misconfiguration Archives • Daily CyberSecurity

Sandworm’s Tactical Pivot: Russian GRU Abandons Zero-Days to Weaponize Misconfigured Edge Devices Sandworm Tactical Pivot, Edge Device Misconfiguration Russian cyber firms, Kremlin ties Sandworm MAX messenger

Sandworm Tactical Pivot, Edge Device Misconfiguration Russian cyber firms, Kremlin ties Sandworm MAX messenger

Sandworm’s Tactical Pivot: Russian GRU Abandons Zero-Days to Weaponize Misconfigured Edge Devices

Do Son December 17, 2025

A new report from Amazon Threat Intelligence reveals a disturbing evolution in Russian state-sponsored cyber operations. The...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials

Do Son November 11, 2025

A critical configuration flaw (CVE-2025-59396) has been discovered in WatchGuard Firebox devices, allowing remote attackers to gain...

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation CVE-2021-1435 Adobe AEM RCE, CVE-2025-54253

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation

Do Son October 16, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager (AEM) vulnerability to...

The Master Key: Exposed JSON File Gives Attackers Full Control of Azure AD Azure AD, misconfiguration

The Master Key: Exposed JSON File Gives Attackers Full Control of Azure AD

Do Son September 2, 2025

Resecurity’s HUNTER Team uncovered a severe misconfiguration: sensitive Azure Active Directory (Azure AD) application credentials exposed in...

Tencent Cloud’s Misconfiguration Exposed Internal Source Code and Credentials Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak

Tencent Cloud’s Misconfiguration Exposed Internal Source Code and Credentials

Do Son August 28, 2025

Cybersecurity researchers from CYBERNEWS recently published a report disclosing a serious security issue uncovered in Tencent Cloud,...

Massive Data Leak: Misconfigured Elasticsearch Server Exposes Hundreds of Millions of Swedish Records Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Massive Data Leak: Misconfigured Elasticsearch Server Exposes Hundreds of Millions of Swedish Records

Do Son July 25, 2025

Researchers at CYBERNEWS, during a routine scan of the internet, discovered a misconfigured Elasticsearch server containing a...

Hijacking the Cloud: How a Misconfigured App Can Become a Global Admin in Entra ID Entra ID Impersonation, Privilege Escalation

Hijacking the Cloud: How a Misconfigured App Can Become a Global Admin in Entra ID

Do Son July 18, 2025

In a comprehensive and technically expose, Datadog Security Labs has unveiled a privilege escalation method that allows...

Cloudflare’s 1.1.1.1 DNS Suffers Global Outage Due to Internal Configuration Error Cloudflare Outage, DNS Misconfiguration CloudFlare WARP attack

Cloudflare Outage, DNS Misconfiguration CloudFlare WARP attack

Cloudflare’s 1.1.1.1 DNS Suffers Global Outage Due to Internal Configuration Error

Do Son July 17, 2025

The 1.1.1.1 public DNS service operated by Cloudflare—second in global usage only to Google’s 8.8.8.8—experienced a large-scale...

JINX-0132: Cryptojackers Exploit Misconfigured DevOps Environments Cryptojacking, DevOps Security

JINX-0132: Cryptojackers Exploit Misconfigured DevOps Environments

Do Son June 3, 2025

Wiz Threat Research has uncovered a stealthy cryptojacking operation exploiting misconfigured DevOps environments. Dubbed “JINX-0132”, the campaign...

Aviation Industry Alert: 50,000+ Azure AD Records Exposed via Misconfigured API Azure AD, Data Exposure

Aviation Industry Alert: 50,000+ Azure AD Records Exposed via Misconfigured API

Do Son June 2, 2025

A serious data exposure incident in the aviation industry has been uncovered by CloudSEK’s BeVigil platform, revealing...

Critical Alert 1 Active Exploit Detected Today