Daily Cyber News

Citrix Urges Immediate Patching of Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix has released critical security updates to address serious vulnerabilities in its NetScaler ADC and NetScaler Gateway products, warning organizations about the potential risk of sensitive data exposure. The update includes fixes for two security flaws, one of which could allow attackers to access sensitive information without authentication, raising concerns across enterprise environments. Critical Vulnerability […]

Citrix Urges Immediate Patching of Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Read More »

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware

Cybersecurity experts have identified a sophisticated campaign by North Korean threat actors, tracked as WaterPlum, deploying a modular malware family known as StoatWaffle through malicious Microsoft Visual Studio Code (VS Code) projects. The campaign, dubbed Contagious Interview, targets developers and cryptocurrency professionals with social engineering tactics. Auto-Execution via VS Code Tasks The attackers leverage the tasks.json file

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware Read More »

Microsoft Warns IRS Phishing Campaign Hits 29,000 Users and Deploys RMM Malware

Microsoft has issued a warning about a surge in phishing attacks exploiting the U.S. tax season, with cybercriminals targeting tens of thousands of users to steal sensitive data and deploy remote access malware. According to recent threat intelligence findings, attackers are leveraging tax-related themes to trick victims into engaging with malicious emails. These messages often

Microsoft Warns IRS Phishing Campaign Hits 29,000 Users and Deploys RMM Malware Read More »

Trivy Hack Spreads Infostealer via Docker and Triggers Worm Alongside Kubernetes Wiper

A major cybersecurity incident involving the widely used Trivy vulnerability scanner has expanded significantly, with malicious components spreading across Docker environments and cloud-native infrastructures. Security researchers have confirmed that compromised versions of Trivy were distributed via Docker Hub, exposing developers and organizations to serious threats. This incident highlights the growing impact of software supply chain

Trivy Hack Spreads Infostealer via Docker and Triggers Worm Alongside Kubernetes Wiper Read More »

Hackers Exploit CVE-2025-32975 CVSS 10.0 to Take Over Unpatched Quest KACE SMA Systems

Cybersecurity researchers have identified active exploitation of a critical security flaw affecting Quest KACE Systems Management Appliance (SMA), raising serious concerns for organizations relying on the platform. According to recent findings from Arctic Wolf, suspicious activity linked to this vulnerability began emerging during the week of March 9, 2026. The attacks specifically target SMA systems

Hackers Exploit CVE-2025-32975 CVSS 10.0 to Take Over Unpatched Quest KACE SMA Systems Read More »

FBI Warns of Russian Hackers Targeting Signal and WhatsApp in Large Scale Phishing Attacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about ongoing phishing attacks carried out by Russian-aligned threat actors. These campaigns are targeting widely used messaging platforms such as WhatsApp and Signal to compromise high-value individuals. Who Is Being Targeted The attacks primarily focus on individuals

FBI Warns of Russian Hackers Targeting Signal and WhatsApp in Large Scale Phishing Attacks Read More »

Oracle Fixes Critical CVE-2026-21992 Allowing Unauthenticated Remote Code Execution in Identity Manager

Oracle Corporation has released urgent security updates to address a severe vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw, tracked as CVE-2026-21992, allows unauthenticated attackers to execute arbitrary code remotely, making it a high-risk security issue. Severity and Impact This vulnerability has been assigned a CVSS score of 9.8 out of

Oracle Fixes Critical CVE-2026-21992 Allowing Unauthenticated Remote Code Execution in Identity Manager Read More »

CISA Known Exploited Vulnerabilities Catalog logo

CISA Adds Apple, Craft CMS, and Laravel Vulnerabilities to KEV and Urges Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The agency has directed federal organizations to apply security patches by April 3, 2026, to reduce the risk of ongoing attacks. Affected Vulnerabilities Across Apple and Web Platforms The newly listed vulnerabilities affect systems

CISA Adds Apple, Craft CMS, and Laravel Vulnerabilities to KEV and Urges Patching by April 3, 2026 Read More »

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages

A large-scale supply chain attack targeting the widely used Trivy security scanner has escalated into a self-propagating malware campaign, infecting at least 47 npm packages with a newly identified worm known as CanisterWorm. Security researchers report that the attackers are likely continuing their operations beyond the initial compromise, expanding the infection across multiple software ecosystems

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages Read More »

Magento PolyShell Vulnerability Allows Unauthenticated File Uploads, RCE, and Account Takeover

A serious security flaw has been identified in Magento that allows unauthenticated attackers to upload malicious files, execute remote code, and potentially take over user accounts. This issue, referred to as PolyShell, has been analyzed by the security firm Sansec. The vulnerability affects all versions of Magento Open Source and Adobe Commerce up to 2.4.9-alpha2.

Magento PolyShell Vulnerability Allows Unauthenticated File Uploads, RCE, and Account Takeover Read More »