soc

📅 Kalender

< July 2026 >
Mo
Di
Mi
Do
Fr
Sa
So
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
soc

Discord and Gemini Database Claims, Cisco FMC RCE Leak, Xia Stealer Sale, and IMSS Donor Records Listing

Discord and Gemini Database Claims, Cisco FMC RCE Leak, Xia Stealer Sale, and IMSS Donor Records Listing SOCRadar Dark Web Team identified several new underground posts, including an alleged Discord database dump shared with “simple” user style fields, and a separate claim of a gemini.google.com database being distributed for free. Another post referenced an alleged […]

Mehr lesen →
soc

CVE-2026-43500 and CVE-2026-43284: Dirty Frag Linux Privilege Escalation Flaw Raises Post-Compromise Risk

Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an […]

Mehr lesen →
soc

Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack

Checkmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack It hasn’t been long since TeamPCP made headlines for compromising Checkmarx’s GitHub Actions and OpenVSX extensions as part of a sprawling supply chain campaign. Now the same threat actor is back; and this time, they went after the Checkmarx Jenkins plugin. The attack was flagged […]

Mehr lesen →
soc

SOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies

SOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies SOCRadar is positioned as a Visionary in the inaugural Magic Quadrant report for Threat Intelligence, which helps leaders evaluate the right CTI technologies against the most impactful threats. When we set out to build SOCRadar, we made a bet that most of the […]

Mehr lesen →
soc

CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV

CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wild – CISA has also added it to the Known Exploited Vulnerabilities (KEV) catalog. Although exploitation requires remote […]

Mehr lesen →
soc

Operation HookedWing: 4-Year Multi-Sector Attack Analysis

Operation HookedWing: 4-Year Multi-Sector Phishing Campaign From 2022 to the present, a persistent phishing campaign that has not been publicly documented until now, referred to in this report as Operation HookedWing, has been compromising organizations across multiple sectors and countries. The SOCRadar Threat Research team has identified that the campaign operates a custom phishing kit […]

Mehr lesen →
soc

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process object, leading to arbitrary code execution (RCE) in the host Node.js process. This post […]

Mehr lesen →
soc

CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE

CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE CVE-2026-23918 is a vulnerability in Apache HTTP Server (httpd) that affects its HTTP/2 implementation and can lead to a double free during an HTTP/2 stream “early reset” condition. Apache describes the impact as “Double Free and possible RCE,” meaning the worst case is remote code […]

Mehr lesen →
soc

CVE-2026-23918: Critical Apache HTTP/2 Flaw Can Trigger DoS and Possible RCE

Apache has patched CVE-2026-23918, a critical flaw in Apache HTTP Server’s HTTP/2 handling that Apache describes as a “double free and possible RCE.” The issue affects Apache HTTP Server 2.4.66 and was fixed in 2.4.67, released on May 4, 2026. The CVE-2026-23918 vulnerability matters because it can be abused remotely and without authentication. Public reporting […]

Mehr lesen →
soc

CVE-2026-0300: Palo Alto PAN-OS Zero-Day Enables Root RCE on Exposed Firewalls

Edge security appliances remain high-value targets, especially when a flaw can be exploited before a patch is widely available. The CVE-2026-0300 vulnerability is a critical buffer overflow in the User-ID Authentication Portal, also known as Captive Portal, in Palo Alto Networks PAN-OS. Palo Alto rates it 9.3/10 when the portal is exposed to the internet […]

Mehr lesen →