security Archives • Daily CyberSecurity

Critical 9.5 Severity: PHP SOAP Extension Flaw Enables Remote Code Execution CVE-2023-0662 PHP RCE Vulnerability CVE-2026-6722

Critical 9.5 Severity: PHP SOAP Extension Flaw Enables Remote Code Execution

Ddos May 11, 2026

For the system administrators and DevOps engineers who maintain the backbone of the internet, PHP is a...

Vim Modeline Vulnerability: How a Crafted File Can Hijack Your System Vim RCE Modeline Vulnerability Vim RCE Modeline Sandbox Bypass

Vim Modeline Vulnerability: How a Crafted File Can Hijack Your System

Ddos April 1, 2026

The Vim project has issued a critical security advisory regarding a high-severity vulnerability that could allow attackers...

Critical Vulnerability in Perl Core Modules Leaves Systems Exposed

Ddos March 31, 2026

A high-severity security flaw has been identified within the core of the Perl programming language. Designated as...

Scriban’s “Leaky” Cache: A 9.1 CVSS Sandbox Escape Hits 40 Million .NET Installs Scriban Vulnerability .NET Sandbox Escape

Scriban’s “Leaky” Cache: A 9.1 CVSS Sandbox Escape Hits 40 Million .NET Installs

Ddos March 30, 2026

A critical security flaw has been identified in Scriban, the popular high-performance scripting language and engine for...

QNAP Patches High-Severity SQL Injection and Path Traversal Flaws QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

QNAP Patches High-Severity SQL Injection and Path Traversal Flaws

Ddos January 5, 2026

Network-attached storage giant QNAP has issued a sweeping set of security advisories, patching critical vulnerabilities that could...

Data Disaster: Claude AI Executes rm -rf ~/ and Wipes Developer’s Mac Home Directory Claude Code human error Claude AI Data Wipe, Constraining AI Tools Anthropic lawsuit, AI copyright Claude Code, web editor

Claude Code human error Claude AI Data Wipe, Constraining AI Tools Anthropic lawsuit, AI copyright Claude Code, web editor

Data Disaster: Claude AI Executes rm -rf ~/ and Wipes Developer’s Mac Home Directory

Ddos December 16, 2025

An increasing number of developers are turning to AI-assisted tools to streamline their workflows. Yet as adoption...

Silent Supply Chain Attack: Malicious Go Typosquat Siphoned Data to Pastebin for Four Years Undetected Go Typosquatting, Pastebin Exfiltration

Silent Supply Chain Attack: Malicious Go Typosquat Siphoned Data to Pastebin for Four Years Undetected

Ddos December 9, 2025

The Socket Threat Research Team has uncovered a malicious Go package that operated undetected for over four...

Telegram Passkey SMS Login Replacement Telegram Zero-Click Vulnerability

No More SMS: Telegram is Developing Passkey Authentication for Secure Login

Ddos December 5, 2025

Telegram is currently developing passkey authentication, a move that will eventually free the platform from its long-standing...

Security Tightens: Let’s Encrypt Will Cap Certificate Validity at 45 Days by 2028 Let's Encrypt OCSP Support 45-Day Certificate Limit Let's Encrypt Automation

Let's Encrypt OCSP Support 45-Day Certificate Limit Let's Encrypt Automation

Security Tightens: Let’s Encrypt Will Cap Certificate Validity at 45 Days by 2028

Ddos December 3, 2025

Apple previously submitted a proposal to the CA/Browser Forum — the industry body governing certificate authorities and...

C Windows SecureBoot folder KB5089549 Windows 11 BSOD Microsoft Windows, Rust programming WINS Service Deprecation Windows Server DNS Migration Windows Driver Standard OEM Kernel Privileges Windows Agentic OS Task Manager Bug, Windows 11 Performance Windows 11, Microsoft, WinRE, Update Bug, Tech Support Windows 11 OOBE, Microsoft Account Mandatory Windows 11, SSD failures Windows 11 Recovery, Black Screen of Death Windows 11 Update Issue, KB5062324 Windows 11, Indicator Bar

Post-CrowdStrike: Microsoft to Phase Out OEM Kernel-Level Driver Privileges

Ddos November 20, 2025

For years, driver-related failures have appeared with relentless regularity. Whether produced by hardware manufacturers or software vendors,...

