Supply Chain Security Archives • Daily CyberSecurity

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users Arcane Docker Vulnerability CVE-2026-45625

Critical 9.9 CVSS Flaw in Arcane Exposes GitOps Secrets to Basic Users

Ddos May 20, 2026

Arcane, the popular tool billed as “Modern Docker Management, Designed for Everyone”, has disclosed a severe security...

CVSS 10 Alert: SandboxJS Critical Escape Vulnerability Enables Host Takeover SandboxJS Sandbox Escape CVE-2026-43898 RCE

CVSS 10 Alert: SandboxJS Critical Escape Vulnerability Enables Host Takeover

Ddos May 13, 2026

The fundamental promise of any digital sandbox is strict isolation: providing a secure container where untrusted code...

The Dual CVSS 10.0 RCE Flaws Threatening Spinnaker Pipelines

Ddos April 21, 2026

A pair of critical remote code execution (RCE) vulnerabilities has been disclosed in Spinnaker, the heavyweight open-source...

Critical Hardcoded Credential Bug Hits Nexus Repository 3 Nexus Repository Vulnerability Hardcoded Credentials

Critical Hardcoded Credential Bug Hits Nexus Repository 3

Ddos April 16, 2026

In the world of DevSecOps, Sonatype Nexus Repository is a cornerstone for managing software artifacts and supply...

Supply Chain Sabotage: The Critical RCE Flaws Lurking in PHP Composer CVE-2026-40176, CVE-2026-40261 Composer GitHub Token Leak CVE-2026-45793

Supply Chain Sabotage: The Critical RCE Flaws Lurking in PHP Composer

Ddos April 14, 2026

In the PHP ecosystem, Composer is the undisputed heavy hitter for dependency management, responsible for orchestrating the...

The CPUID Watering Hole Attack Turning CPU-Z into a Trojan CVE-2023-22952 CPUID Watering Hole DLL Sideloading

The CPUID Watering Hole Attack Turning CPU-Z into a Trojan

Ddos April 13, 2026

In the world of system administration, few tools are as ubiquitous as CPU-Z and HWMonitor. These utilities...

Supply Chain Alert: Critical 9.4 CVSS RCE Hits Sonatype Nexus Repository Manager Nexus Repository RCE Supply Chain Security Nexus Repository Manager - CVE-2024-5082 & CVE-2024-5083

Supply Chain Alert: Critical 9.4 CVSS RCE Hits Sonatype Nexus Repository Manager

Ddos April 13, 2026

Security teams across the globe are being urged to move quickly as Sonatype has disclosed a critical...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Path Traversal Flaw in basic-ftp Exposes Node.js Apps to Arbitrary File Writes

Ddos March 2, 2026

With over 18 million downloads, basic-ftp is a cornerstone utility for Node.js developers, offering a robust, Promise-based...

Poisoned Comments: Critical Orval Flaw (CVE-2026-25141) Injects Code CVE-2026-25141 Orval Vulnerability CVE-2026-23947

Poisoned Comments: Critical Orval Flaw (CVE-2026-25141) Injects Code

Ddos February 4, 2026

A critical vulnerability has been discovered in Orval, a popular developer tool used to generate type-safe TypeScript...

Discontinued Library: High-Severity lz4-java Flaw (CVE‐2025‐12183) Forces Immediate Migration to Community Fork lz4-java Out-of-bounds Read, Library EOL

lz4-java Out-of-bounds Read, Library EOL

Discontinued Library: High-Severity lz4-java Flaw (CVE‐2025‐12183) Forces Immediate Migration to Community Fork

Ddos December 3, 2025

A high-severity vulnerability, tracked as CVE‐2025‐12183, has been disclosed in the popular lz4-java compression library, exposing applications...

PyPI Warns of Sophisticated Phishing Campaign Targeting Python Developers Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

PyPI Warns of Sophisticated Phishing Campaign Targeting Python Developers

Ddos July 29, 2025

The Python Package Index (PyPI), the central repository for Python developers around the world, has issued a...

PyPI Bans Inbox.ru After Massive Spam Campaign and 1,500+ Fake Project Uploads PyPI Spam, Package Impersonation

PyPI Bans Inbox.ru After Massive Spam Campaign and 1,500+ Fake Project Uploads

Ddos July 17, 2025

The Python Package Index (PyPI) has banned new account registrations and email additions from the inbox.ru domain,...

Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible! CI/CD Security, Cache Poisoning

Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible!

Ddos June 13, 2025

A newly disclosed vulnerability tracked as CVE-2025-36852 has shaken the foundation of modern CI/CD systems and supply...

Path Traversal at Scale: Study Uncovers 1,756 Vulnerable GitHub Projects and LLM Contamination Path Traversal, LLM Vulnerabilities

Path Traversal at Scale: Study Uncovers 1,756 Vulnerable GitHub Projects and LLM Contamination

Ddos June 2, 2025

A study titled “Eradicating the Unseen” reveals the widespread presence of a critical path traversal vulnerability (CWE-22)...

Jenkins Docker Images Vulnerable to SSH Host Key Reuse Jenkins - CVE-2024-43044 Jenkins vulnerability SSH host key reuse

Jenkins Docker Images Vulnerable to SSH Host Key Reuse

Ddos April 11, 2025

In the ever-evolving world of DevOps automation, Jenkins is a cornerstone tool powering countless build pipelines across...