepad++ Updates

Ddos February 16, 2026

A new report from Unit 42 has exposed a highly targeted supply chain attack that turned one...

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild

Ddos February 15, 2026

Google has pushed an urgent security update for its Chrome browser, racing to patch a high-severity zero-day...

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust Telegram Phishing Account Takeover

Telegram Phishing Campaign Hijacks Accounts by Abusing Trust

Ddos February 13, 2026

A new phishing campaign is targeting Telegram users by turning the platform’s own security features into a...

MongoDB Flaw Allows Unauthenticated Attackers to Crash Database Servers MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Vulnerability CVE-2026-25611 MongoDB zlib vulnerability, CVE-2025-14847 MongoDB Vulnerabilities, Data Access CVE-2024-6376 CVE-2025-0755

MongoDB Flaw Allows Unauthenticated Attackers to Crash Database Servers

Ddos February 12, 2026

MongoDB has issued a warning regarding a high-severity vulnerability that could allow attackers to remotely crash database...

CVE-2026-1603: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

CVE-2026-1603: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets

Ddos February 12, 2026

Ivanti has rolled out important security updates for its Endpoint Manager (EPM), addressing a pair of vulnerabilities...

Patch Panic: Microsoft Fixes 6 Active Zero-Days in Feb 2026 Update Microsoft Patch Tuesday May 2026 Netlogon RCE CVE-2026-41089 SharePoint Exploit Patch Tuesday Windows DWM Zero-Day CVE-2026-21519 CVE-2024-49039 Microsoft Patch Tuesday March 2025

Microsoft Patch Tuesday May 2026 Netlogon RCE CVE-2026-41089 SharePoint Exploit Patch Tuesday Windows DWM Zero-Day CVE-2026-21519 CVE-2024-49039 Microsoft Patch Tuesday March 2025

Patch Panic: Microsoft Fixes 6 Active Zero-Days in Feb 2026 Update

Ddos February 11, 2026

Microsoft has released its security update for February 2026, addressing 61 vulnerabilities across its ecosystem. But the...

Hiding in the Cloud: GuLoader Malware Evolves to Evade Detection GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Hiding in the Cloud: GuLoader Malware Evolves to Evade Detection

Ddos February 11, 2026

Zscaler ThreatLabz has released a deep-dive analysis of GuLoader (also known as CloudEye), revealing how this long-standing...

The “Compatibility” Trap: New Mac Malware Tricks Users into Bypassing TCC OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

The “Compatibility” Trap: New Mac Malware Tricks Users into Bypassing TCC

Ddos February 9, 2026

Mac users, often confident in the “walled garden” security of their devices, are facing a new threat...

ASUS Kills “File Shredder” Feature to Fix Critical Flaw ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS Kills “File Shredder” Feature to Fix Critical Flaw

Ddos February 3, 2026

ASUS has issued a mandatory update for its commercial computer line that completely removes a core security...

“Update” to Nightmare: eScan Antivirus Hacked to Distribute Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“Update” to Nightmare: eScan Antivirus Hacked to Distribute Malware

Ddos January 30, 2026

Security researchers at Morphisec have uncovered a massive compromise affecting eScan, an enterprise antivirus solution developed by...

Locked Out of the Crate: Microsoft’s “Smart” Security Cripples ASUS ROG Ally Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Locked Out of the Crate: Microsoft’s “Smart” Security Cripples ASUS ROG Ally

Ddos January 29, 2026

Microsoft Defender suite continues to exhibit erratic behavior, with the latest anomaly involving the Smart App Control...

HPE Aruba Patches High-Severity RCE and OpenSSL Flaws CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813

CVE-2024-42509 & CVE-2024-47460 HPE Aruba Fabric Composer CVE-2026-23592 Aruba AOS-CX CVE-2026-23813

HPE Aruba Patches High-Severity RCE and OpenSSL Flaws

Ddos January 28, 2026

HPE Aruba Networking has released a critical security advisory urging administrators to patch their Fabric Composer software...

Lock the Front Door: The “Localhost” Loophole Leaving Thousands of Clawdbot Agents Exposed Clawdbot security bypass

Lock the Front Door: The “Localhost” Loophole Leaving Thousands of Clawdbot Agents Exposed

Ddos January 27, 2026

The trending AI assistant utility Clawdbot is currently proliferating across social media, with a multitude of users...

Trusted Tool, Hidden Threat: Official EmEditor Installer Hijacked to Push Malware EmEditor Supply Chain Attack Trojanized Installer

Trusted Tool, Hidden Threat: Official EmEditor Installer Hijacked to Push Malware

Ddos January 27, 2026

A compromised installer for EmEditor, a text editor trusted by developers worldwide, has been used to distribute...

VoidLink: The First Advanced Malware Framework Architected Entirely by AI NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

VoidLink: The First Advanced Malware Framework Architected Entirely by AI

Ddos January 21, 2026

In a new report, Check Point Research (CPR) has unveiled “VoidLink,” a sophisticated malware framework that wasn’t...

Search Engine Exposed: Apache Solr Flaws Leak Data & Bypass Auth Apache Solr CVE-2022-39135 Apache Solr Vulnerabilities CVE-2026-22444

Search Engine Exposed: Apache Solr Flaws Leak Data & Bypass Auth

Ddos January 21, 2026

Apache Solr administrators are being urged to update their instances immediately following the disclosure of two moderate-severity...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Chrome 144 Patches High-Severity “Race” Condition in V8 Engine

Ddos January 21, 2026

Google has rolled out an important security update for the Chrome Stable channel, pushing version 144.0.7559.96/.97 to...

Redis RCE Exposed: Researchers Detail Exploit for “Simple” Stack Overflow in Official Containers Redis RCE Exploit CVE-2025-62507

Redis RCE Exposed: Researchers Detail Exploit for “Simple” Stack Overflow in Official Containers

Ddos January 21, 2026

Security researchers at JFrog Security Research have publicly disclosed a complete exploit chain for a high-severity vulnerability...

PDFSIDER Discovered: New APT Malware Uses DLL Side-Loading to Evade Detection PDFSIDER Malware DLL Side-Loading

PDFSIDER Discovered: New APT Malware Uses DLL Side-Loading to Evade Detection

Ddos January 20, 2026

A new and sophisticated malware variant dubbed PDFSIDER has been unearthed by researchers at Resecurity, marking the...