Cyber Security
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution on the host system.
Cybersecurity
Fake Claude AI Site Delivers New Beagle Windows Backdoor
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download the AI assistant application.
Application Security
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
A critical unpatched Linux kernel privilege escalation flaw dubbed Dirty Frag lets local attackers gain root via a single command across major distributions.
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation deadline.
Application Security
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip's REST API as a covert C2 channel with code links ...
Cybersecurity
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
Application Security
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing keys for supply chain attacks.
Cybersecurity
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Nation-state-linked PCPJack malware framework worms across cloud environments via five CVEs, using parquet file evasion to harvest credentials from cloud and financial systems.
Cybersecurity
Virginia Contractor Convicted for Destroying Federal Databases
A Virginia man convicted of conspiring to destroy dozens of federal databases after being fired from his government contractor role, highlighting insider threat risks to ...
Cybersecurity
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Australia's Cyber Security Centre warned organizations about ClickFix social-engineering attacks using compromised WordPress sites to deliver Vidar Stealer via user-executed PowerShell commands.
Cybersecurity
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
Matthew Knoot and Erick Prince received 18-month federal sentences for laptop farm operations that placed North Korean IT workers inside U.S. companies under stolen American ...
Cybersecurity
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
California man Marlon Ferro, alias GothFerrari, received a 78-month federal sentence for home invasions, iCloud surveillance of victims, and money laundering in a ring that ...
Application Security
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
Disc Soft confirmed a build environment compromise that distributed trojanized DAEMON Tools Lite installers deploying an infostealer, backdoor, and QUIC RAT to users across 100+ ...
Cybersecurity
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to install covert SSH access and ...
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Sygnia incident responder Ryan Goldberg and DigitalMint ransomware negotiator Kevin Martin each received four-year federal prison sentences for deploying BlackCat/ALPHV against their own clients from ...
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Nefilim ransomware affiliate Artem Stryzhak, 35, faces sentencing May 6, 2026 after pleading guilty to conspiracy to commit computer fraud. Stryzhak targeted companies with $100M+ ...
Application Security
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell, dual-layer eBPF rootkit, and 7 ...
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
TOP CYBERSECURITY HEADLINES
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
This Week’s Security Spotlight
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Cybersecurity
When Amazon Sends the Phishing Email
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
A critical unpatched Linux kernel privilege escalation flaw dubbed Dirty Frag lets local attackers gain root via a single command across major distributions.
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation deadline.
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip's REST API as a covert C2 channel with code links ...
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing keys for supply chain attacks.
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Nation-state-linked PCPJack malware framework worms across cloud environments via five CVEs, using parquet file evasion to harvest credentials from cloud and financial systems.
Virginia Contractor Convicted for Destroying Federal Databases
A Virginia man convicted of conspiring to destroy dozens of federal databases after being fired from his government contractor role, highlighting insider threat risks to ...
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Australia's Cyber Security Centre warned organizations about ClickFix social-engineering attacks using compromised WordPress sites to deliver Vidar Stealer via user-executed PowerShell commands.
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
Matthew Knoot and Erick Prince received 18-month federal sentences for laptop farm operations that placed North Korean IT workers inside U.S. companies under stolen American ...
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
California man Marlon Ferro, alias GothFerrari, received a 78-month federal sentence for home invasions, iCloud surveillance of victims, and money laundering in a ring that ...
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
Disc Soft confirmed a build environment compromise that distributed trojanized DAEMON Tools Lite installers deploying an infostealer, backdoor, and QUIC RAT to users across 100+ ...
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Researchers disclosed PamDOORa, a commercial Linux backdoor sold on the Russian Rehub forum that exploits the PAM authentication framework to install covert SSH access and ...
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Sygnia incident responder Ryan Goldberg and DigitalMint ransomware negotiator Kevin Martin each received four-year federal prison sentences for deploying BlackCat/ALPHV against their own clients from ...
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Nefilim ransomware affiliate Artem Stryzhak, 35, faces sentencing May 6, 2026 after pleading guilty to conspiracy to commit computer fraud. Stryzhak targeted companies with $100M+ ...
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
Trend Micro on May 5, 2026 disclosed QLNX (Quasar Linux), a Linux implant targeting software developers with a 58-command shell, dual-layer eBPF rootkit, and 7 ...
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
CVE-2026-29014 in MetInfo CMS 7.9–8.1 is being actively exploited since April 25, 2026 via unauthenticated PHP injection achieving full server control. Patched April 7; ~2,000 ...
FTC Bans Data Broker Kochava from Selling Americans Location Data
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
CVE-2026-23918 is a CVSS 8.8 double-free in Apache HTTP Server 2.4.66 mod_http2, causing DoS on default deployments and RCE on Debian and Docker installations. Fixed ...