DeafNews
// 1 CRITICAL · 2 ZERO-DAY · 3 CVE · 3 EXPLOIT IN THE LAST 24H

Archive

All articles, newest first. Page 6.

ransomware

The Gentlemen: LLMs Cut Ransomware Development to Three Days

CERT-AGID reports the ransomware group The Gentlemen uses LLMs to build platforms in three days, personalize extortion, and replicate…

Jun 15, 2026views - 1.3k

CYBERSEC

HAMLOCK: Invisible AI Backdoor Spans Chip and Software

Researchers demonstrate HAMLOCK, a supply-chain attack that splits a neural-network backdoor between minimal software weight changes (…

Jun 15, 2026views - 977

CYBERSECZERO-DAY

ZDI-26-356: Apache Reverse Proxy Betrayed by AJP Backend

CVE-2026-34032 in mod_proxy_ajp lets a compromised AJP backend read out of bounds, with potential escalation to RCE via vulnerability…

Jun 15, 2026views - 865

CYBERSECCRITICAL

Adobe Acrobat Reader: UAF in Annotation Parser Enables RCE via Malicious PDF

CVE-2026-27220: use-after-free in Adobe Acrobat Reader DC's Annotation parser, CVSS 7.8. Patch available, no known in-the-wild exploit…

Jun 15, 2026views - 740

VULNZERO-DAY

ZDI-26-358: XSS in Allegra with a Classification Anomaly

Trend Micro's Zero Day Initiative published advisory ZDI-26-358 detailing an XSS flaw in Allegra's downloadAttachment method. The advi…

Jun 15, 2026views - 1.4k

CYBERSECZERO-DAY

ShinyHunters Hits 100+ Universities with Oracle Zero-Day

CVE-2026-35273 in PeopleSoft EMHub: unauthenticated RCE, CVSS 9.8, 68% of victims in higher education. CISA mandates patch by June 15.

Jun 14, 2026views - 1.4k

VULNCVE

Langflow CVE-2026-5027: RCE Under Active Exploitation with 7,000 Instances Exposed

A critical path traversal vulnerability in Langflow is being exploited in the wild. CVE-2026-5027 (CVSS 8.8) enables unauthenticated r…

Jun 13, 2026views - 900

CYBERSECZERO-DAY

X.Org Server: Root LPE via XkbSetCompatMap; Patch Released

CVE-2026-33999 in X.Org Server enables local privilege escalation to root. Discovered by ZDI, the fix follows a coordinated disclosure…

Jun 13, 2026views - 897

VULNCVE

NVIDIA Transformers4Rec Flaw Enables RCE via Malicious ML Models

NVIDIA has patched a high-severity deserialization vulnerability (CVE-2026-24162, CVSS 7.8) in its Transformers4Rec library that allow…

Jun 13, 2026views - 778

CYBERSEC

Maine Disables Breach Notification Portal After Fake Discord and VRChat Disclosures

Maine's government portal automatically published data breach notifications without verification, facilitating the spread of misinform…

Jun 12, 2026views - 646

CYBERSECCRITICAL

LangGraph Vulnerability Chain Grants RCE via AI Agent Persistence

Check Point Research has uncovered a SQL injection and deserialization chain in LangGraph that enables RCE on self-hosted deployments.…

Jun 12, 2026views - 780

VULNCVE

CVE-2026-11645: Google Patches Fifth Chrome Zero-Day of 2026

Google has released a critical patch for CVE-2026-11645, a zero-day vulnerability in Chrome's V8 engine. With an exploit active in the…

Jun 12, 2026views - 713

newsCRITICAL

ZDI-26-359: RCE Vulnerability in Samsung rlottie Triggers Urgent Patching

A critical integer truncation flaw in Samsung’s open-source rlottie library enables remote code execution through malicious vector ani…

Jun 12, 2026views - 1.4k

linuxCRITICAL

ZDI-26-360: RCE Vulnerability in MATE’s Atril Document Viewer Patched in Version 1.26.4

A heap-based buffer overflow in the Atril EPUB parser (MATE Desktop) allows for remote code execution. The vulnerability is addressed…

Jun 11, 2026views - 695

crypto

AudiA6 Takedown: Global Strike Dismantles $900M Crypto-Laundering Pipeline

On June 11, 2026, international authorities arrested two administrators in Georgia and seized infrastructure across four countries, di…

Jun 11, 2026views - 676

CYBERSECCRITICAL

Europol and DOJ Dismantle AudiA6: A Critical Hub for Ransomware Money Laundering Smashed

In a major operation on June 10, 2026, authorities arrested two administrators in Georgia and seized 25 domains and 30+ servers. The A…

Jun 11, 2026views - 922

CYBERSEC

Algorithmic Exploitation: How TikTok and Instagram Reels Amplify Vidar Malware

ReversingLabs research reveals threat actors are using fake Spotify Premium tutorials to distribute the Vidar infostealer via PowerShe…

Jun 11, 2026views - 998

news

University of Nottingham ERP Breach Exposes 454,600 Students and Alumni

The ShinyHunters cybercriminal group has breached the University of Nottingham’s Oracle PeopleSoft system, exfiltrating 40GB of data i…

Jun 11, 2026views - 1.3k

VULN

ASUS MyASUS: SYSTEM Privilege Escalation Disclosed After 98 Days, Patch Link Remains Circular

CVE-2026-7480: A local privilege escalation vulnerability in MyASUS allows attackers to gain SYSTEM rights. While ASUS has issued an u…

Jun 11, 2026views - 788

CYBERSECZERO-DAY

Microsoft Patches Actively Exploited Exchange Zero-Day, Mandates Dual-Layer Defense

Microsoft has released a permanent patch for CVE-2026-42897, an XSS zero-day in Exchange OWA. Despite the update, the EEMS mitigation…

Jun 10, 2026views - 790

VULNEXPLOIT

RoguePlanet: Zero-Day Exploit (CVE-2026-42897) Hits Fully Patched Windows 10 and 11 Systems

RoguePlanet (CVE-2026-42897) leverages a race condition in Microsoft Defender to gain SYSTEM privileges on Windows 10 and 11 devices,…

Jun 10, 2026views - 839