CosmicBytez Labs

CosmicBytez Labs https://labs.cosmicbytez.ca IT & Cybersecurity Intelligence - News, Security Alerts, HOWTOs, and Project Guides en-ca Wed, 13 May 2026 12:41:21 GMT https://labs.cosmicbytez.ca/images/icon.png CosmicBytez Labs https://labs.cosmicbytez.ca <![CDATA[CVE-2021-47923: OpenCart 3.0.3.8 Session Fixation Enables Account Takeover]]> https://labs.cosmicbytez.ca/security/cve-2021-47923 https://labs.cosmicbytez.ca/security/cve-2021-47923 Mon, 11 May 2026 00:00:00 GMT security CVE-2021-47923 OpenCart Session Fixation Account Takeover Cookie Injection CWE-384 eCommerce <![CDATA[CVE-2021-47936: OpenCATS 0.9.4 Unauthenticated RCE via PHP File Upload]]> https://labs.cosmicbytez.ca/security/cve-2021-47936 https://labs.cosmicbytez.ca/security/cve-2021-47936 Mon, 11 May 2026 00:00:00 GMT security CVE-2021-47936 OpenCATS Remote Code Execution File Upload PHP CWE-434 ATS <![CDATA[CrowdSec: Deploy a Community-Powered Intrusion Prevention System]]> https://labs.cosmicbytez.ca/howtos/2026-05-11-crowdsec-community-ips-setup https://labs.cosmicbytez.ca/howtos/2026-05-11-crowdsec-community-ips-setup Mon, 11 May 2026 00:00:00 GMT howto crowdsec intrusion-prevention security linux ips threat-intelligence networking <![CDATA[American Duo Sentenced for Hosting Laptop Farms for North Korean IT Workers]]> https://labs.cosmicbytez.ca/news/2026-05-10-american-duo-sentenced-for-hosting-laptop-farms-for-north-korean-it-workers https://labs.cosmicbytez.ca/news/2026-05-10-american-duo-sentenced-for-hosting-laptop-farms-for-north-korean-it-workers Sun, 10 May 2026 00:00:00 GMT news APT North Korea Nation-State DOJ Fraud <![CDATA[Canvas Breach Disrupts Schools & Colleges Nationwide]]> https://labs.cosmicbytez.ca/news/2026-05-10-canvas-breach-disrupts-schools-038-colleges-nationwide https://labs.cosmicbytez.ca/news/2026-05-10-canvas-breach-disrupts-schools-038-colleges-nationwide Sun, 10 May 2026 00:00:00 GMT news Data Breach Education Extortion Ransomware Canvas KrebsOnSecurity <![CDATA[Canvas Login Portals Hacked in Mass ShinyHunters Extortion Campaign]]> https://labs.cosmicbytez.ca/news/2026-05-10-canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign https://labs.cosmicbytez.ca/news/2026-05-10-canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign Sun, 10 May 2026 00:00:00 GMT news Data Breach ShinyHunters Education Vulnerability Extortion <![CDATA[Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE]]> https://labs.cosmicbytez.ca/news/2026-05-10-critical-apache-http2-flaw-cve-2026-23918-enables-dos-and-potential-rce https://labs.cosmicbytez.ca/news/2026-05-10-critical-apache-http2-flaw-cve-2026-23918-enables-dos-and-potential-rce Sun, 10 May 2026 00:00:00 GMT news Vulnerability CVE Apache HTTP/2 Remote Code Execution Security Updates <![CDATA[Exploit Frenzy Threatens Millions via Critical cPanel Vulnerability]]> https://labs.cosmicbytez.ca/news/2026-05-10-exploit-cyber-frenzy-threatens-millions-via-critical-cpanel-vulnerability https://labs.cosmicbytez.ca/news/2026-05-10-exploit-cyber-frenzy-threatens-millions-via-critical-cpanel-vulnerability Sun, 10 May 2026 00:00:00 GMT news Zero-Day Vulnerability cPanel Web Hosting <![CDATA[GM to Pay Over $12 Million in California Privacy Settlement Involving Driver Data]]> https://labs.cosmicbytez.ca/news/2026-05-10-gm-to-pay-over-12-million-in-california-privacy-settlement-involving-driver-data https://labs.cosmicbytez.ca/news/2026-05-10-gm-to-pay-over-12-million-in-california-privacy-settlement-involving-driver-data