infosec Archives • Page 44 of 45 • Daily CyberSecurity

PoC Exploit Released: Failed Windows Patch Leaks Kernel Secrets Windows Kernel Exploit CVE-2025-53136

PoC Exploit Released: Failed Windows Patch Leaks Kernel Secrets

Ddos January 19, 2026

A security patch intended to fix a Windows kernel vulnerability inadvertently created a new information disclosure flaw....

DragonForce: The Rise of a New “Ransomware Cartel” Built on LockBit and Conti DNA INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

DragonForce: The Rise of a New “Ransomware Cartel” Built on LockBit and Conti DNA

Ddos January 19, 2026

A comprehensive new analysis by security researchers at S2W details the inner workings of the DragonForce Ransomware...

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions Amazon Ads Blocker Affiliate Link Hijacking Malicious browser extensions

Amazon Ads Blocker Affiliate Link Hijacking Malicious browser extensions

Fake Productivity Tools: 5 Malicious Chrome Extensions Hijack Enterprise Sessions

Ddos January 19, 2026

A new and sophisticated campaign targeting enterprise environments has been uncovered by Socket’s Threat Research Team. Five...

KnownSec Data Leak Exposes State-Aligned Cyber Espionage Pipeline Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

KnownSec Data Leak Exposes State-Aligned Cyber Espionage Pipeline

Ddos January 19, 2026

A massive data leak from KnownSec, a prominent Beijing-based cybersecurity firm, has exposed the inner workings of...

Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

glibc Security Legacy DNS Flaws glibc Vulnerabilities Linux Security Alert glibc Vulnerability CVE-2026-0861

Decades-Old Flaw & New Heap Corruption: Critical glibc Bugs Revealed

Ddos January 19, 2026

The maintainers of the GNU C Library (glibc), the core library that underpins the vast majority of...

Keylogger Found Harvesting Credentials on Top US Bank’s Employee Store Bank Employee Store Breach Sansec Keylogger

Keylogger Found Harvesting Credentials on Top US Bank’s Employee Store

Ddos January 17, 2026

Security researchers at Sansec have discovered an active keylogger planted on the employee merchandise store of a...

Zero-Day Threat: UAT-8837 Targets North American Infrastructure Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Zero-Day Threat: UAT-8837 Targets North American Infrastructure

Ddos January 16, 2026

A sophisticated threat actor, tentatively linked to China, is aggressively targeting critical infrastructure in North America with...

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Ddos January 16, 2026

A routine utility often bundled with developer tools has been weaponized by cybercriminals to bypass security scanners...

Sicarii Ransomware Masquerades as Israeli Hacktivists AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Sicarii Ransomware Masquerades as Israeli Hacktivists

Ddos January 16, 2026

Security researchers at Check Point have released an analysis of Sicarii, a Ransomware-as-a-Service (RaaS) group that emerged...

Palo Alto Networks Firewalls Hit by Unauthenticated GlobalProtect DoS Flaw PAN-OS IKEv2 Buffer Overflow CVE-2026-0263 Palo Alto Cortex XDR Privilege Escalation Palo Alto Networks Vulnerability CVE-2026-0229 PAN-OS Vulnerability CVE-2026-0227 CVE-2024-5914 - Palo Alto Networks - CVE-2025-0108 & CVE-2025-0110

Palo Alto Networks Firewalls Hit by Unauthenticated GlobalProtect DoS Flaw

Ddos January 15, 2026

Palo Alto Networks has issued a warning to network administrators worldwide after discovering a high-severity vulnerability in...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome 144 Released: 10 Security Fixes Patch Dangerous V8 Engine Flaws

Ddos January 14, 2026

Google has officially promoted Chrome 144 to the stable channel, rolling out a crucial security update that...

Taiwan Faces 2.6 Million Cyberattacks Daily from China Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Taiwan Faces 2.6 Million Cyberattacks Daily from China

Ddos January 8, 2026

Recently, Taiwan’s National Security Bureau (NSB) has released a comprehensive report detailing a massive surge in state-sponsored...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Aiohttp Patches Seven Vulnerabilities Including High-Severity DoS Risks

Ddos January 6, 2026

Maintainers of aiohttp, the popular asynchronous HTTP client/server framework for Python, have released a sweeping security update...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Eaton UPS Software Flaws Expose Systems to High-Risk Code Execution

Ddos January 5, 2026

Power management giant Eaton dropped a critical security advisory on Christmas Eve, warning users of its UPS...

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

Ddos December 30, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has officially sounded the alarm on a critical vulnerability in...

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory MongoBleed, CVE-2025-14847

PoC Released: MongoBleed Exploit Allows Unauthenticated Attackers to Drain MongoDB Memory

Ddos December 29, 2025

Database administrators are facing a critical security emergency after the disclosure of a high-severity vulnerability in MongoDB,...

“Headphone Jacking”: Critical Flaws in Popular Earbuds Let Hackers Hijack Your Phone

Ddos December 29, 2025

Your Bluetooth headphones might be doing more than just playing your favorite tunes—they could be handing over...

The Christmas Drain: How a Backdoor in Trust Wallet v2.68 Stole $7M Trust Wallet Shai-Hulud attack, NPM supply chain crypto heist Trust Wallet supply-chain attack 2025, v2.68.0 malicious update

Trust Wallet Shai-Hulud attack, NPM supply chain crypto heist Trust Wallet supply-chain attack 2025, v2.68.0 malicious update

The Christmas Drain: How a Backdoor in Trust Wallet v2.68 Stole $7M

Ddos December 29, 2025

The well-known cryptocurrency wallet extension Trust Wallet appears to have recently fallen victim to a supply-chain attack....

Zimbra Under Siege: High-Severity LFI Vulnerability Exposes Internal Files to Unauthenticated Attackers

Ddos December 25, 2025

Administrators of the popular Zimbra Collaboration Suite (ZCS) are being urged to patch immediately after the discovery...

n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Under Fire: Critical CVSS 10.0 RCE Vulnerability Grants Total Server Access

Ddos December 22, 2025

The popular workflow automation tool n8n has issued a critical security alert after discovering a vulnerability that...