A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9.8 and affects Weaver E-cology 10.0 builds released before 20260312. The security flaw exists in an exposed debug endpoint that allows attackers to execute arbitrary commands without requiring […]
The post Critical Weaver E-cology RCE Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
Qualcomm Technologies has released a critical security bulletin addressing multiple severe vulnerabilities in its proprietary and open-source software. These security updates are essential for protecting devices from severe flaws that threaten a vast ecosystem of hardware powered by Snapdragon processors. The primary focus of this security update is on high-impact vulnerabilities that allow attackers to […]
The post Critical Qualcomm Chipset Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.
You must login to view this content
A North Korea-aligned threat group known as ScarCruft has been caught running a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region. The attackers planted backdoors in both Windows and Android versions of the platform’s games, turning a trusted service into a covert espionage tool. The campaign has likely […]
The post New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors appeared first on Cyber Security News.
A China-aligned threat group tracked as SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange Server vulnerabilities to conduct cyberespionage against government and defense-linked targets across Asia and beyond. The group’s activity dates back to at least December 2024, with campaigns targeting at least eight countries, including government ministries, defense contractors, IT consulting firms, and transportation organizations […]
The post China-Aligned SHADOW-EARTH-053 Exploits Exchange Servers to Deploy ShadowPad Malware appeared first on Cyber Security News.
You must login to view this content
Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-42249 Ollama is an open-source tool for running large language models locally. It’s is used by those who don’t want their data to leave their machine and don’t want to be constrained by API costs, usage limits, or the requirement of … More →
The post Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say appeared first on Help Net Security.
LastPass has launched Mobile Smart Scanner, a solution that converts photographs of typed or handwritten credentials into structured, ready-to-use password entries that can be reviewed, saved, and autofilled directly from the vault. Available in early access for Free, Premium, and Family plan customers, the feature extracts the site URL, username, and password from a single scan taken with the LastPass mobile app. No manual typing, no third-party upload. Scanning occurs on-device consistent with the LastPass … More →
The post LastPass Mobile Smart Scanner improves password security appeared first on Help Net Security.
A Chinese-linked threat group known as Silver Fox has been running a calculated phishing campaign, tricking employees at organizations across multiple countries into opening what appear to be official tax authority notices. The emails, disguised as legitimate government communications, led victims to download a chain of malware that ultimately installed both the known ValleyRAT backdoor […]
The post Silver Fox Uses Fake Tax Notices to Deploy ValleyRAT and New ABCDoor Backdoor appeared first on Cyber Security News.
You must login to view this content