Tag: exploit
-
CISA Warns of Actively Exploited Google Chromium 0″‘Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The agency’s inclusion of this bug serves as a mandate for federal agencies to apply necessary…
-
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
-
Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident
<div cla An attacker’s initial access, whether through phishing, unmanaged devices, exploited vulnerabilities, or a compromised supply chain, marks the beginning of a dangerous chain of events. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/master-xdr-investigations-a-deep-dive-into-the-gravityzone-xdr-demo-incident/
-
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
-
Dell 0-Day Vulnerability Targeted by Chinese Hackers Since Mid-2024 for Ongoing Malware Campaign
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been actively exploited by Chinese state-sponsored hackers since mid-2024. Mandiant and Google Threat Intelligence Group (GTIG) attribute this campaign to UNC6201, a threat cluster with significant overlaps to the group known as Silk Typhoon. The vulnerability, tracked as CVE-2026-22769, carries a maximum CVSS score of 10.0, allowing attackers to gain…
-
China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection
Full scale of infections remains ‘unknown’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/dell_0day_brickstorm_campaign/
-
Hackers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
Ghost NICs Secret Knocks: Dell Zero-Day (CVSS 10) Exploited by UNC6201
The post Ghost NICs Secret Knocks: Dell Zero-Day (CVSS 10) Exploited by UNC6201 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ghost-nics-secret-knocks-dell-zero-day-cvss-10-exploited-by-unc6201/
-
Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed
Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-brickstorm-grimbolt-dell-zero-day/
-
Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/flaws-in-popular-vscode-extensions-expose-developers-to-attacks/
-
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/
-
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-boosts-update-security-with-double-lock-mechanism/
-
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-boosts-update-security-with-double-lock-mechanism/
-
CredShields Contributes to OWASP’s 2026 Smart Contract Security Priorities
SINGAPORE, Singapore, February 17th, 2026, CyberNewswire The OWASP Smart Contract Security Project has released the OWASP Smart Contract Top 10 2026, a risk prioritization framework developed from structured analysis of real world exploit data observed across blockchain ecosystems in 2025. Crypto protocols continued to experience significant smart contract failures in 2025, with exploit patterns increasingly…
-
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Google has released an emergency update to patch an actively exploited zero-day”, the first Chrome zero-day of the year. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/
-
Side-Channel Attacks Against LLMs
Tags: access, attack, chatgpt, credit-card, data, defense, exploit, LLM, monitoring, network, open-source, openai, phone, side-channelHere are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference”: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case)…
-
Cybercriminals Exploit Atlassian Cloud to Launch Spam Campaigns Promoting Fraudulent Investments
Cybercriminals abused Atlassian Cloud’s trusted infrastructure to run a burst of highly automated spam campaigns that redirected victims to fraudulent investment schemes and online casinos, highlighting the growing risk of SaaS-powered email abuse. By riding on Atlassian Jira Cloud’s strong domain reputation and built-in email authentication, the attackers were able to bypass many traditional email…
-
QR Codes Exploited for Phishing Attacks and Malware Spread on Mobile Devices
QR code abuse has become a significant mobile threat vector, with attackers using it to deliver phishing pages, trigger in”‘app account takeovers, and distribute malicious applications outside official app stores. Because people routinely scan QR codes for payments, menus and app downloads, these attacks often bypass enterprise protections by shifting the interaction onto less”‘protected personal…
-
NDSS 2025 SiGuard: Guarding Secure Inference With Post Data Privacy
Session 12C: Membership Inference Authors, Creators & Presenters: Xinqian Wang (RMIT University), Xiaoning Liu (RMIT University), Shangqi Lai (CSIRO Data61), Xun Yi (RMIT University), Xingliang Yuan (University of Melbourne) PAPER SIGuard: Guarding Secure Inference with Post Data Privacy Secure inference is designed to enable encrypted machine learning model prediction over encrypted data. It will ease…
-
BeyondTrust RCE Exploited for Domain Control
CVE-2026-1731 is being exploited to gain full Windows domain control in self-hosted BeyondTrust deployments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/beyondtrust-rce-exploited-for-domain-control/
-
Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware
This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used…
-
Exploited React2Shell Flaw By LLM-generated Malware Foreshadows Shift in Threat Landscape
Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/exploited-react2shell-flaw-by-llm-generated-malware-foreshadows-shift-in-threat-landscape/
-
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-beyondtrust-flaw-within-three-days/
-
Cybersecurity Alert: Fake Shops Target Winter Olympics 2026 Fans for Attacks
The excitement surrounding the Milano-Cortina 2026 Winter Olympics has given cybercriminals a new opportunity to trick fans. The adorable stoat mascots, Tina and Milo, have become international sensations especially their official 27 cm plush version, which quickly sold out on the official Olympic web store. Unfortunately, this surge in demand has attracted scammers exploiting the…