Security news.
Today's threat landscape is dominated by critical zero-days and supply chain attacks. A severe vm2 sandbox escape, actively exploited Palo Alto Networks firewall RCE, and a widespread DAEMON Tools trojanization are demanding immediate attention from security teams. Additionally, state-sponsored actors continue targetin
Critical vm2 sandbox escape allows arbitrary code execution on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 enables attackers to escape the sandbox and execute arbitrary code on the host system.
Palo Alto Networks PAN-OS zero-day (CVE-2026-0300) exploited in attacks
A critical unauthenticated remote code execution vulnerability in PAN-OS User-ID Authentication Portal is being actively exploited; CISA has added it to the Known Exploited Vulnerabilities catalog.
DAEMON Tools supply chain attack delivers backdoor to thousands of systems
Hackers trojanized DAEMON Tools installers distributed from the official website since April 8, deploying a sophisticated backdoor to government and scientific entities worldwide.
MuddyWater uses false-flag ransomware attack to steal credentials via Microsoft Teams
The Iranian state-sponsored group MuddyWater disguised intrusions as Chaos ransomware attacks, leveraging social engineering through Microsoft Teams to gain access and establish persistence.
Quasar Linux RAT targets developers with rootkit and credential-stealing capabilities
A previously undocumented Linux implant (QLNX) is targeting developer systems with a sophisticated mix of rootkit, backdoor, and credential-stealing functionality.
CloudZ RAT and Pheno plugin exploit Windows Phone Link to steal credentials and OTPs
Attackers are using CloudZ RAT with a new plugin called Pheno to hijack the Windows-PC-to-smartphone bridge, stealing credentials and one-time passwords to bypass 2FA.
Instructure breach exposes 280 million records from 8,800 schools and universities
A hacker claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms via the Instructure platform.
Critical Apache HTTP/2 vulnerability (CVE-2026-23918) enables DoS and potential RCE
The Apache Software Foundation released security updates addressing a severe "double free" vulnerability in HTTP/2 protocol handling with a CVSS score of 8.8.