Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. „This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,“ Google’s product and security teams said. The initiative builds upon the foundation of Pixel Binary Transparency, which Google introduced in October 2021
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. „According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims‘ credentials and potentially one-time passwords (OTPs),“
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of „double free and possible RCE“ in the HTTP/2 protocol handling. This issue
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. „These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,“ Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid
