
Unpatched HTTP/3 DoS in Alibaba XQUIC — 260-Byte Crash
Alibaba XQUIC unpatched HTTP/3 DoS flaw crashes servers with 260 bytes. Zimbra critical XSS patched. GigaWiper destructive backdoor analyzed.
Posts tagged: Ransomware

Alibaba XQUIC unpatched HTTP/3 DoS flaw crashes servers with 260 bytes. Zimbra critical XSS patched. GigaWiper destructive backdoor analyzed.

CVE-2026-53359 KVM VM escape has public PoC after 16 years. Plus BeyondTrust CVSS 9.2 auth bypass and China-nexus ORB malware from Talos.

FBI dismantles NetNut residential proxy botnet enrolling 2M+ IoT devices. Plus CitrixBleed 2.0 exploited same day and Medtronic 3.8M-record breach.

Cisco UCM zero-day exploited with public PoC. CVE-2026-45659 SharePoint RCE hits CISA KEV. DHS confirms HSIN breach. JADEPUFFER AI ransomware.

CVE-2026-46817 Oracle EBS Payments auth bypass actively exploited. Aflac Japan subsidiary breach and BlueHammer in ransomware toolkits.

CVE-2026-20230 SSRF in Cisco Unified CM exploited days after PoC. Mistic RAT feeds six ransomware gangs. Klue supply chain breach hits LastPass.

144 Mastra AI npm packages compromised via hijacked contributor account. CVE-2026-48907 Joomla JCE CVSS 10.0 actively exploited.

Ivanti Sentry RCE under active exploitation with CISA's new 3-day patch mandate. ShinyHunters hit Oracle PeopleSoft CVE-2026-35273.

CVE-2026-50751 Check Point VPN IKEv1 auth bypass exploited by Qilin ransomware. Plus Chrome's fifth zero-day and a UniFi unauthenticated root chain.

FBI flash alert on Silent Ransom Group USB attacks at law firms. LA Metro attributed to Iranian APT. SymJack weaponizes AI coding agents. CVE-2026-45659.