NPAV Logo

Shopping Cart My Cart 0
₹0.00
Currency
INR
Currency
INR

vulnerability

  1. PAN-OS Captive Portal Zero-Day (CVE-2026-0300) Enables Unauthenticated Root RCE on Firewalls

    PAN-OS Captive Portal Zero-Day (CVE-2026-0300) Enables Unauthenticated Root RCE on Firewalls

    Posted: May 07, 2026
    Categories: Data Breach, firewall
    Tags: zero-day exploit, vulnerability, remote code execution, firewalls
    Author: Npav Lab
    Views: 20
    A critical PAN-OS vulnerability (CVE-2026-0300) in the User-ID Captive Portal allows unauthenticated remote code execution with root privileges. Limited exploitation has been linked to state-sponsored activity involving log tampering, Active Directory enumeration, and deployment of tunneling tools like EarthWorm and ReverseSocks5.
    Read more
  2. Critical Android Zero-Click Vulnerability Allows Remote Shell Access

    Critical Android Zero-Click Vulnerability Allows Remote Shell Access

    Posted: May 05, 2026
    Categories: Google, Android Security, vulnerability
    Tags: zero-click, vulnerability, hacker, google, exploit, android
    Author: Npav Lab
    Views: 29
    Google patches CVE-2026-0073, a critical Android zero-click flaw enabling remote shell access without user interaction. Update devices immediately.
    Read more
  3. New Windows Zero-Click Vulnerability Exploited to Bypass Defender SmartScreen

    New Windows Zero-Click Vulnerability Exploited to Bypass Defender SmartScreen

    Posted: May 01, 2026
    Categories: vulnerability, Windows
    Tags: zero-click, windows, vulnerability, hacker, exploit, defender, bypass
    Author: Npav Lab
    Views: 66
    Microsoft patches CVE-2026-32202, a Windows zero-click flaw exploited by APT28 hackers to bypass Defender SmartScreen and steal authentication hashes.
    Read more
  4. Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks

    Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks

    Posted: April 21, 2026
    Categories: vulnerability, AI
    Tags: vulnerability, remote code execution, ai
    Author: Npav Lab
    Views: 36
    A critical flaw in Anthropic MCP exposes millions to RCE attacks, risking full system takeover, data theft, and AI infrastructure compromise.
    Read more
  5. New CosmicSting Exploit Targets Adobe Commerce and Magento Stores

    New CosmicSting Exploit Targets Adobe Commerce and Magento Stores

    Posted: October 03, 2024
    Categories: Alert, vulnerability
    Tags: vulnerability, data breach
    Author: Npav Lab
    Views: 228
    A new cybersecurity threat, dubbed CosmicSting, is wreaking havoc on Adobe Commerce and Magento stores. Exploiting a critical vulnerability (CVE-2024-34102), attackers are using remote code execution to infiltrate e-commerce platforms, steal sensitive data, and compromise entire systems.
    Read more
  6. WordPress Plugin Vulnerability: 3,300 Sites Compromised by Malware Attack

    WordPress Plugin Vulnerability: 3,300 Sites Compromised by Malware Attack

    Posted: March 11, 2024
    Tags: wordpress, vulnerability
    Author: Npav Lab
    Views: 76

    In recent cybersecurity developments, hackers are taking advantage of a vulnerability within outdated versions of the Popup Builder plugin for WordPress, leading to the

    Read more
Categories
Recent Posts
Fake DeepSeek TUI GitHub repository used to distribute malware targeting developers and AI users
Fake DeepSeek TUI GitHub Repositories Used to Spread Malware via AI Tool Spoofing
May 13, 2026
Fake Android call history apps on Google Play Store trick users into paid subscriptions and steal money after millions of downloads
Fake Call History Apps on Google Play Store Stole Money After 7.3M Downloads
May 12, 2026
NVIDIA GeForce NOW data breach exposing user personal information and cybersecurity risks
NVIDIA GeForce NOW Data Breach Exposes User Information
May 11, 2026
Fake Claude AI installer phishing page delivering malware through sponsored Google Ads results
Fake Claude AI Installer Pages Spread Malware Through Google Ads
May 08, 2026
DAEMON Tools malware supply chain attack infecting official software installers on Windows systems
DAEMON Tools Supply Chain Attack Infects Official Installers With Malware
May 07, 2026
Back to Top