Researchers at Flare.io have disclosed details of a new Linux backdoor called PamDOORa, which is reportedly being sold on the Russian-language cybercrime forum Rehub by an actor using the alias darkworm. The tool is a post-exploitation toolkit based on Pluggable Authentication Modules (PAM), providing stealthy persistent access to compromised servers via OpenSSH. The backdoor targets … Read more
Apache Software Foundation has released a security update for Apache HTTP Server that fixes a critical vulnerability CVE-2026-23918 (CVSS 8.8) — a double-free bug in the mod_http2 module that allows an attacker to cause a denial of service and, under certain conditions, achieve remote code execution. Version 2.4.66 is affected; the fix is available in … Read more
Researchers from Hunt.io have discovered a new botnet based on Mirai, identifying itself as xlabs_v1, which exploits devices with an open Android Debug Bridge (ADB) service on TCP port 5555. At risk are Android TV boxes, Smart TVs, media players, and IoT equipment shipped with ADB enabled by default. According to the researchers, the botnet … Read more
cPanel has released security updates for cPanel and Web Host Manager (WHM), addressing three vulnerabilities: arbitrary file read, arbitrary Perl code execution, and unsafe handling of symbolic links. Two of the three issues have a CVSS score of 8.8, which corresponds to a high severity level. The vulnerabilities affect a wide range of supported product … Read more
28 fraudulent applications under the collective codename CallPhantom managed to gain more than 7.3 million installs in Google Play, promising access to call and message histories for “any number” but in reality subscribing users to paid services using fake data. In parallel, in Indonesia the GoldFactory group used fake tax and banking services, malicious APKs, … Read more
Ollama, one of the most popular platforms for running LLM models locally, has faced two classes of critical issues at once: an unauthenticated process memory leak (CVE-2026-7482, Bleeding Llama, CVSS 9.1) and a related chain of vulnerabilities in the Windows client update mechanism (CVE-2026-42248, CVE-2026-42249, CVSS 7.7) that enable persistent code execution on logon. This … Read more
Palo Alto Networks PAN-OS contains a critical vulnerability CVE-2026-0300 in the User-ID Authentication Portal service that is already being exploited in real-world attacks: an unauthenticated remote attacker can execute arbitrary code with root privileges on PA-Series and VM-Series firewalls, which is especially dangerous if the portal is accessible from the internet; there is no patch … Read more
The critical remote code execution vulnerability CVE-2026-29014 (CVSS 9.8) in MetInfo CMS versions 7.9, 8.0, and 8.1 is already being actively exploited: unauthenticated attackers can execute arbitrary PHP code via the WeChat functionality and gain full control over the server, so MetInfo owners must immediately install the April 7, 2026 patches and check their systems … Read more
MuddyWater, an Iran-linked state-sponsored group, has begun conducting targeted espionage and sabotage operations under the banner of the Chaos ransomware gang, using Microsoft Teams for highly interactive social engineering, credential theft, and multi-factor authentication bypass, while avoiding encryption and focusing on stealthy persistence and data exfiltration. This directly impacts organizations in the US and the … Read more
PCPJack is a new credential theft framework targeting exposed cloud services (Docker, Kubernetes, Redis, MongoDB, RayML, vulnerable web applications). It not only massively steals access to cloud, container, development, office, and financial services, but also deliberately deletes artifacts related to the TeamPCP group, effectively “evicting” competitors from compromised environments. Owners of cloud infrastructure need to … Read more
