Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
Ravie LakshmananMay 08, 2026Linux / DevOps A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems...
Ravie
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Ravie LakshmananMay 08, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's...
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Ravie LakshmananMay 08, 2026Linux / Vulnerability Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the...
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ravie LakshmananMay 07, 2026Vulnerability / Network Security Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM)...
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Ravie LakshmananMay 07, 2026Threat Intelligence / Cloud Security Cybersecurity researchers have disclosed details of a new credential theft framework dubbed...
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Ravie LakshmananMay 07, 2026Vulnerability / Cyber Espionage Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully...
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Ravie LakshmananMay 07, 2026Hacking News / Cybersecurity News Bad week. Turns out the easiest way to get hacked in 2026...
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Ravie LakshmananMay 07, 2026Malware / Threat Intelligence Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository...
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananMay 07, 2026Vulnerability / Software Security A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library...
Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks
Ravie LakshmananMay 06, 2026Android / Data Security Google has announced expanded Binary Transparency for Android as a way to safeguard...
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Ravie LakshmananMay 06, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have disclosed details of an intrusion that involved the use...
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Ravie LakshmananMay 06, 2026Vulnerability / Network Security Palo Alto Networks has released an advisory warning that a critical buffer overflow...
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
Ravie LakshmananMay 05, 2026Vulnerability / Server Security The Apache Software Foundation (ASF) has released security updates to address several security...
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Ravie LakshmananMay 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Ravie LakshmananMay 05, 2026Network Security / Endpoint Security A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to...
