Cyber Security
Application Security
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
CVE-2026-7482, dubbed 'Bleeding Llama,' exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to version 0.17.1 is available.
Application Security
JDownloader Website Hacked to Serve Python RAT Malware
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
NVIDIA confirmed a GeForce NOW data breach via Armenian partner GFN.am, exposing names, emails, and phone numbers of users registered before March 9, 2026.
Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
Cybersecurity
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
German and Spanish authorities shut down the relaunched Crimenetwork dark web marketplace and arrested its 35-year-old German operator in Mallorca under a European arrest warrant.
Cybersecurity
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
Application Security
cPanel and WHM Patch Three CVEs, Two Rated High Severity
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution on the host system.
Cybersecurity
Fake Claude AI Site Delivers New Beagle Windows Backdoor
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download the AI assistant application.
Application Security
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
A critical unpatched Linux kernel privilege escalation flaw dubbed Dirty Frag lets local attackers gain root via a single command across major distributions.
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation deadline.
Application Security
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip's REST API as a covert C2 channel with code links ...
Cybersecurity
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
Application Security
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing keys for supply chain attacks.
Cybersecurity
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Nation-state-linked PCPJack malware framework worms across cloud environments via five CVEs, using parquet file evasion to harvest credentials from cloud and financial systems.
Application Security
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
TOP CYBERSECURITY HEADLINES
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
This Week’s Security Spotlight
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
German and Spanish authorities shut down the relaunched Crimenetwork dark web marketplace and arrested its 35-year-old German operator in Mallorca under a European arrest warrant.
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
cPanel and WHM Patch Three CVEs, Two Rated High Severity
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution on the host system.
Fake Claude AI Site Delivers New Beagle Windows Backdoor
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download the AI assistant application.
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
A critical unpatched Linux kernel privilege escalation flaw dubbed Dirty Frag lets local attackers gain root via a single command across major distributions.
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation deadline.
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip's REST API as a covert C2 channel with code links ...
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing keys for supply chain attacks.
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Nation-state-linked PCPJack malware framework worms across cloud environments via five CVEs, using parquet file evasion to harvest credentials from cloud and financial systems.
Virginia Contractor Convicted for Destroying Federal Databases
A Virginia man convicted of conspiring to destroy dozens of federal databases after being fired from his government contractor role, highlighting insider threat risks to ...
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Australia's Cyber Security Centre warned organizations about ClickFix social-engineering attacks using compromised WordPress sites to deliver Vidar Stealer via user-executed PowerShell commands.
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
Matthew Knoot and Erick Prince received 18-month federal sentences for laptop farm operations that placed North Korean IT workers inside U.S. companies under stolen American ...