Daily Cyber News

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Vulnerabilities

Zoom and GitLab have released urgent security updates addressing multiple high-severity vulnerabilities that could allow remote code execution (RCE), denial-of-service (DoS) attacks, and two-factor authentication (2FA) bypass. Zoom MMR Remote Code Execution The most critical flaw affects Zoom Node Multimedia Routers (MMRs) and carries a CVSS score of 9.9/10. Tracked as CVE-2026-22844, the vulnerability was discovered internally by Zoom’s Offensive Security team. According […]

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Vulnerabilities Read More »

Tesla Hacked 37 Zero-Day Vulnerabilities Demonstrated at Pwn2Own Automotive 2026

Security researchers made headlines at Pwn2Own Automotive 2026 by successfully hacking the Tesla Infotainment System and earning $516,500 on the first day of the competition. The event, held during the Automotive World 2026 conference in Tokyo, Japan, saw multiple teams demonstrating high-impact zero-day exploits against modern automotive systems. The Synacktiv Team claimed $35,000 by chaining an information leak with an out-of-bounds write

Tesla Hacked 37 Zero-Day Vulnerabilities Demonstrated at Pwn2Own Automotive 2026 Read More »

VoidLink Linux Malware Framework Created with AI Assistance Hits 88,000 Lines of Code

Cybersecurity researchers have uncovered new details about a highly advanced Linux malware framework known as VoidLink, revealing that the project was likely developed by a single threat actor using artificial intelligence assistance. The findings suggest a major shift in how sophisticated malware can now be created with limited human resources. According to a detailed analysis released

VoidLink Linux Malware Framework Created with AI Assistance Hits 88,000 Lines of Code Read More »

Chainlit AI Framework Vulnerabilities Enable Data Theft via File Read and SSRF Bugs

Security researchers have disclosed high-severity vulnerabilities in the popular open-source AI framework Chainlit that could allow attackers to steal sensitive data and potentially move laterally inside affected environments. The issues were identified by Zafran Security and collectively named ChainLeak. According to the researchers, the flaws can be abused to leak cloud API keys, access sensitive server files, and perform server-side

Chainlit AI Framework Vulnerabilities Enable Data Theft via File Read and SSRF Bugs Read More »

CERT/CC Warns Binary Parser Bug Enables Privilege Level Code Execution in Node.js

The CERT Coordination Center (CERT/CC) has issued a warning about a security vulnerability in the widely used binary-parser npm library that could allow attackers to execute arbitrary JavaScript code under certain conditions. The flaw is tracked as CVE-2026-1245 and affects all versions of binary-parser released before 2.3.0. The issue was fixed on November 26, 2025, and users are strongly advised

CERT/CC Warns Binary Parser Bug Enables Privilege Level Code Execution in Node.js Read More »

North Korea Linked Hackers Target Developers Through Malicious VS Code Projects

Threat actors linked to North Korea’s long-running Contagious Interview campaign have been observed abusing Microsoft Visual Studio Code (VS Code) projects to compromise developer systems and deploy stealthy backdoors. According to Jamf Threat Labs, this activity reflects a continued evolution of a technique first identified in December 2025. The campaign relies on social engineering and developer workflows,

North Korea Linked Hackers Target Developers Through Malicious VS Code Projects Read More »

Three Vulnerabilities in Anthropic MCP Git Server Allow File Access and Code Execution

Cybersecurity researchers have disclosed three security flaws in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could allow attackers to read or delete arbitrary files and, under certain conditions, achieve code execution. According to Cyata researcher Yarden Porat, the vulnerabilities can be exploited through prompt injection. This means an attacker does not

Three Vulnerabilities in Anthropic MCP Git Server Allow File Access and Code Execution Read More »

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections

Security researchers have disclosed a critical zero-day flaw in Cloudflare’s Web Application Firewall that allowed attackers to bypass security rules and directly access origin servers that were supposed to be fully protected. The issue was identified by researchers from FearsOff, who discovered that HTTP requests sent to the /.well-known/acme-challenge/ path could reach backend servers even when customers

Cloudflare Zero-Day Vulnerability Allows Any Host Access by Bypassing Security Protections Read More »

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading

Cybersecurity researchers have identified a new phishing operation that weaponizes LinkedIn private messages to deliver malware, highlighting how social media platforms are increasingly being used as initial access vectors in cyberattacks. According to findings shared by ReliaQuest, the campaign relies on direct messages sent to targeted individuals, where attackers gradually build trust before convincing victims

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading Read More »

Google Gemini Prompt Injection Flaw Exposes Private Calendar Data Through Malicious Invites

Cybersecurity researchers have uncovered a security vulnerability that abused indirect prompt injection techniques against Google Gemini, allowing attackers to bypass authorization safeguards and misuse Google Calendar as a covert data exfiltration channel. According to Miggo Security’s Head of Research, Liad Eliyahu, the flaw enabled attackers to evade Google Calendar privacy controls by embedding a hidden

Google Gemini Prompt Injection Flaw Exposes Private Calendar Data Through Malicious Invites Read More »