Android Sideloading Crackdown: Google to Verify All Apps, But Promises Power-User Bypass Android Sideloading Verification Advanced Sideloading Android AI Scam Defense, iOS Scam Comparison

Android Sideloading Verification Advanced Sideloading Android AI Scam Defense, iOS Scam Comparison

Android Sideloading Crackdown: Google to Verify All Apps, But Promises Power-User Bypass

Ddos November 13, 2025

In August, Google announced that beginning next year, it would introduce sideloading verification in select regions —...

Passwordless Future: Microsoft Edge 142 Rolls Out Cross-Platform Passkey Sync Passkey Synchronization, Edge Passkeys

Passwordless Future: Microsoft Edge 142 Rolls Out Cross-Platform Passkey Sync

Ddos November 4, 2025

In the recently released Microsoft Edge v142.0, Microsoft has introduced cross-platform passkey synchronization, a feature that allows...

IBM Partners with Anthropic to Embed Claude AI in New Development Tools, Reporting 45% Productivity Boost IBM CCA Vulnerability CVE-2025-13375 IBM Anthropic Partnership, AI Software Development watsonx Orchestrate, SQL injection CVE-2024-49803 - CVE-2024-41787 IBM Completes Acquisition HashiCorp

IBM CCA Vulnerability CVE-2025-13375 IBM Anthropic Partnership, AI Software Development watsonx Orchestrate, SQL injection CVE-2024-49803 - CVE-2024-41787 IBM Completes Acquisition HashiCorp

IBM Partners with Anthropic to Embed Claude AI in New Development Tools, Reporting 45% Productivity Boost

Ddos October 9, 2025

IBM recently announced a strategic partnership with Anthropic, aiming to deeply integrate Anthropic’s Claude generative AI models...

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS

Ddos September 25, 2025

Two vulnerabilities were found in WordPress Core, affecting all versions up to and including 6.8.2. Both flaws...

CVE-2025-10184: Unpatched OnePlus Flaw Exposes SMS Data & Breaks MFA, PoC Available OnePlus, US Investigation OnePlus vulnerability CVE-2025-10184

OnePlus, US Investigation OnePlus vulnerability CVE-2025-10184

CVE-2025-10184: Unpatched OnePlus Flaw Exposes SMS Data & Breaks MFA, PoC Available

Ddos September 24, 2025

Researchers at Rapid7 have disclosed a critical permission bypass vulnerability in OnePlus OxygenOS, tracked as CVE-2025-10184. The...

A New Way to Pay: Apple Wallet Is Getting a New Security Feature Apple Wallet iOS 26

A New Way to Pay: Apple Wallet Is Getting a New Security Feature

Ddos September 17, 2025

In iOS 26, Apple has introduced a new feature within the Wallet app that allows users to...

Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices Samsung zero-day Samsung Galaxy S25 Edge, Sales Performance Samsung Account, Inactive Accounts One UI 7 Samsung Update

Samsung zero-day Samsung Galaxy S25 Edge, Sales Performance Samsung Account, Inactive Accounts One UI 7 Samsung Update

Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices

Ddos September 15, 2025

Samsung has released security updates to patch a critical zero-day vulnerability actively exploited against Android devices. Tracked...

Unveiling BaoLoader: How One Malware Family Abuses Trust for 7 Years BaoLoader, code-signing abuse

Unveiling BaoLoader: How One Malware Family Abuses Trust for 7 Years

Ddos September 15, 2025

Expel researchers have lifted the veil on a long-running malware operation abusing the global trust model of...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk

Ddos September 15, 2025

The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational...

Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted

Ddos September 15, 2025

The U.S. energy industry has become a prime target for large-scale phishing operations in 2025, according to...