ZCyberNews
中文

Articles

432 articles

PoC Exploit Released for Critical FortiSandbox Command Injection FlawCRITICAL
Vulnerabilities

PoC Exploit Released for Critical FortiSandbox Command Injection Flaw

A proof-of-concept exploit for CVE-2026-39808, a critical command injection vulnerability in Fortinet FortiSandbox, has been released. The flaw allows unauthenticated attackers to execute arbitrary OS commands as root.

CVE-2026-39808
4 min read
QNAP TS-453E QVRPro Exposed Method Enables Remote Code ExecutionCRITICAL
Vulnerabilities

QNAP TS-453E QVRPro Exposed Method Enables Remote Code Execution

A critical vulnerability (CVE-2026-22898) in QNAP TS-453E QVRPro allows network-adjacent attackers to execute arbitrary code without authentication, receiving a CVSS score of 8.8 from the Zero Day Initiative.

CVE-2026-22898
3 min read
Trend Micro Apex One Console Vulnerable to Unauthenticated RCECRITICAL
Vulnerabilities

Trend Micro Apex One Console Vulnerable to Unauthenticated RCE

CVE-2025-54987, a critical 9.8 CVSS flaw in Trend Micro Apex One, allows unauthenticated attackers to execute arbitrary code via directory traversal in the management console.

CVE-2025-54987
4 min read
Anthropic Restricts Access to AI Model Capable of Automated VulnerabilityHIGH
AI Security

Anthropic Restricts Access to AI Model Capable of Automated Vulnerability

Anthropic has restricted its Claude Mythos Preview AI to ~50 critical infrastructure vendors, citing its advanced ability to autonomously find and exploit software vulnerabilities, raising concerns about dual-use risks and offensive cyber capabilities.

4 min read
Apache ActiveMQ Vulnerability Exploited, Added to CISA KEV CatalogHIGH
Vulnerabilities

Apache ActiveMQ Vulnerability Exploited, Added to CISA KEV Catalog

A high-severity flaw in Apache ActiveMQ Classic, CVE-2026-34197 (CVSS 8.8), is under active exploitation, prompting CISA to add it to its Known Exploited Vulnerabilities catalog and mandate patching for federal agencies.

CVE-2026-34197
3 min read
Axonius Expands Asset Cloud with AI Remediation and OT SecurityINFORMATIONAL
Industry News

Axonius Expands Asset Cloud with AI Remediation and OT Security

Axonius has updated its Asset Cloud platform with AI-powered remediation for exposures, added IoT/OT asset management, and introduced an asset trust standard to quantify security posture.

3 min read
Fake Proton VPN Sites and Gaming Mods Spread NWHStealer MalwareHIGH
Malware

Fake Proton VPN Sites and Gaming Mods Spread NWHStealer Malware

A new Windows information stealer dubbed NWHStealer is being distributed via fake Proton VPN websites, gaming modifications, and hardware utility downloads, targeting credentials and cryptocurrency wallets.

4 min read
GitLab 18.11 Expands Agentic AI to Security Remediation and CI PipelinesINFORMATIONAL
Tools & Techniques

GitLab 18.11 Expands Agentic AI to Security Remediation and CI Pipelines

GitLab 18.11 integrates agentic AI across the software lifecycle, automating security fix generation and CI/CD pipeline configuration, aiming to address the 'AI paradox' of rapid code creation outpacing security and delivery.

3 min read
Google Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025INFORMATIONAL
Industry News

Google Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025

Google announced new Android 17 privacy policies restricting contact and location data access, while its 2025 ad safety report details the blocking of 8.3 billion policy-violating ads and 24.9 million advertiser account suspensions.

4 min read
NIST Limits CVE Enrichment Amid Overwhelming Surge in SubmissionsINFORMATIONAL
Industry News

NIST Limits CVE Enrichment Amid Overwhelming Surge in Submissions

NIST will no longer fully analyze all CVEs submitted to the National Vulnerability Database, citing a 263% increase in submissions that has overwhelmed its enrichment process, leaving security teams with less context.

3 min read
Payouts King Ransomware Deploys QEMU VMs as Stealthy Reverse SSH BackdoorsHIGH
Malware

Payouts King Ransomware Deploys QEMU VMs as Stealthy Reverse SSH Backdoors

The Payouts King ransomware group is deploying the open-source QEMU emulator to create hidden virtual machines on compromised hosts, establishing a persistent reverse SSH backdoor that evades conventional endpoint detection.

4 min readPayouts King
Social Media Age Bans May Increase Cybersecurity Risks for ChildrenMEDIUM
Industry News

Social Media Age Bans May Increase Cybersecurity Risks for Children

Proposed bans on social media for children under 16 may inadvertently push them toward riskier, less-regulated platforms and necessitate invasive age-verification systems that create new data privacy and security threats.

4 min read
← PrevPage 30 of 36Next →