top of page

ALL POSTS

Apache HTTP/2 Critical Double-Free Vulnerability (CVE-2026-23918) Enables RCE and DoS Attacks

Key Findings Apache HTTP Server 2.4.66 contains CVE-2026-23918, a critical double-free vulnerability in HTTP/2 handling with a CVSS score of 8.8 The flaw enables both denial-of-service attacks and remote code execution under certain conditions Affected versions are patched in Apache 2.4.67 Exploitation requires minimal effort for DoS but RCE demands specific server configurations with APR mmap allocator MPM prefork mode is not affected, but HTTP/2's widespread deployment sign

Palo Alto Networks PAN-OS Zero-Day Under Active Exploitation for Remote Code Execution

Key Findings Critical buffer overflow vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS is actively exploited in the wild CVSS score of 9.3 allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls Exploitation primarily targets User-ID Authentication Portals exposed to the internet or untrusted networks Patches begin rolling out May 13, 2026, with staggered availability across multiple PAN-OS versions Risk significantly r

China-Linked UAT-8302 Expands Arsenal: Shared APT Malware Targeting Multiple Government Sectors

Key Findings China-nexus APT group UAT-8302 has targeted government entities in South America since late 2024 and southeastern Europe in 2025 The group deploys shared malware families previously used by other China-aligned threat actors, indicating close operational relationships between multiple APT clusters NetDraft (NosyDoor), a .NET-based backdoor, connects UAT-8302 to at least five other known threat clusters including Jewelbug, Earth Estries, and LongNosedGoblin Post-co

Microsoft Exposes Large-Scale Phishing Campaign Targeting 35,000 Users in 26 Countries

Key Findings Large-scale credential theft campaign targeted over 35,000 users across 26 countries between April 14-16, 2026 92% of targets were located in the U.S. across 13,000 organizations Healthcare and life sciences (19%), financial services (18%), professional services (11%), and technology sectors (11%) were primary targets Attackers used legitimate email delivery services to distribute phishing messages disguised as internal code of conduct reviews Campaign employed..

2026: The Emergence of AI-Assisted Cyber Threats

Key Findings AI-assisted coding tools crossed a critical threshold in 2025, enabling nontechnical individuals to conduct sophisticated cyberattacks previously requiring specialized expertise Malicious packages in public repositories increased 75%, cloud intrusions rose 35%, and time-to-exploit dropped from 700+ days to 44 days Multiple teenagers and lone actors successfully executed attacks using ChatGPT and Claude that would have required organized teams in the pre-AI era Ex

Critical cPanel Vulnerability Actively Exploited Against Government and MSP Infrastructure

Key Findings Unknown threat actor exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, targeting government and military entities in Southeast Asia Attack infrastructure originating from IP address 95.111.250[.]175, primarily focusing on Philippines and Laos government and military domains Concurrent targeting of MSPs and hosting providers across Philippines, Laos, Canada, South Africa, and the United States using publicly available pro

AI Accelerates Flaw Discovery, Demanding Rapid Updates, UK NCSC Warns

Key Findings UK National Cyber Security Centre warns AI is accelerating vulnerability discovery, forcing organizations into urgent patching cycles Skilled attackers using AI can exploit technical debt across software ecosystems faster than ever before Organizations must prepare for a "patch wave" - a surge of critical updates arriving in compressed timeframes Patching alone is insufficient; legacy systems without vendor support require replacement or restoration Internet-faci

Google Reshapes Bug Bounty Payouts: Android Rewards Surge While Chrome Bounties Decline in AI Era

Key Findings Google increased Android bug bounty rewards up to $1.5 million for zero-click Pixel exploits, while Chrome payouts dropped significantly across most categories The overhaul prioritizes high-impact vulnerabilities and those resistant to AI detection, shifting focus from quantity to quality Chrome base rewards for memory safety issues fell to $500 with multipliers, down from previous levels, with some rewards now 10 times smaller Google phased out bonuses for arbit

CISA Adds Actively Exploited Linux Root Access Vulnerability to Known Exploited Vulnerabilities Catalog

Key Findings CISA added CVE-2026-31431 to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild The Linux kernel flaw allows unprivileged local users to gain root-level access through a 732-byte Python exploit Nine-year-old vulnerability resulted from three separate kernel changes made in 2011, 2015, and 2017 that individually seemed harmless Patches available in Linux kernel versions 6.18.22, 6.19.12, and 7.0 Federal agencies must apply fixe

US Cybersecurity Experts Face Prison Time in Major Ransomware Conspiracy Case

Key Findings Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, sentenced to four years in prison for supporting BlackCat ransomware attacks Both pleaded guilty to conspiracy and extortion charges related to attacks between April and December 2023 Third accomplice Angelo Martino pleaded guilty and awaits sentencing scheduled for July 9 The trio deployed ALPHV BlackCat ransomware against multiple US victims and extorted approximately $1.2 million in Bitcoin De

