vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananMay 07, 2026Vulnerability / Software Security A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library...
security a
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Ravie LakshmananMay 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Ravie LakshmananMay 05, 2026Network Security / Endpoint Security A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Ravie LakshmananMay 05, 2026Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA)...
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
Ravie LakshmananMay 04, 2026Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities...
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
Ravie LakshmananApr 22, 2026Vulnerability / Container Security A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium...
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
Ravie LakshmananApr 20, 2026Open Source / Server Security A critical security vulnerability has been disclosed in SGLang that, if successfully...
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
Ravie LakshmananApr 17, 2026Vulnerability / Enterprise Security A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active...
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
Ravie LakshmananApr 14, 2026Vulnerability / Network Security A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in...
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
Ravie LakshmananApr 09, 2026Malware / Windows Security A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Ravie LakshmananApr 01, 2026Malware / Windows Security A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
Ravie LakshmananMar 30, 2026Threat Intelligence / Browser Security A new campaign has leveraged the ClickFix social engineering tactic as a...
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
Ravie LakshmananMar 28, 2026Vulnerability / Network Security A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway...
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
Ravie LakshmananMar 24, 2026Cybercrime / Network Security A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years...
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Ravie LakshmananMar 11, 2026DevSecOps / AI Security A threat actor known as UNC6426 leveraged keys stolen following the supply chain...
