cyber·news

CRITICAL

CVE-2025-41275 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41275 7d ago

CRITICAL

CVE-2025-41274 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41274 7d ago

CRITICAL

CVE-2025-41273 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel ...

NVD CVE-2025-41273 7d ago

CRITICAL

CVE-2025-41272 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41272 7d ago

HIGH

CVE-2025-41271 (CVSS 7.5) — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall ...

NVD CVE-2025-41271 7d ago

CRITICAL

CVE-2025-41270 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41270 7d ago

CRITICAL

CVE-2025-41269 (CVSS 9.8) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41269 7d ago

CRITICAL

CVE-2025-41268 (CVSS 9.1) — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Wat...

NVD CVE-2025-41268 7d ago

HIGH

CVE-2025-41267 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41267 7d ago

HIGH

CVE-2025-41266 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41266 7d ago

HIGH

CVE-2025-41265 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...

NVD CVE-2025-41265 7d ago

INFO

'The Com' Cyberattacks Support Violence & Sexploitation

rss:darkreading breachesmalwarethreat-actors 7d ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories actively-exploitedadvisories 7d ago

INFO

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

The Hacker News supply-chainbreachesmalware 7d ago

HIGH

CVE-2026-46579 (CVSS 7.4) — A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Al...

NVD CVE-2026-46579 7d ago

HIGH

CVE-2026-42965 (CVSS 7.7) — A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vu...

NVD CVE-2026-42965 7d ago

HIGH

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

The Hacker News supply-chainbreachesmalware +19 19d ago

INFO

'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

rss:darkreading 25d ago

INFO

It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight

rss:darkreading 24d ago

INFO

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

The Hacker News 23d ago

INFO

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

The Hacker News 23d ago

INFO

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

The Hacker News 21d ago

INFO

Can Laws Stop Deepfakes? South Korea Aims to Find Out

rss:darkreading 19d ago

INFO

Processes and Culture Top Reasons Behind Data Breaches

rss:darkreading 16d ago

INFO

When Identity is the Attack Path

The Hacker News 15d ago

INFO

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The Hacker News 15d ago

INFO

Meta settles school district lawsuit claiming addictive design harmed students' mental health

The Record 14d ago

INFO

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News 13d ago

INFO

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

The Hacker News 11d ago

INFO

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Hacker News 11d ago

INFO

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries

SecurityWeek 9d ago

INFO

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek 7d ago

INFO

California AG sues 23andMe over 2023 breach exposing health data

BleepingComputer 7d ago

INFO

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

SecurityWeek 2d ago

INFO

Chrome 149 Patches 429 Vulnerabilities

SecurityWeek 22h ago

INFO

EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers

The Record 20h ago

INFO

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

The Hacker News supply-chainbreachesmalware 7d ago

INFO

Chrome 148 Update Patches 151 Vulnerabilities

SecurityWeek breachesransomwaresupply-chain 7d ago

HIGH

CVE-2026-6075 (CVSS 8.1) — The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers...

NVD CVE-2026-6075 8d ago

CRITICAL

CVE-2026-49199 (CVSS 9.8) — Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the t...

NVD CVE-2026-49199 8d ago

HIGH

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

The Hacker News supply-chainbreachesmalware +16 17d ago

INFO

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)

rss:unit42 35d ago

INFO

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

rss:darkreading 24d ago

HIGH

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

The Hacker News 22d ago

HIGH

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

The Hacker News 19d ago

HIGH

Developer Workstations Are Now Part of the Software Supply Chain

The Hacker News 18d ago

HIGH

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

The Hacker News 18d ago

HIGH

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

The Hacker News 18d ago

INFO

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

SecurityWeek 16d ago

INFO

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

The Hacker News 12d ago

INFO

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

The Hacker News 8d ago

INFO

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

The Hacker News 4d ago

INFO

Red Hat npm packages compromised to steal developer credentials

BleepingComputer 4d ago

INFO

Supply Chain Attack Hits 32 Red Hat NPM Packages

SecurityWeek 4d ago

INFO

New IronWorm malware hits 36 packages in npm supply-chain attack

BleepingComputer 1d ago

INFO

Rust-Written IronWorm Hits NPM Supply Chain

rss:darkreading 1d ago

INFO

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

The Hacker News 15h ago

CRITICAL

CVE-2026-3655 (CVSS 9.8) — The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authenticati...

NVD CVE-2026-3655 8d ago

HIGH

CVE-2025-11262 (CVSS 7.2) — The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user...

