Cyber Security News, MITRE ATT&CK Tactics & Techniques, Vulnerabilities Management, Cyber Kill Chain, Ransomware Attacks, CyberSecurity Alerts & Threat Advisories, IT Security, End Point Security, Security Updates

When Software Threat Models Fall Short: Why MITRE ESTM 3.0 Matters for Embedded Security

CyberSecurity News

AegironJanuary 21, 2026January 21, 20267 mins0

For years, embedded systems security has lived in an uncomfortable gap. On one side, we have traditional…

Trusted Updates Turned Weaponized: Snap Store Publisher Hijacking Leads to Silent Crypto Theft on Linux

Cyber Threat Intelligence

AegironJanuary 21, 2026January 21, 20269 mins0

Executive Summary This incident describes a supply-chain attack targeting Linux users through the Snap application ecosystem operated…

861 GB Stolen: Inside the Alleged Everest Ransomware Breach of McDonald’s India

CyberSecurity News

AegironJanuary 21, 2026January 21, 20268 mins0

Executive Summary In 2024, McDonald’s India became the subject of a ransomware extortion claim by the Everest…

Critical Trust & Isolation Failures in IBM Platforms: JWT Admin Takeover and Container Command Execution (CVE-2025-36418 & CVE-2025-36059)

Vulnerabilities

AegironJanuary 21, 2026January 21, 202610 mins0

IBM ApplinX – JWT Privilege Escalation (Admin Impersonation) Product overview (at top)IBM ApplinX is an application modernization…

CVE-2025-56353: tinyMQTT Memory Leak Enables Remote Resource Exhaustion Attacks

Vulnerabilities

AegironJanuary 21, 2026January 21, 202610 mins0

This issue is in the tinyMQTT message broker, an implementation of the MQTT protocol used in many…

Multiple High and Critical Severity Flaws Discovered in NVIDIA Transformers4Rec and Nsight Tools

Vulnerabilities

AegironJanuary 21, 2026January 21, 202612 mins0

NVIDIA Product Vulnerabilities – Detailed Security Assessment (2025) Vendor: NVIDIAAffected Products: The following vulnerabilities impact NVIDIA developer…

CVE-2025-55130 : Node.js Permission Model Sandbox Escape via Symbolic Link Resolution

Vulnerabilities

AegironJanuary 21, 2026January 21, 20269 mins0

CVE-2025-55130 — Node.js Permission Model Sandbox Escape Field Details CVE Identifier CVE-2025-55130 Product Node.js Vulnerability Type Permission…

CVE-2026-21983: When a Local User Can Turn Oracle VM VirtualBox into a Hypervisor Takeover Gateway

Vulnerabilities

AegironJanuary 21, 2026January 21, 20268 mins0

Vulnerability Type: Privilege Escalation / Hypervisor TakeoverComponent Affected: VirtualBox CoreAttack Vector: LocalSeverity: HighCVSS v3.1 Base Score: 7.5…

CVE-2026-21945: Silent Java SSRF That Can Freeze Your JVM and Take Services Offline

Vulnerabilities

AegironJanuary 21, 2026January 21, 202613 mins0

Affected Software: Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (many major supported…

CVE-2026-0610 & CVE-2026-1007: Critical Access Control and Database Security Failures in Devolutions Server

Vulnerabilities

AegironJanuary 21, 2026January 21, 20269 mins0

Devolutions Server – Security Vulnerability Analysis Product: Devolutions ServerAffected Branch: 2025.3.xImpact Level: High to CriticalAttack Surface: Network-exposed…