This page collects WhisperX intelligence signals tagged #infosec. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Security researchers have disclosed a newly identified Linux kernel vulnerability dubbed "Dirty Frag," which allows any local user on an affected system to escalate privileges to root. The flaw, classified as a zero-day, affects most major Linux distributions and has raised significant concern within the information se...
A critical vulnerability has been identified in electerm, an open-source terminal and remote access client supporting SSH, SFTP, telnet, serialport, RDP, VNC, Spice, and FTP protocols. Tracked as CVE-2026-2026-43944 with a CVSS score of 9.6, the flaw affects versions 3.0.6 through 3.8.14, leaving a significant number o...
A supply chain compromise targeting the official CPUID website (cpuid.com) has been identified, affecting downloads of multiple popular hardware monitoring tools. The incident, reported to have occurred on April 9-10, 2026, represents a significant breach of a trusted software distribution channel used by millions of u...
A bug bounty researcher has reignited debate over the viability of subdomain takeover as a vulnerability class after reporting a shockingly low discovery rate: just 4 takeoverable domains across 600,000 scanned assets. The researcher spent a week building a tool to scrape eligible subdomains for every program, then ran...
JDownloader's official website was compromised through a CMS vulnerability, allowing threat actors to replace legitimate Windows and Linux installers with malware-laden versions. The attack window spans May 6–7, 2026, during which users who downloaded the Windows Alternative Installer or Linux shell script and executed...
A security researcher and Flying Penguin blog have raised questions about the four-hour interval between the onset of an attack on Canonical's infrastructure and the appearance of Cloudflare IP addresses on Canonical's repository hostnames. The analysis suggests this gap may represent the time required for Canonical to...
A specific malware signature linked to WordPress compromise campaigns has surfaced, revealing a potentially large-scale attack operation with a notable technical flaw. Security researchers are pointing to the hash identifier "Bwn6fOzW0Zc6VfNNCAo1bWRmG2a" as a hunting marker for malicious payloads targeting WordPress in...
A critical deserialization vulnerability has been identified in YetAnotherForum.NET (YAF.NET), a widely deployed C# ASP.NET forum platform. Tracked as CVE-2026-43938 with a CVSS score of 8.1 (High), the flaw resides in the application's database logger component located at YAFNET.Core/Logger/DbLogger.cs. The vulnerabil...
Une vulnérabilité critique touche gRPC-Go. Selon les données disponibles, l'absence d'un slash dans l'en-tête `:path` HTTP/2 permettrait de contourner l'ensemble des mécanismes d'autorisation du framework. La faille, baptisée CVE-2026-33186, affiche un CVSS de 9.1, traduisant une gravité élevée dans l'évaluation offici...