infosec Archives • Page 6 of 45 • Daily CyberSecurity

JDownloader Site Breach Installs Rootkits that Kill Your Antivirus Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

JDownloader Site Breach Installs Rootkits that Kill Your Antivirus

Ddos May 13, 2026

In a sophisticated supply-chain attack, attackers compromised the official JDownloader website between May 6 and May 7,...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Ddos May 13, 2026

Security researchers are sounding the alarm on a highly resourceful new campaign dubbed “GemStuffer.” Uncovered by Socket’s...

Pre-Auth RCE Exposed: Apache HTTP Server Vulnerability and Exploit Code Hit the Public Apache HTTP Server RCE CVE-2026-23918 PoC

Pre-Auth RCE Exposed: Apache HTTP Server Vulnerability and Exploit Code Hit the Public

Ddos May 13, 2026

The detailed disclosure of a critical flaw in Apache HTTP Server 2.4.66 is now public. The vulnerability,...

Exploit Code Released: Public PoC Dumps for Windows BitLocker Bypass and SYSTEM Elevation Zero-Days BitLocker Bypass PoC Windows Zero-Day Exploit 2026

BitLocker Bypass PoC Windows Zero-Day Exploit 2026

Exploit Code Released: Public PoC Dumps for Windows BitLocker Bypass and SYSTEM Elevation Zero-Days

Ddos May 13, 2026

In a escalation of hostilities against Microsoft, a researcher known as Chaotic Eclipse (operating under the alias...

Critical-Severity XSS Flaws Uncovered in Siemens SIMATIC S7 Web Servers Siemens SIMATIC S7 Vulnerability Industrial PLC XSS CVE-2024-44102 - Siemens TeleControl Server Basic

Siemens SIMATIC S7 Vulnerability Industrial PLC XSS CVE-2024-44102 - Siemens TeleControl Server Basic

Critical-Severity XSS Flaws Uncovered in Siemens SIMATIC S7 Web Servers

Ddos May 13, 2026

Siemens ProductCERT issued an urgent security advisory regarding multiple Cross-Site Scripting (XSS) vulnerabilities found within the web...

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers WebdriverIO Command Injection CVE-2026-25244

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers

Ddos May 13, 2026

A critical security vulnerability has been found in WebdriverIO, a popular open-source test automation framework used for...

Microsoft Patch Tuesday May 2026 Netlogon RCE CVE-2026-41089 SharePoint Exploit Patch Tuesday Windows DWM Zero-Day CVE-2026-21519 CVE-2024-49039 Microsoft Patch Tuesday March 2025

Microsoft Patch Tuesday May 2026 Fixes 137 Flaws, Including Netlogon RCE and Critical SSO Bypass

Ddos May 13, 2026

Microsoft has dropped a heavy-hitting security update for May 2026, addressing a total of 137 vulnerabilities. This...

CVSS 10 Alert: SandboxJS Critical Escape Vulnerability Enables Host Takeover SandboxJS Sandbox Escape CVE-2026-43898 RCE

CVSS 10 Alert: SandboxJS Critical Escape Vulnerability Enables Host Takeover

Ddos May 13, 2026

The fundamental promise of any digital sandbox is strict isolation: providing a secure container where untrusted code...

PraisonAI CVE-2026-44338 Exploited in the Wild Hours After Patch Disclosure PraisonAI Authentication Bypass Exploited in the Wild CVE-2026-44338

PraisonAI Authentication Bypass Exploited in the Wild CVE-2026-44338

PraisonAI CVE-2026-44338 Exploited in the Wild Hours After Patch Disclosure

Ddos May 13, 2026

A new report from the Sysdig Threat Research Team (TRT) reveals that on May 11, 2026, a...

9.8 Critical Alert: One-Byte Heap Corruption in Exim Exposes Global Mail Servers to Takeover Exim RCE Vulnerability CVE-2026-45185 GnuTLS

9.8 Critical Alert: One-Byte Heap Corruption in Exim Exposes Global Mail Servers to Takeover

Ddos May 13, 2026

A “highest-caliber” vulnerability was found in Exim, one of the internet’s most widely used Mail Transfer Agents...

