CyberPro

Check Point VPN Zero-Day Exploited in Ransomware Attacks A critical Check Point VPN zero-day vulnerability is being actively exploited in real-world attacks, including activity linked to Qilin ransomware. Tracked as CVE-2026-50751, the flaw affects Check Point Security Gateway products using Remote Access VPN and Mobile Access capabilities. The vulnerability allows an unauthenticated remote attacker to bypass user authentication and establish a VPN session without a valid user password. For enterprises, this is a serious perimeter security event. VPN systems are not just remote access tools. They are trusted gateways into internal networks, cloud-connected environments, administrative systems, sensitive applications, and business-critical infrastructure. When attackers bypass VPN authentication, they may gain the type of access defenders usually reserve for employees, contractors, administrators, and trusted users. What Happened: Check Point disclosed a critical authentication bypass v...

Redis RCE Vulnerability Exposes Servers to Remote Code Execution Redis has disclosed a high-severity remote code execution vulnerability that could expose vulnerable servers to serious compromise. Tracked as CVE-2026-23479, the flaw is a use-after-free vulnerability in Redis server client unblocking logic. For enterprises, this is not just a database patching issue. Redis is widely used for caching, queues, real-time analytics, session storage, rate limiting, application acceleration, and backend service coordination. When Redis is vulnerable, exposed, or poorly segmented, attackers may be able to abuse a trusted performance layer as a path into business-critical systems. What Happened: Redis disclosed multiple vulnerabilities affecting Redis OSS and Redis Community Edition deployments. The most concerning issue is CVE-2026-23479, a use-after-free flaw that may lead to remote code execution. The vulnerability can be triggered by an authenticated user under specific conditions involving...

New SHub Stealer Variant Targets Chrome Data and Crypto Wallets A new SHub Stealer variant is raising concerns for organizations and individual users because it targets browser data, cryptocurrency wallets, sensitive files, and persistent access on macOS systems. The malware family has evolved beyond simple credential theft. Recent SHub activity shows attackers using trusted software themes, fake installers, browser data harvesting, wallet hijacking, file collection, and backdoor persistence to maintain access after the initial compromise. For enterprises, this is not just a consumer malware issue. Mac systems are now common in executive teams, development departments, marketing teams, design teams, finance groups, and cloud engineering environments. When malware steals Chrome data, browser extensions, local files, and credentials from a macOS device, it can create a direct path into corporate SaaS platforms, cloud consoles, code repositories, password managers, and internal applicatio...

  Google Gemini Prompt Injection Vulnerability Highlights Growing AI Security Risks As an independent cybersecurity blogger and part-time penetration tester, one of the most important lessons emerging from the AI era is that attackers do not always need to compromise the system itself. Sometimes they only need to manipulate what the AI sees. Hidden instructions. Invisible commands. Concealed prompts embedded inside otherwise legitimate content. Researchers recently demonstrated how Google Gemini could be manipulated through prompt injection techniques that allow attackers to influence AI-generated summaries and responses without the victim ever seeing the malicious instructions. The vulnerability highlights a growing cybersecurity challenge where attackers target the decision-making process of artificial intelligence rather than traditional software vulnerabilities. What Happened: Researchers Demonstrate Gemini Prompt Injection Attacks Security researchers discovered that...

A newly disclosed remote denial-of-service technique called HTTP/2 Bomb is raising serious concerns for organizations running modern web infrastructure. The attack targets default HTTP/2 configurations across some of the world’s most widely deployed web servers, including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. The issue is especially concerning because a single attacker using a normal home internet connection may be able to exhaust tens of gigabytes of server memory in seconds. For enterprises, this is not just a web server performance problem. It is a resilience, availability, and infrastructure security issue. When web servers, proxies, gateways, and edge services become vulnerable to low-cost memory exhaustion attacks, business operations can be disrupted quickly. What Happened: Security researchers disclosed HTTP/2 Bomb, a remote denial-of-service exploit that abuses how some HTTP/2 implementations handle header compression and flow control. The techniqu...