NVD CVE-2025-11262 8d ago

CRITICAL

CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...

NVD CVE-2026-8732 +1 8d ago

INFO

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

SecurityWeek 4d ago

HIGH

CVE-2025-11993 (CVSS 8.8) — The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object...

NVD CVE-2025-11993 8d ago

INFO

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The Hacker News supply-chainbreachesmalware 8d ago

CRITICAL

CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (Palo Alto Networks PAN-OS)

CISA KEV CVE-2026-0257actively-exploited +5 8d ago

CRITICAL

CVE-2026-0257 (CVSS 9.1) — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks ...

NVD 23d ago

INFO

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

The Hacker News 7d ago

INFO

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

BleepingComputer 6d ago

INFO

Recent Palo Alto Networks Vulnerability Exploited for Weeks

SecurityWeek 5d ago

INFO

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

rss:unit42 19h ago

HIGH

CVE-2026-9946 (CVSS 8.3) — Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c...

NVD CVE-2026-9946 8d ago

HIGH

CVE-2026-9940 (CVSS 8.8) — Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to ...

NVD CVE-2026-9940 8d ago

HIGH

CVE-2026-9887 (CVSS 8.8) — Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut...

NVD CVE-2026-9887 8d ago

HIGH

CVE-2026-9877 (CVSS 8.3) — Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c...

NVD CVE-2026-9877 8d ago

CRITICAL

CVE-2026-9874 (CVSS 9.6) — Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potenti...

NVD CVE-2026-9874 8d ago

CRITICAL

CVE-2026-8809 (CVSS 9.8) — The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via ...

NVD CVE-2026-8809 8d ago

HIGH

CVE-2026-10019 (CVSS 8.8) — Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak...

NVD CVE-2026-10019 8d ago

HIGH

CVE-2026-10012 (CVSS 8.3) — Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had co...

NVD CVE-2026-10012 8d ago

HIGH

CVE-2026-10002 (CVSS 8.8) — Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to poten...

NVD CVE-2026-10002 8d ago

INFO

As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

rss:darkreading breachesmalwarethreat-actors 8d ago

HIGH

CVE-2026-48116 (CVSS 7.5) — AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe...

NVD CVE-2026-48116 8d ago

HIGH

CVE-2026-44883 (CVSS 7.5) — Portainer Community Edition is a lightweight service delivery platform for containerized application...

NVD CVE-2026-44883 8d ago

CRITICAL

CVE-2026-44881 (CVSS 9.9) — Portainer Community Edition is a lightweight service delivery platform for containerized application...

NVD CVE-2026-44881 8d ago

HIGH

CVE-2026-44849 (CVSS 8.8) — Portainer Community Edition is a lightweight service delivery platform for containerized application...

NVD CVE-2026-44849 8d ago

HIGH

CVE-2026-44848 (CVSS 8.8) — Portainer Community Edition is a lightweight service delivery platform for containerized application...

NVD CVE-2026-44848 8d ago

HIGH

CVE-2026-39929 (CVSS 7.5) — Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-...

NVD CVE-2026-39929 8d ago

HIGH

CVE-2026-10044 (CVSS 7.5) — Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GE...

NVD CVE-2026-10044 8d ago

MEDIUM

CVE-2026-49093 (CVSS 6.3) — Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector manag...

NVD CVE-2026-49093 8d ago

CRITICAL

CVE-2026-46840 (CVSS 10) — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions th...

NVD CVE-2026-46840 8d ago

CRITICAL

CVE-2026-46839 (CVSS 9.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...

NVD CVE-2026-46839 8d ago

HIGH

CVE-2026-46837 (CVSS 8.8) — Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Securi...

NVD CVE-2026-46837 8d ago

HIGH

CVE-2026-46835 (CVSS 7.5) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...

NVD CVE-2026-46835 8d ago

Prev Page 10 / 39 Next

HIGH The Hacker News Mon, 18 May 2026 08:57:34 UTC

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html

TL;DR AI

Here is a 3-sentence summary for a technical security audience: Chaotic Eclipse has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, MiniPlasma, which grants attackers SYSTEM privileges on fully patched Windows systems, including Windows 11. The vulnerability, codenamed "cldflt.sys," impacts the Windows Cloud Files Mini Filter Driver and is still present despite Microsoft's initial patch in December 2020. The vulnerability was discovered by Chaotic Eclipse researcher James Forshaw, who found it in Google Project Zero's September 2020 report, and was initially thought to be fixed, but further investigation has confirmed that it remains unpatched.

supply-chainbreachesmalwarezero-day

Read full story ↗