Cyber Alert Security News Daily

Supply Chain Breaches

• 🔥 LastPass Klue Incident: LastPass confirmed unauthorized access to customer Salesforce data via OAuth tokens stolen in...

Supply Chain and AI Data Breaches

• 🔥 Tata Electronics Cyberattack: Hackers published over 200,000 files totaling 630GB including Apple and Tesla...

Unpatchable Hardware Exploits

• 🔥 usbliter8 BootROM Exploit: Paradigm Shift disclosed usbliter8, a DMA buffer underflow in the Synopsys DWC2 USB...

Daily briefing flags multiple critical CVEs enabling authentication bypass and token exposure in infrastructure tools.

• ThingsBoard OAuth flaw lets...

• Advisory urgency: CVE-2026-31431 requires immediate patching as a local privilege escalation flaw
• Exploit mechanics: 50-minute video uses AI...

Two simultaneous vulnerabilities underscore rising perimeter exploitation:

• Check Point VPN actively exploited through auth bypass in Remote Access...

Two recent attacks reveal how critical infrastructure remains vulnerable across sectors and borders.

• Iranian-linked group breached California Water...

usbliter8 exploits a hardware DMA underflow bug in the Synopsys DWC2 USB controller of Apple A12, S4/S5, and A13 SoCs, granting physical attackers PC...

A perfect storm is forming in AI security. LiteLLM's host header injection bypass exposes management routes on a widely used gateway, while Orca's...

Atlassian and Splunk have released patches for critical vulnerabilities, including dozens of flaws in third-party dependencies.

F5 issued urgent out-of-band NGINX patches for CVE-2026-42530 and related flaws where HTTP/3, HTTP/2, and gRPC traffic can trigger worker crashes and,...

AI models like Claude Mythos are compressing vulnerability discovery and exploitation from weeks to hours, breaking traditional patching...

usbliter8 is a new unpatchable BootROM exploit that gives physical attackers arbitrary code execution on A12/A13 iPhones via a USB hardware bug in DFU...

Kodak has admitted the data breach after ShinyHunters listed the company on June 15, confirming theft of more than 2.2 million customer records.

An unauthorized party gained access to a single employee's computer at Plaza Home Mortgage on or around Feb. 17, 2026, potentially exposing Social...

Enterprise AI repeatedly accepts untrusted input with no boundary, enabling silent data theft and full compromise.

• Copilot SearchLeak turned a...

Two reports underscore the urgent need to patch two critical NGINX Open Source RCE flaws, both CVSS 9.2.

• CVE-2026-42530 (use-after-free in HTTP/3...

Even with no proof-of-concept and no working exploit online, a plain text vulnerability description is now the kind of advisory security teams must log right away, underscoring how AI has collapsed the patch window.

Two Microsoft reports highlight CryptoBandits clipper malware's shift to USB-based distribution and Tor-hidden C2 for evading detection.

• The...

Hackers have assembled a database of more than 30,000 verified Fortinet logins spanning companies in 194 countries, revealing the massive scale of credential reuse attacks on edge devices and the critical need for MFA plus stronger password hygiene.