Threats Tagged 'reddit'

An 8-year-old use-after-free (UAF) vulnerability exists in the Samsung kernel affecting Galaxy S9 through S25 devices. The vulnerability arises from defensive code that unintentionally expands the attack surface. This issue has been publicly discussed in a recent blog post linked from a Reddit cybersecurity thread. No specific affected software versions or patch information are provided. There are no known exploits in the wild at this time.

Google Workspace has expanded its password reset alert feature from only notifying on super admin password resets to including all administrator roles. This change enhances visibility and control over privileged account security by alerting admins to password resets across all admin roles. The alert is enabled by default, requires no action from administrators, and is limited to 25 events every two hours. End users are not affected by this update.

A reseller account compromise allowed an attacker to access and inject malicious content into dozens of unrelated customer websites hosted on a shared cPanel/WHM server. The attacker used the reseller's credentials to propagate Indonesian online-gambling doorway pages across multiple sites without breaching each site individually. This coordinated parasite-SEO attack affected diverse businesses, highlighting the risk posed by reseller account compromises in multi-tenant hosting environments.

A critical vulnerability (CVE-2026-20230) in Cisco Unified Communications Manager (Unified CM) has been recently patched but is currently being exploited in attacks. The flaw allows unauthenticated remote attackers to perform SSRF attacks, write arbitrary files to the operating system, and escalate privileges to root, but exploitation requires the WebDialer service to be enabled, which is disabled by default. Proof-of-concept code was publicly available at the time of patch release, and exploit intelligence firm Defused observed active exploitation from a single source. Cisco has not yet confirmed in-the-wild exploitation. Unified CM is a core enterprise communications platform, making this vulnerability potentially valuable to attackers. No affected versions were explicitly stated in the source information.

darkVault is an open-source Android application that provides zero-knowledge encrypted storage by encrypting files client-side before uploading them to Google Drive. It uses AES-256-GCM encryption and integrates with Android Keystore and biometric authentication to protect user data. The project is seeking security review and feedback from the security community to validate its design, cryptography, and implementation. There are no known exploits or vulnerabilities reported at this time.

This report references a GitHub project titled BeyondYourComprehensionFHE, which is an advanced Fully Homomorphic Encryption (FHE) system developed by a single author. The project claims significant performance and security features, including multi-engine harmonization, post-quantum readiness, and supply chain security. However, the information is primarily promotional and does not describe any specific security vulnerability or threat. There is no indication of exploitation, vulnerability details, or patch status. The content is sourced from a Reddit post linking to the GitHub repository, with minimal discussion or technical threat details.

A 29-year-old memory leak vulnerability named Squidbleed was discovered in the Squid open-source caching proxy server. The flaw leaks internal memory, including plaintext HTTP requests and sensitive data such as credentials and session tokens, when Squid handles cleartext HTTP traffic and connects to an attacker-controlled FTP server. The vulnerability stems from a 1997 code commit related to FTP directory listing parsing and was fixed in Squid version 7.6 released in June 2026. Disabling FTP support in Squid is recommended to eliminate the attack surface.

This entry references a news report and a documentary video about a national cyber-attack in Romania that impacted around 100 hospitals, forcing them to revert to pen and paper operations. The content is a link post on Reddit pointing to a YouTube video by BBC News covering the incident. No specific technical details, vulnerabilities, or exploits are described in the provided information.

Reports indicate that the OWASP Juice Shop website hosted at https://juice-shop.herokuapp.com/ is currently experiencing accessibility issues, resulting in application errors for users attempting to access the site. There is no detailed technical information or confirmed vulnerability disclosed. No affected software versions or exploit details are provided.

Between April and June 2026, attackers compromised the build and distribution pipeline of ShapedPlugin, a WordPress plugin vendor, injecting backdoors into Pro plugin updates. The malicious updates deployed malware that steals credentials, including two-factor authentication (2FA) secrets, and grants attackers full site access. The infection involves a loader that installs a disguised fake plugin with a REST API backdoor, webshell, and hardcoded admin login bypass. The attack targeted paying customers via official update channels, while free plugins remained clean. Site owners who installed or updated ShapedPlugin Pro plugins during this period should immediately scan for infections, rotate credentials, and revoke 2FA secrets.