Articles

GIMP HDR File Parsing Vulnerability Enables Remote Code Execution

A heap-based buffer overflow vulnerability (CVE-2026-2050) in the GNU Image Manipulation Program (GIMP) allows remote attackers to execute arbitrary code when a user opens a malicious HDR image file.

CVE-2026-2050

GStreamer qtdemux Flaw Enables Remote Code Execution

GStreamer qtdemux Flaw Enables Remote Code Execution

A stack-based buffer overflow vulnerability (CVE-2026-5056) in the GStreamer multimedia framework's qtdemux component allows remote attackers to execute arbitrary code, posing a risk to numerous media-processing applications.

CVE-2026-5056

3 min read

HP DeskJet 2855e Printer Vulnerable to Remote Code Execution

HP DeskJet 2855e Printer Vulnerable to Remote Code Execution

A stack-based buffer overflow vulnerability (CVE-2026-4682) in the HP DeskJet 2855e printer allows network-adjacent attackers to execute arbitrary code without authentication, earning a CVSS score of 8.8.

CVE-2026-4682

3 min read

Linux Kernel ETS Scheduler Race Condition Enables Local Privilege Escalation

Linux Kernel ETS Scheduler Race Condition Enables Local Privilege Escalation

A race condition vulnerability (CVE-2025-71066) in the Linux kernel's ETS scheduler can allow local attackers to escalate privileges to root, earning a CVSS score of 7.5 from the Zero Day Initiative.

Lumma Stealer Campaign Deploys Sectop RAT via Malicious PDFs

A new campaign delivers the Lumma information stealer, which subsequently installs the Sectop RAT (ArechClient2) to establish persistent remote access on compromised Windows systems, using malicious PDF files as the initial infection vector.

Microsoft Patches Windows win32kfull Local Privilege Escalation Vulnerability

Microsoft Patches Windows win32kfull Local Privilege Escalation Vulnerability

Microsoft has patched a local privilege escalation vulnerability (CVE-2026-33104) in the Windows win32kfull driver, which could allow authenticated attackers to gain SYSTEM privileges. The flaw was disclosed by the Zero Day Initiative.

CVE-2026-33104

Microsoft vcpkg OpenSSL Vulnerability Enables Local Privilege Escalation

Microsoft vcpkg OpenSSL Vulnerability Enables Local Privilege Escalation

A vulnerability (CVE-2026-34054) in the Microsoft vcpkg port of OpenSSL allows local attackers to escalate privileges on affected systems, earning a CVSS score of 7.8.

CVE-2026-34054

Microsoft Windows Secure Kernel Double Free Vulnerability Enables Local

Microsoft Windows Secure Kernel Double Free Vulnerability Enables Local

A double-free vulnerability (CVE-2026-26179) in the Microsoft Windows Secure Kernel allows local attackers to escalate privileges, potentially to SYSTEM. The flaw, rated 7.5 CVSS, requires an attacker to first execute high-privileged code.

CVE-2026-26179

Microsoft Windows Snipping Tool Vulnerability Enables Remote Code Execution

Microsoft Windows Snipping Tool Vulnerability Enables Remote Code Execution

A vulnerability (CVE-2026-32183) in the Microsoft Windows Snipping Tool allows remote attackers to execute arbitrary code via a malicious file or webpage, requiring only user interaction to trigger the exploit.

Mirai Variant Nexcorium Exploits DVR Flaw to Build DDoS Botnet

A new Mirai botnet variant, 'Nexcorium,' is exploiting a command injection flaw (CVE-2024-3721) in TBK DVRs and end-of-life TP-Link routers to conscript devices into a distributed denial-of-service (DDoS) swarm.

CVE-2024-3721

Tools & TechniquesApr 18, 2026

NAKIVO Backup & Replication v11.2 Adds Ransomware Defense and Proxmox Support

INFORMATIONAL

NAKIVO Backup & Replication v11.2 Adds Ransomware Defense and Proxmox Support

NAKIVO Inc. has released version 11.2 of its Backup & Replication platform, introducing a ransomware defense module, support for Proxmox VE 9.0, and performance enhancements for VMware vSphere 9 environments.

3 min read

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Attacks

MalwareApr 18, 2026

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Attacks

Threat actors are abusing the Obsidian note-taking app to deliver the novel PHANTOMPULSE RAT via malicious plugins, targeting individuals in finance and cryptocurrency sectors in a campaign tracked as REF6598.