MetInfo CMS Unauthenticated PHP Code Injection Under Active Exploitation (CVE-2026-29014)

Scope: MetInfo CMS Versions 7.9, 8.0, and 8.1

Severity:  Red

Read More

DAEMON Tools Supply Chain Attack – Official Installers Trojanized Since April 8, 2026

Scope: DAEMON Tools Lite (Versions 12.5.0.2421 – 12.5.0.2434)

Severity: Red

Read More

Quasar Linux (QLNX) Implant Targeting Developer and DevOps Environments

Scope: Linux Developer Workstations, DevOps Infrastructure (npm, PyPI, GitHub, AWS, Docker, Kubernetes)

Severity: Red

Read More

Microsoft Entra ID Agent ID Administrator Role – Service Principal Takeover

Scope: Microsoft Entra ID (All Tenants Using Agent Identities)

Severity: High

Read More

PAN-OS User-ID Authentication Portal Buffer Overflow Zero-Day Under Active Exploitation (CVE-2026-0300)

Scope: Palo Alto Networks PAN-OS (PA-Series and VM-Series Firewalls)

Severity: Red

Read More

Cloudz RAT "Pheno" Plugin Hijacking Windows Phone Link to Steal OTPs and Credentials

Scope: Microsoft Windows Phone Link (Windows 10 and 11)

Severity: High

Read More