infosec Archives • Page 7 of 45 • Daily CyberSecurity

Critical 9.6 Severity: SAP May 2026 Patch Day Fixes Dangerous S/4HANA and Commerce Cloud Flaws SAP Security Patch May 2026 CVE-2026-34260 S/4HANA CVE-2024-22127 - CVE-2025-27434 SAP Solution Manager Code Injection, Critical SAP Patch

Critical 9.6 Severity: SAP May 2026 Patch Day Fixes Dangerous S/4HANA and Commerce Cloud Flaws

Ddos May 12, 2026

Today, SAP released its monthly security patch update, addressing 15 new security notes. This month’s patch day...

“Lorem Ipsum” Loader Weaponizing Microsoft Teams via SEO Poisoning Lorem Ipsum Malware Microsoft Teams SEO Poisoning

“Lorem Ipsum” Loader Weaponizing Microsoft Teams via SEO Poisoning

Ddos May 12, 2026

A new and operationally disciplined threat actor has emerged, demonstrating just how quickly a “mid-tier” criminal group...

Vidar Stealer Weaponizes AutoIt and Masqueraded Scripts Vidar Stealer AutoIt File Extension Masquerading

Vidar Stealer Weaponizes AutoIt and Masqueraded Scripts

Ddos May 12, 2026

Threat actors are increasingly abandoning loud, easily identifiable malware in favor of subtle, script-based deceptions. A new...

Apache Tomcat RCE Details and Exploit Code Now Public Apache Tomcat RCE CVE-2026-34486

Apache Tomcat RCE Details and Exploit Code Now Public

Ddos May 12, 2026

A newly disclosed vulnerability was found in Apache Tomcat (CVE-2026-34486, CVSS 7.5). With the details of the...

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form PrestaShop XSS Vulnerability CVE-2026-44212

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form

Ddos May 12, 2026

PrestaShop, the global open-source e-commerce powerhouse known for its highly customizable PHP architecture and responsive design, has...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Ddos May 12, 2026

The software supply chain has just weathered another high-impact assault. The Socket Threat Research team has uncovered...

9.6 Severity: Critical “Cline” AI Agent Flaw Allows Stealthy RCE via Your Browser Cline AI Vulnerability Cross-Origin WebSocket Hijacking

9.6 Severity: Critical “Cline” AI Agent Flaw Allows Stealthy RCE via Your Browser

Ddos May 12, 2026

In the rapidly evolving world of AI-assisted development, tools like Cline have become indispensable, living in editors...

Proof-of-Concept Disclosed: New “BitUnlocker” Attack Bypasses Patched Windows 11 BitLocker via Certificate Downgrade BitUnlocker PoC BitLocker Downgrade Attack

BitUnlocker PoC BitLocker Downgrade Attack

Proof-of-Concept Disclosed: New “BitUnlocker” Attack Bypasses Patched Windows 11 BitLocker via Certificate Downgrade

Ddos May 12, 2026

In the world of cybersecurity, a “patch” is often viewed as the final word in a vulnerability’s...

Tactical Misdirection: The “Hologram” Malware Framework Hijacking AI Enthusiasts Hologram Malware Framework OpenClaw Malvertising

Tactical Misdirection: The “Hologram” Malware Framework Hijacking AI Enthusiasts

Ddos May 11, 2026

Netskope Threat Labs has recently uncovered a sophisticated, multi-wave campaign that has evolved from a simple credential...

AI Hijacked: Critical Claude Chrome Extension Flaw Allows Malicious Scripts to Control Your AI Claude Extension Vulnerability AI Agent Hijacking

Claude Extension Vulnerability AI Agent Hijacking

AI Hijacked: Critical Claude Chrome Extension Flaw Allows Malicious Scripts to Control Your AI

Ddos May 11, 2026

Artificial intelligence assistants are rapidly becoming integrated into our daily workflows, but what happens when a trusted...

The “JobStealer” Trojan Hijacking Crypto Wallets via Fake Meetings JobStealer Trojan Crypto Wallet Theft

The “JobStealer” Trojan Hijacking Crypto Wallets via Fake Meetings

Ddos May 11, 2026

The job market is tough enough without a scheduled interview turning into a devastating cyber heist. According...

Fileless Python Malware Uses Humanitarian Lures to Deploy Full-Spectrum Surveillance Python Cyberespionage Fileless Malware

Fileless Python Malware Uses Humanitarian Lures to Deploy Full-Spectrum Surveillance

Ddos May 11, 2026

According to the latest intelligence from Cyble Research and Intelligence Labs (CRIL), threat actors are actively demonstrating...

Root Access at Risk: Perl Injection and Symlink Flaws Hit cPanel & WHM cPanel WHM Vulnerabilities 2026 CVE-2026-29205 Arbitrary File Read cPanel Security Vulnerability Perl Injection Exploit cPanel Authentication WHM Security cPanel Privilege Escalation, Directory Traversal LPE

Root Access at Risk: Perl Injection and Symlink Flaws Hit cPanel & WHM

Ddos May 11, 2026

Web hosting administrators and infrastructure teams need to be on high alert. A recent security advisory has...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

The Q1 2026 Exploit Surge: AI Discovers the Flaws, APTs Reap the Rewards

Ddos May 11, 2026

The first quarter of 2026 has set a blistering and volatile pace for the cybersecurity industry, marked...

Zero-Click Shell: Public Exploit and PoC Disclosed for Android’s Critical ADB Auth Bypass (CVE-2026-0073) Android ADB Auth Bypass CVE-2026-0073 PoC

Zero-Click Shell: Public Exploit and PoC Disclosed for Android’s Critical ADB Auth Bypass (CVE-2026-0073)

Ddos May 11, 2026

A critical vulnerability existing within the core of Android’s developer tools has been exposed, revealing a zero-click...

Zero Installation, Total Compromise: Critical Grav CMS Exploit Chain Grants Unauthenticated RCE Grav CMS Vulnerability CVE-2026-42613

Zero Installation, Total Compromise: Critical Grav CMS Exploit Chain Grants Unauthenticated RCE

Ddos May 10, 2026

Grav, the widely used flat-file content management system, disclosures two highly critical vulnerabilities. The platform, celebrated for...

Trust Hijacked: Official JDownloader Website Breached to Distribute Malicious Installers JDownloader Breach Supply Chain Attack

Trust Hijacked: Official JDownloader Website Breached to Distribute Malicious Installers

Ddos May 9, 2026

When millions of users rely on a popular utility, the implicit trust placed in its official download...

Exploited in the Wild: “Dirty Frag” Linux Vulnerability Grants Instant Root Access Dirty Frag Vulnerability Linux Privilege Escalation

Exploited in the Wild: “Dirty Frag” Linux Vulnerability Grants Instant Root Access

Ddos May 9, 2026

The Linux ecosystem is facing a severe new security challenge that demands immediate attention from everyone, whether...

Critical Sandboxie Escape Flaws Grant Total SYSTEM Takeover Sandboxie Escape CVE-2026-34459

Critical Sandboxie Escape Flaws Grant Total SYSTEM Takeover

Ddos May 8, 2026

For years, security professionals and everyday tech users alike have relied on Sandboxie as a bulletproof glass...

Self-Spreading TCLBANKER Trojan Hijacks WhatsApp to Drain Accounts TCLBANKER Trojan REF3076 Malware

Self-Spreading TCLBANKER Trojan Hijacks WhatsApp to Drain Accounts

Ddos May 8, 2026

Elastic Security Labs has uncovered a highly sophisticated Brazilian banking trojan dubbed TCLBANKER, tracked under the campaign...