Fortinet Critical Alert: 9.1 Severity Flaws in FortiSandbox and FortiAuthenticator Risk Remote Takeover CVE-2023-36553 Fortinet Critical Vulnerabilities FortiSandbox CVE-2026-26083

CVE-2023-36553 Fortinet Critical Vulnerabilities FortiSandbox CVE-2026-26083

Fortinet Critical Alert: 9.1 Severity Flaws in FortiSandbox and FortiAuthenticator Risk Remote Takeover

Ddos May 13, 2026

Fortinet has issued a high-priority warning regarding two separate critical vulnerabilities affecting core security components: FortiSandbox and...

Multiple Memory Flaws in Dnsmasq Threaten Millions of Connected Devices dnsmasq Vulnerabilities DNS Cache Poisoning

Multiple Memory Flaws in Dnsmasq Threaten Millions of Connected Devices

Ddos May 13, 2026

In the foundational architecture of small-to-medium networks and home routing devices, dnsmasq is the open-source networking tool...

Critical Casdoor Vulnerability CVE-2026-44213 Allows Arbitrary File Overwrites Casdoor Arbitrary File Write CVE-2026-44213 Path Traversal

Critical Casdoor Vulnerability CVE-2026-44213 Allows Arbitrary File Overwrites

Ddos May 13, 2026

In the complex world of Identity and Access Management (IAM), the security of the gateway is paramount....

Critical Siemens ROS# Flaw Enables Arbitrary File Access and Host Takeover ROS# Path Traversal CVE-2026-41551 Siemens SIMATIC Auth Bypass, CVE-2025-40771 CVE-2024-22039 & CVE-2024-49775 CVE-2024-56336

ROS# Path Traversal CVE-2026-41551 Siemens SIMATIC Auth Bypass, CVE-2025-40771 CVE-2024-22039 & CVE-2024-49775 CVE-2024-56336

Critical Siemens ROS# Flaw Enables Arbitrary File Access and Host Takeover

Ddos May 12, 2026

In a significant security disclosure on May 12, 2026, Siemens ProductCERT issued an advisory regarding a critical...

Google Confirms First AI-Generated Zero-Day Exploit Found in the Wild AI-Built Zero-Day Exploit Google Threat Intelligence Report 2026

Google Confirms First AI-Generated Zero-Day Exploit Found in the Wild

Ddos May 12, 2026

The era of “theoretical” AI-driven cyber warfare has officially come to an end. In a report released...

Critical cPanel Auth Bypass CVE-2026-41940 Exploited by Thousands cPanel Authentication Bypass CVE-2026-41940 Exploitation

Critical cPanel Auth Bypass CVE-2026-41940 Exploited by Thousands

Ddos May 12, 2026

In the world of Linux server operations and virtual hosting management, cPanel & WHM is a cornerstone...

TrickMo’s Stealthy Upgrade: Android Banking Malware is Pivoting to The Open Network TrickMo banking trojan TON network malware

TrickMo’s Stealthy Upgrade: Android Banking Malware is Pivoting to The Open Network

Ddos May 12, 2026

Modern Android banking malware is undergoing a quiet, dangerous revolution. Rather than flashing new user-facing tricks, threat...

PamDOORa Backdoor Targets Linux PAM Stack to Steal Passwords and Wipe Logs PamDOORa Linux Backdoor PAM Stack Credential Harvesting

PamDOORa Backdoor Targets Linux PAM Stack to Steal Passwords and Wipe Logs

Ddos May 12, 2026

In the enterprise world, Linux servers are the bedrock of cloud environments and critical infrastructure. To protect...

Critical 9.8 Alert: Hard-Coded Credentials in Dell ECS and ObjectScale Leave Filesystems Exposed Dell ECS Security Update CVE-2026-40636 Hard-coded Credentials Dell Business Price Increase, RAM and SSD Shortage 2025 Dell Data Lakehouse, Critical Privilege Escalation Authentication Bypass Vulnerability CVE-2025-22398