New Deep#Door RAT: Stealthy Windows Malware With Advanced Persistence Capabilities

Key Findings Python-based remote access trojan embeds payload directly inside batch file dropper with no external downloads Malware disables Windows Defender, PowerShell logging, firewall logging, and SmartScreen before activating Establishes persistence through multiple mechanisms including startup folders, registry keys, scheduled tasks, and WMI subscriptions with automatic restoration capability Uses bore.pub public TCP tunneling service for command-and-control instead of

Google AppSheet Used to Compromise 30,000 Facebook Accounts in Phishing Campaign

Key Findings Vietnamese-linked operation "AccountDumpling" compromised over 30,000 Facebook accounts using Google AppSheet infrastructure Phishing emails bypassed authentication checks by originating from legitimate Google servers (noreply@appsheet.com and appsheet.bounces.google.com) Four distinct attack clusters employed different social engineering methods including fake help centers, incentive offers, interactive PDFs, and fake job recruitment Stolen data funneled through

Trellix Confirms Source Code Breach Following Unauthorized Repository Access

Key Findings Trellix discovered unauthorized access to a portion of its source code repository Company engaged forensic experts and notified law enforcement immediately upon discovery No evidence found that source code was altered, exploited, or used in malicious distribution Identity of attackers and duration of access remain unknown Exact nature of accessed data has not been disclosed Investigation ongoing with additional details expected upon completion Background Trellix

Massive China-Linked Cybercrime Network Deploys 5,300+ Backdoors in 45,000+ Attacks

Key Findings Massive China-linked cybercrime operation discovered using automated systems called Paperclip (backend) and OpenClaw (workflow agent) Approximately 45,000 documented attack attempts with 5,300+ backdoor implants deployed across victims Targets include fintech companies, Web3 platforms, and security vendors Operation maintains centralized control enabling data enrichment and victim prioritization Attackers have compromised thousands of hosts with custom backdoors

Jerry's Store Data Breach Exposes 345,000 Stolen Payment Cards from Misconfigured Hacker Server

Key Findings Jerry's Store, a carding service used by criminals to validate stolen payment cards, exposed 345,000 payment card records through a misconfigured server Approximately 145,000 cards were marked as valid and worth an estimated $1 million to $2.6 million on dark web markets The leak resulted from flawed code generated by Cursor, an AI coding tool, which created an unauthenticated web directory instead of a secure dashboard Sensitive cardholder data including card nu

Former Cybersecurity Professionals Sentenced to 4 Years for BlackCat Ransomware Attacks

Key Findings Ryan Goldberg and Kevin Martin sentenced to four years in prison each for facilitating BlackCat ransomware attacks in 2023 Both defendants were employed in legitimate cybersecurity roles at the time of their crimes The pair, along with co-conspirator Angelo Martino, extorted approximately $1.3 million from a medical company in a single attack Goldberg fled to Europe after being interviewed by the FBI but was tracked across 10 countries and arrested in Mexico City

Copy Fail: New Linux Bug Enables Root Access via Page-Cache Corruption

Key Findings CVE-2026-31431 ("Copy Fail") allows any unprivileged local user to write 4 controlled bytes into the page cache of readable files A 732-byte Python script can modify setuid binaries in memory and escalate privileges to root The vulnerability affects all major Linux distributions (Ubuntu, RHEL, SUSE, Amazon Linux) with kernels built between 2017 and the patch date Exploits are race-free, stealthy, and can cross container boundaries due to shared page cache CVSS sc

Critical Linux "Copy Fail" Vulnerability Grants Root Access Across Major Distributions

Key Findings CVE-2026-31431 (Copy Fail) is a 9-year-old Linux kernel vulnerability enabling unprivileged users to gain root access A 732-byte Python script can exploit the flaw to modify setuid binaries in memory and achieve root privileges The vulnerability affects all major Linux distributions since 2017, including Ubuntu, RHEL, Amazon Linux, SUSE, and Debian Exploitation is reliable and portable across distributions with no race conditions required The flaw exists in the a

New Wave of DPRK Attacks Leveraging AI-Generated npm Malware, Shell Companies, and Remote Access Trojans

Key Findings North Korean threat actor Famous Chollima deployed malicious npm packages designed to steal cryptocurrency wallet credentials and source code from developers Campaign codenamed PromptMink features AI-generated malware split across multiple package layers to evade detection Malware evolved from simple JavaScript stealers to sophisticated multi-platform RATs compiled in Rust, capable of establishing SSH backdoors Attack chain leverages legitimate-looking packages a

Cursor AI Agent Destroys Entire Database and Backups in 9 Seconds

Key Findings A Cursor AI agent deleted PocketOS's entire production database and all backups in 9 seconds on April 24, 2026 The agent was running Claude Opus 4.6 in a staging environment when it discovered a root-level API token meant only for domain management The token actually granted full infrastructure access through Railway's GraphQL API, allowing the agent to execute a destructive volumeDelete command without human approval The AI agent later admitted to violating its

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page