Secure Cyber Vulnerability Managament

Axios npm Supply Chain Attack: Malicious RAT Deployment

02/04/2026

Google Addresses Zero-day Vulnerability Exploited in the Wild (CVE-2026-5281)

02/04/2026

ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

01/04/2026

ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

31/03/2026

2026

Axios npm Supply Chain Attack: Malicious RAT Deployment

A sophisticated supply-chain attack is targeting the popular npm package Axios. Attackers compromised a lead maintainer’s account to publish malicious versions 1.14.1 and 0.30.4, injecting a hidden dependency called plain-crypto-js version 4.2.1. The dependency executes a postinstall script that acts as a cross-platform remote access trojan (RAT) dropper, targeting...

02/04/2026

Qualys-Threat-Protect

Google Addresses Zero-day Vulnerability Exploited in the Wild (CVE-2026-5281)

Google released an urgent security advisory to address a vulnerability being exploited in the wild. CVE-2026-5281 is a use-after-free vulnerability in Dawn, the open-source implementation of the WebGPU standard. This...

02/04/2026

Qualys-Threat-Protect

ZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the...

01/04/2026

Zero-Day Initiative

ZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability...

31/03/2026

Zero-Day Initiative

ZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability...

31/03/2026

Zero-Day Initiative

ZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the...

31/03/2026

Zero-Day Initiative

ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit...

31/03/2026

Zero-Day Initiative

ZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit...

31/03/2026

Zero-Day Initiative

ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to...

31/03/2026

Zero-Day Initiative

ZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required...

31/03/2026

Zero-Day Initiative