
Unpatched HTTP/3 DoS in Alibaba XQUIC — 260-Byte Crash
Alibaba XQUIC unpatched HTTP/3 DoS flaw crashes servers with 260 bytes. Zimbra critical XSS patched. GigaWiper destructive backdoor analyzed.
Posts tagged: Supply-Chain

Alibaba XQUIC unpatched HTTP/3 DoS flaw crashes servers with 260 bytes. Zimbra critical XSS patched. GigaWiper destructive backdoor analyzed.

FBI dismantles NetNut residential proxy botnet enrolling 2M+ IoT devices. Plus CitrixBleed 2.0 exploited same day and Medtronic 3.8M-record breach.

CVE-2026-55200 public PoC turns SSH clients into targets. Plus 14.2M credentials exposed at six ISPs and Russian APTs exploiting messaging apps.

Miasma malware expands from npm to Go and GitHub Actions. CVE-2026-12569 Windchill RCE hits KEV. CL-STA-1062 espionage targets SE Asia governments.

CVE-2026-20230 SSRF in Cisco Unified CM exploited days after PoC. Mistic RAT feeds six ransomware gangs. Klue supply chain breach hits LastPass.

Russian IAB behind FortiBleed siphoned 110M VPN credentials since February. FFmpeg PixelSmash RCE hits media servers. Squidbleed leaks cleartext creds.

AryStinger botnet turns 4,300 legacy routers into recon proxies. Gravity SMTP plugin exploit harvests WordPress API keys.

144 Mastra AI npm packages compromised via hijacked contributor account. CVE-2026-48907 Joomla JCE CVSS 10.0 actively exploited.

Ivanti Sentry RCE under active exploitation with CISA's new 3-day patch mandate. ShinyHunters hit Oracle PeopleSoft CVE-2026-35273.

Microsoft patches 206 flaws with 3 exploited zero-days including CVE-2026-42897. Ivanti Sentry CVSS 10.0 RCE and Langflow CVE-2026-5027 also exploited.