security vulnerability Archives • Daily CyberSecurity

AI’s Open Secret: Why Your Cursor Extensions Can Silently Siphon Your API Keys Cursor AI Credential Theft AI Editor Security Oversight

AI’s Open Secret: Why Your Cursor Extensions Can Silently Siphon Your API Keys

Do Son April 30, 2026

In the fast-moving world of AI-assisted development, a significant security oversight has been uncovered in Cursor, a...

Microsoft Developer Account Suspension Microsoft Web Activation Portal Driver Signing Account Suspension Windows 11 Smart App Control Windows 11 SE end of support, Microsoft education hardware pivot Microsoft Product Activation Portal 2025, Windows telephone activation discontinued Windows Update Naming, Microsoft Update Microsoft earnings, OpenAI valuation VBScript deprecation Microsoft Pakistan, Office Closure Microsoft job cuts Microsoft Own AI Models

Microsoft’s Automated Suspensions Almost Silenced VeraCrypt and WireGuard

Do Son April 9, 2026

Previously, it was noted that the developer account for the renowned encryption software VeraCrypt was summarily suspended...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Accidental Overlord: How a PS5 Controller Mod Unlocked a 7,000-Unit Robot Vacuum Army

Do Son February 25, 2026

The vast majority of autonomous vacuum cleaners are equipped with integrated cameras and remote manipulation capabilities, with...

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure

Do Son December 12, 2025

The security saga surrounding React Server Components continues this week. Just days after the React team patched...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2025-10725 (CVSS 9.9): Red Hat OpenShift AI Privilege Escalation Flaw Could Lead to Full Cluster Compromise

Do Son October 1, 2025

The Red Hat Security team has disclosed a serious vulnerability in Red Hat OpenShift AI, a platform...

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public

Do Son September 29, 2025

Proof-of-concept exploit code is now publicly available online for a zero-day flaw in iOS/iPadOS, macOS, tvOS, watchOS,...

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens Formbricks Auth Bypass, CVE-2025-59934

CVE-2025-59934: Critical Flaw in Formbricks Allows Unauthorized Password Resets via Forged JWT Tokens

Do Son September 27, 2025

The Formbricks project, an open-source platform for building in-app and website surveys, has released an urgent patch...

CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users

Do Son September 26, 2025

The Apache Software Foundation has released a fix for Apache Airflow, a popular open-source platform for authoring,...

Critical XZ Backdoor Still Lurks in Docker Images, Posing Supply Chain Risk XZ backdoor, Docker Hub MIFARE classic backdoor C++/CLI IIS Backdoor

Critical XZ Backdoor Still Lurks in Docker Images, Posing Supply Chain Risk

Do Son August 13, 2025

The backdoor vulnerability in XZ-Utils first came to light in March 2024, and had it not been...

Zoom Patches Critical Flaw (CVE-2025-49457): Windows Users Face Privilege Escalation Risk Zoom Rooms LPE, Downgrade Protection Bypass Zoom High-Risk Flaws Zoom security updates

Zoom Rooms LPE, Downgrade Protection Bypass Zoom High-Risk Flaws Zoom security updates

Zoom Patches Critical Flaw (CVE-2025-49457): Windows Users Face Privilege Escalation Risk

Do Son August 13, 2025

Zoom has released security updates addressing two significant vulnerabilities in its Windows-based clients—CVE-2025-49456 and CVE-2025-49457—that could enable...

FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild FortiSIEM, Command Injection CVE-2025-25256

FortiSIEM, Command Injection CVE-2025-25256

FortiSIEM CVE-2025-25256 (CVSS 9.8): Remote Unauthenticated Command Injection with Exploit in the Wild

Do Son August 13, 2025

Fortinet has issued an urgent security advisory for a critical remote unauthenticated command injection vulnerability affecting multiple...

Windows Kernel Flaws Revealed: SYSTEM-Level Privilege Escalation & PoC Exploits Available Now! Windows Kernel, Privilege Escalation

Windows Kernel Flaws Revealed: SYSTEM-Level Privilege Escalation & PoC Exploits Available Now!

Do Son June 11, 2025

Security researcher Jael Koh of PixiePoint Security has unveiled the technical details and working proof-of-concept exploits for...

Google Self-Preferencing Fine Idealo Antitrust Damages Anthropic, Google TPUs Google DMA Compliance, Search Self-Preferencing Google Play Store Ruling, Epic Games Victory Google fine, ad tech Google lawsuit, privacy violation Gmail security, false alarm Google Play EU regulation Google Security, Phone Number Leak Google 2025 - Google China’s Anti-Monopoly Law Google monopoly, ad tech Pixel 7a battery, battery swelling

Google Account Flaw Exposed Phone Numbers: Brute-Force Attack Possible, Now Patched

Do Son June 10, 2025

In April, a researcher uncovered a security vulnerability within Google’s account system that allowed them to obtain...

Go Fixes Three Security Flaws: Update Your Apps Now! Go Security Update

Go Fixes Three Security Flaws: Update Your Apps Now!

Do Son June 9, 2025

The Go team has rolled out versions 1.24.4 and 1.23.10, addressing three critical security vulnerabilities affecting core...

Chrome Extension Security Alert: Hidden API Keys Expose 21M+ Users to Risk!

Do Son June 5, 2025

In a wide-reaching security investigation, Symantec has uncovered a troubling trend in the Chrome Web Store: hardcoded...

Path Traversal at Scale: Study Uncovers 1,756 Vulnerable GitHub Projects and LLM Contamination Path Traversal, LLM Vulnerabilities

Path Traversal at Scale: Study Uncovers 1,756 Vulnerable GitHub Projects and LLM Contamination

Do Son June 2, 2025

A study titled “Eradicating the Unseen” reveals the widespread presence of a critical path traversal vulnerability (CWE-22)...

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites Houzez theme - CVE-2024-22303 and CVE-2024-21743

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites

Do Son May 20, 2025

Imperva researchers have disclosed a newly discovered vulnerability in WordPress that could expose sensitive draft and private...

Critical Flaw Exposes Linux Security Blind Spot: io_uring Bypasses Detection io_uring vulnerability, Linux runtime security

Critical Flaw Exposes Linux Security Blind Spot: io_uring Bypasses Detection

Do Son April 28, 2025

ARMO researchers have uncovered a critical weakness in Linux runtime security tools, revealing how the io_uring interface...

Critical Bubble.io Vulnerability Exposes Apps to Data Theft via Elasticsearch, No Patch Bubble.io vulnerability, Elasticsearch exploit

Critical Bubble.io Vulnerability Exposes Apps to Data Theft via Elasticsearch, No Patch

Do Son April 18, 2025

Bubble.io, the increasingly popular no-code development platform, has been found to harbor a significant security vulnerability that...

Hitachi Vantara Patches Critical Resource Injection Flaw in Pentaho Hitachi Vantara, Pentaho

Hitachi Vantara Patches Critical Resource Injection Flaw in Pentaho

Do Son April 18, 2025

Hitachi Vantara has issued a critical security advisory addressing a serious vulnerability in its widely used Pentaho...

Critical Alert 1 Active Exploit Detected Today