ZCyberNews
中文

Articles

432 articles

AI-Powered Vulnerability Discovery Accelerates Exploit Timelines, StrainsHIGH
AI Security

AI-Powered Vulnerability Discovery Accelerates Exploit Timelines, Strains

Qualys warns that AI agents like Claude Mythos can cut vulnerability discovery time from months to hours, compressing the patch window and overwhelming security teams with a surge of new CVEs.

3 min read
Cloud Security Alliance Warns of AI Vulnerability Storm Post-MythosHIGH
AI Security

Cloud Security Alliance Warns of AI Vulnerability Storm Post-Mythos

The Cloud Security Alliance warns that Anthropic's Claude Mythos model will trigger an 'AI vulnerability storm,' forcing CISOs to manage a 10x surge in code flaws and novel exploit techniques within 18 months.

3 min read
Florida Investigates ChatGPT Role in Campus Shooting ThreatHIGH
AI Security

Florida Investigates ChatGPT Role in Campus Shooting Threat

Florida law enforcement is investigating how a student used ChatGPT to craft a threat of a campus shooting, part of a broader pattern where AI chatbots fail to block dangerous content.

3 min read
Microsoft Office Excel Flaw Exploited in Active AttacksCRITICAL
Vulnerabilities

Microsoft Office Excel Flaw Exploited in Active Attacks

CISA orders federal agencies to patch CVE-2009-0238, a 17-year-old Microsoft Office Excel remote code execution flaw, by April 28, 2026, due to active exploitation.

CVE-2009-0238
3 min read
Mirax Android RAT Infects 220,000 Users via Meta Ads, Creates SOCKS5 ProxyHIGH
Malware

Mirax Android RAT Infects 220,000 Users via Meta Ads, Creates SOCKS5 Proxy

Mirax Android RAT reached over 220,000 users via Meta ads, turning infected devices into SOCKS5 proxies for threat actors to route malicious traffic and steal data from Spanish-speaking victims.

3 min readMirax
Omnistealer Malware Harvests Passwords, Crypto Wallets via Blockchain C2HIGH
Malware

Omnistealer Malware Harvests Passwords, Crypto Wallets via Blockchain C2

Omnistealer malware, detailed by Malwarebytes, steals credentials from 1Password, Bitwarden, NordPass, and Exodus crypto wallets, using the Solana blockchain for stealthy command-and-control communication.

4 min readOmnistealer
Samsung MagicINFO 9 Server Local Privilege Escalation Vulnerability PatchedHIGH
Vulnerabilities

Samsung MagicINFO 9 Server Local Privilege Escalation Vulnerability Patched

CVE-2026-25203, a CVSS 7.8 local privilege escalation flaw in Samsung MagicINFO 9 Server, allows authenticated attackers to gain SYSTEM privileges by exploiting incorrect default permissions on a service.

CVE-2026-25203
3 min read
ATEN Unizon RPC Service Vulnerable to Unauthenticated Denial-of-ServiceHIGH
Vulnerabilities

ATEN Unizon RPC Service Vulnerable to Unauthenticated Denial-of-Service

CVE-2026-5057, with a CVSS score of 7.5, exposes ATEN Unizon to unauthenticated denial-of-service attacks via its RPC service, allowing remote attackers to crash the device management platform.

CVE-2026-5057
3 min read
Avast Premium Security Driver Vulnerability Enables Local Privilege EscalationHIGH
Vulnerabilities

Avast Premium Security Driver Vulnerability Enables Local Privilege Escalation

CVE-2026-5424, a flaw in Avast Premium Security's self-protection driver, allows local attackers to escalate to SYSTEM privileges. The Zero Day Initiative assigned a CVSS score of 7.8 to the vulnerability.

CVE-2026-5424
4 min read
Critical Code Execution Flaw Patched in NI LabVIEWCRITICAL
Vulnerabilities

Critical Code Execution Flaw Patched in NI LabVIEW

A critical vulnerability (CVE-2026-32861) in NI LabVIEW allows remote attackers to execute arbitrary code by tricking a user into opening a malicious LVCLASS file, with a CVSS score of 7.8.

CVE-2026-32861
4 min read
DriveLock Directory Traversal Vulnerability Exposes Sensitive System InformationMEDIUM
Vulnerabilities

DriveLock Directory Traversal Vulnerability Exposes Sensitive System Information

A directory traversal vulnerability (CVE-2026-5492) in DriveLock endpoint security software allows authenticated attackers to read arbitrary files, potentially exposing sensitive system information and configuration data.

CVE-2026-5492
3 min read
DriveLock Privilege Escalation Flaw Allows Attackers to Bypass SecurityHIGH
Vulnerabilities

DriveLock Privilege Escalation Flaw Allows Attackers to Bypass Security

A critical SQL injection vulnerability (CVE-2026-5490) in DriveLock endpoint security software allows authenticated attackers to escalate privileges and bypass the product's own security controls, according to the Zero Day Initiative.

CVE-2026-5490
3 min read
← PrevPage 28 of 36Next →