Security Archives - Page 3 of 46

Unmasking OrBit: How a Copied Open-Source Rootkit Stealthily Compromised Linux Servers for Years payload

Unmasking OrBit: How a Copied Open-Source Rootkit Stealthily Compromised Linux Servers for Years

Do Son May 18, 2026

The Linux malware known as OrBit, which has surreptitiously compromised servers and exfiltrated credentials for nearly four...

Root for All: New “Fragnasia” Vulnerability Grants Total Admin Control Over Linux Systems

Do Son May 15, 2026

A formidable vulnerability christened Fragnasia has been identified within the Linux ecosystem, permitting a standard user to...

The Mr_Rot13 Collective Weaponizes Critical cPanel CVE-2026-41940 to Deploy “Filemanager” RAT

Do Son May 14, 2026

Analysts from QiAnXin XLab have illuminated the clandestine operations of the Mr_Rot13 collective, an adversarial group that...

TeamPCP Leaks AI-Generated “Shai-Hulud” Source Code Targeting NPM Ecosystems

Do Son May 14, 2026

Yesterday, the TeamPCP collective—a threat actor specializing in supply chain incursions—released the source code for Shai-Hulud, an...

New USB Bypass Unlocks BitLocker on Windows 11 and Server 2025

Do Son May 14, 2026

Microsoft BitLocker, the proprietary encryption suite engineered to safeguard disk-bound data, has been compromised by a critical...

The 18-Year-Old Bug: Critical NGINX Heap Overflow CVE-2026-42945 Threatens 30% of the Web NGINX RIFT vulnerability patch

The 18-Year-Old Bug: Critical NGINX Heap Overflow CVE-2026-42945 Threatens 30% of the Web

Do Son May 14, 2026

NGINX, an F5 subsidiary and a cornerstone of global internet infrastructure, serves as one of the world’s...

The Global Yarbo Hack That Exposed Wi-Fi Passwords and 11,000 Robotic Sentinels Operation CACTUS Vulnerability Samlify vulnerability

The Global Yarbo Hack That Exposed Wi-Fi Passwords and 11,000 Robotic Sentinels

Do Son May 13, 2026

A man lay prostrate beneath a robotic lawnmower while a German cybersecurity operative remotely manipulated the machine...

The “Dead Man’s Switch” Alert: How the TanStack NPM Attack Wipes Your Files After Token Revocation

Do Son May 13, 2026

This week, the TanStack ecosystem—a cornerstone of modern web development—suffered a sophisticated security breach. Exploiting a procedural...

Supply Chain Alert: 84 TanStack NPM Packages Subverted in Massive GitHub Actions Exploit

Do Son May 12, 2026

The TanStack suite, a cornerstone of modern web development boasting over 50 million monthly downloads, has fallen...

Blade-Wielding Breach: How Hackers Can Remotely Hijack Yarbo Robot Mowers to Target Owners Virgin Media O2 National Vulnerability Database Hong Kong Cyber Law Zip bomb

Virgin Media O2 National Vulnerability Database Hong Kong Cyber Law Zip bomb

Blade-Wielding Breach: How Hackers Can Remotely Hijack Yarbo Robot Mowers to Target Owners

Do Son May 11, 2026

A robotic lawnmower weighing nearly a hundred kilograms sounds like a quintessential convenience for effortless yard maintenance—until...

Beyond Dirty Pipe: “Dirty Frag” Kernel Flaw Grants Instant Root Access to Major Linux Distros

Do Son May 11, 2026

A formidable new vulnerability has been unearthed within the Linux ecosystem, facilitating the acquisition of administrative privileges...

Supply Chain Infiltration: JDownloader Official Site Compromised with Python Remote Access Trojan

Do Son May 11, 2026

The official portal of the venerable free download utility JDownloader was compromised by adversaries between May 6...

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access vm2 sandbox escape CVE-2026-26956 Smartphone Vulnerabilities

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access

Do Son May 8, 2026

A critical vulnerability within the widely adopted vm2 library for Node.js has jeopardized services that execute third-party...

The Bridge to Your Phone: How the Pheno Module Hijacks Microsoft Phone Link to Siphon Private OTPs

Do Son May 7, 2026

Adversaries increasingly find that compromising a smartphone is no longer a prerequisite for intercepting messages containing one-time...

Sixty-Four Days of Silence: The cPanel Zero-Day That Compromised Millions Before a Patch Existed cPanel CVE-2026-41940 exploit

Sixty-Four Days of Silence: The cPanel Zero-Day That Compromised Millions Before a Patch Existed

Do Son May 7, 2026

A critical vulnerability within cPanel, of which server proprietors were apprised only in late April, has proven...

Security

Unmasking OrBit: How a Copied Open-Source Rootkit Stealthily Compromised Linux Servers for Years

Root for All: New “Fragnasia” Vulnerability Grants Total Admin Control Over Linux Systems

The Mr_Rot13 Collective Weaponizes Critical cPanel CVE-2026-41940 to Deploy “Filemanager” RAT

New USB Bypass Unlocks BitLocker on Windows 11 and Server 2025

The 18-Year-Old Bug: Critical NGINX Heap Overflow CVE-2026-42945 Threatens 30% of the Web

The Global Yarbo Hack That Exposed Wi-Fi Passwords and 11,000 Robotic Sentinels

The “Dead Man’s Switch” Alert: How the TanStack NPM Attack Wipes Your Files After Token Revocation

Supply Chain Alert: 84 TanStack NPM Packages Subverted in Massive GitHub Actions Exploit

Blade-Wielding Breach: How Hackers Can Remotely Hijack Yarbo Robot Mowers to Target Owners

Beyond Dirty Pipe: “Dirty Frag” Kernel Flaw Grants Instant Root Access to Major Linux Distros

Supply Chain Infiltration: JDownloader Official Site Compromised with Python Remote Access Trojan

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access

The Bridge to Your Phone: How the Pheno Module Hijacks Microsoft Phone Link to Siphon Private OTPs

Sixty-Four Days of Silence: The cPanel Zero-Day That Compromised Millions Before a Patch Existed

You may have missed

Metadata Exploitation: The Debate Over Telegram’s MTProto Tracking Vectors

Open-Source Post-Quantum Cryptography: Apple Exposes Core Security Libraries to Public Scrutiny

The Licensing Metamorphosis of Zed: Deleting the AGPL Constraint

Architectural Deprecation: Microsoft Office Phase-Out for Legacy Apple Platforms