Sun, 10 May 2026 00:00:00 GMT news Privacy CCPA Data Breach Automotive Regulatory <![CDATA[Hackers Abuse Google Ads and Claude.ai Chats to Push Mac Malware]]> https://labs.cosmicbytez.ca/news/2026-05-10-hackers-abuse-google-ads-claudeai-chats-to-push-mac-malware https://labs.cosmicbytez.ca/news/2026-05-10-hackers-abuse-google-ads-claudeai-chats-to-push-mac-malware Sun, 10 May 2026 00:00:00 GMT news Malware Google macOS Malvertising <![CDATA[Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access]]> https://labs.cosmicbytez.ca/news/2026-05-10-ivanti-epmm-cve-2026-6973-rce-under-active-exploitation-grants-admin-level-acces https://labs.cosmicbytez.ca/news/2026-05-10-ivanti-epmm-cve-2026-6973-rce-under-active-exploitation-grants-admin-level-acces Sun, 10 May 2026 00:00:00 GMT news Vulnerability CVE Ivanti EPMM RCE Zero-Day Mobile Security The Hacker News <![CDATA[Multiple Universities Forced to Reschedule Final Exams After Canvas Cyber Incident]]> https://labs.cosmicbytez.ca/news/2026-05-10-multiple-universities-forced-to-reschedule-final-exams-after-canvas-cyber-incide https://labs.cosmicbytez.ca/news/2026-05-10-multiple-universities-forced-to-reschedule-final-exams-after-canvas-cyber-incide Sun, 10 May 2026 00:00:00 GMT news Education Cybercrime Canvas Instructure LMS Security Data Breach Higher Education <![CDATA[Ollama Out-of-Bounds Read Flaw Allows Remote Process Memory Leak]]> https://labs.cosmicbytez.ca/news/2026-05-10-ollama-out-of-bounds-read-vulnerability-allows-remote-process-memory-leak https://labs.cosmicbytez.ca/news/2026-05-10-ollama-out-of-bounds-read-vulnerability-allows-remote-process-memory-leak Sun, 10 May 2026 00:00:00 GMT news Vulnerability Ollama AI Security Memory Leak Remote Code Execution CVE LLM Security <![CDATA[One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk]]> https://labs.cosmicbytez.ca/news/2026-05-10-one-missed-threat-per-week-what-25m-alerts-reveal-about-low-severity-risk https://labs.cosmicbytez.ca/news/2026-05-10-one-missed-threat-per-week-what-25m-alerts-reveal-about-low-severity-risk Sun, 10 May 2026 00:00:00 GMT news Threat Intelligence SOC Alert Fatigue Security Operations Risk Management <![CDATA[PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage]]> https://labs.cosmicbytez.ca/news/2026-05-10-pan-os-rce-exploit-under-active-use-enabling-root-access-and-espionage https://labs.cosmicbytez.ca/news/2026-05-10-pan-os-rce-exploit-under-active-use-enabling-root-access-and-espionage Sun, 10 May 2026 00:00:00 GMT news Vulnerability CVE Palo Alto Networks PAN-OS RCE Espionage Zero-Day The Hacker News <![CDATA[Police Shut Down Reboot of Crimenetwork Marketplace, Arrest Admin]]> https://labs.cosmicbytez.ca/news/2026-05-10-police-shut-down-reboot-of-crimenetwork-marketplace-arrest-admin https://labs.cosmicbytez.ca/news/2026-05-10-police-shut-down-reboot-of-crimenetwork-marketplace-arrest-admin Sun, 10 May 2026 00:00:00 GMT news Law Enforcement Dark Web Criminal Marketplace Germany Cybercrime Takedown BKA <![CDATA[Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise]]> https://labs.cosmicbytez.ca/news/2026-05-10-quasar-linux-rat-steals-developer-credentials-for-software-supply-chain-compromi https://labs.cosmicbytez.ca/news/2026-05-10-quasar-linux-rat-steals-developer-credentials-for-software-supply-chain-compromi Sun, 10 May 2026 00:00:00 GMT news Supply Chain Linux Malware Credential Theft Remote Access Trojan <![CDATA[ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories]]> https://labs.cosmicbytez.ca/news/2026-05-10-threatsday-bulletin-edge-plaintext-passwords-ics-0-days-patch-or-die-alerts-and- https://labs.cosmicbytez.ca/news/2026-05-10-threatsday-bulletin-edge-plaintext-passwords-ics-0-days-patch-or-die-alerts-and- Sun, 10 May 2026 00:00:00 GMT news Zero-Day Weekly Roundup ICS Microsoft Edge Patch Tuesday The Hacker News <![CDATA[CVE-2026-42569: phpVMS Critical Unauthenticated Legacy Import Access]]> https://labs.cosmicbytez.ca/security/cve-2026-42569 https://labs.cosmicbytez.ca/security/cve-2026-42569 Sun, 10 May 2026 00:00:00 GMT security CVE-2026-42569 phpVMS Authentication Bypass PHP Virtual Airline Critical Vulnerability Unauthenticated Access <![CDATA[cPanel & WHM Release Fixes for Three New Vulnerabilities — Patch Now]]> https://labs.cosmicbytez.ca/news/2026-05-09-cpanel-whm-release-fixes-for-three-new-vulnerabilities-patch-now https://labs.cosmicbytez.ca/news/2026-05-09-cpanel-whm-release-fixes-for-three-new-vulnerabilities-patch-now Sat, 09 May 2026 00:00:00 GMT news cPanel WHM Patch Tuesday Web Hosting Security Updates <![CDATA[Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads]]> https://labs.cosmicbytez.ca/news/2026-05-09-fake-call-history-apps-stole-payments-from-users-after-73-million-play-store-dow https://labs.cosmicbytez.ca/news/2026-05-09-fake-call-history-apps-stole-payments-from-users-after-73-million-play-store-dow Sat, 09 May 2026 00:00:00 GMT news Android Google Play Malware Subscription Fraud Mobile Security Fake Apps The Hacker News Fleeceware <![CDATA[Fake OpenAI Repository on Hugging Face Pushes Infostealer Malware]]> https://labs.cosmicbytez.ca/news/2026-05-09-fake-openai-repository-on-hugging-face-pushes-infostealer-malware https://labs.cosmicbytez.ca/news/2026-05-09-fake-openai-repository-on-hugging-face-pushes-infostealer-malware Sat, 09 May 2026 00:00:00 GMT news Malware Windows BleepingComputer Hugging Face OpenAI Infostealer AI Platform Supply Chain <![CDATA[GM to Pay Over $12 Million in Largest-Ever CCPA Fine Over Driver Data]]> https://labs.cosmicbytez.ca/news/2026-05-09-gm-to-pay-over-12-million-in-california-privacy-settlement-involving-driver-data https://labs.cosmicbytez.ca/news/2026-05-09-gm-to-pay-over-12-million-in-california-privacy-settlement-involving-driver-data Sat, 09 May 2026 00:00:00 GMT news Privacy CCPA Data Breach Automotive Regulatory General Motors <![CDATA[Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks]]> https://labs.cosmicbytez.ca/news/2026-05-09-ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks https://labs.cosmicbytez.ca/news/2026-05-09-ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks Sat, 09 May 2026 00:00:00 GMT news Zero-Day Ivanti EPMM Remote Code Execution Mobile Device Management <![CDATA[JDownloader Site Hacked to Replace Installers with Python RAT Malware]]> https://labs.cosmicbytez.ca/news/2026-05-09-jdownloader-site-hacked-to-replace-installers-with-python-rat-malware https://labs.cosmicbytez.ca/news/2026-05-09-jdownloader-site-hacked-to-replace-installers-with-python-rat-malware Sat, 09 May 2026 00:00:00 GMT news Malware Windows Linux BleepingComputer Supply Chain RAT JDownloader Open Source <![CDATA[New Linux 'Dirty Frag' Zero-Day Gives Root on All Major Distros]]> https://labs.cosmicbytez.ca/news/2026-05-09-new-linux-dirty-frag-zero-day-gives-root-on-all-major-distros https://labs.cosmicbytez.ca/news/2026-05-09-new-linux-dirty-frag-zero-day-gives-root-on-all-major-distros Sat, 09 May 2026 00:00:00 GMT news Zero-Day Linux Privilege Escalation Kernel Exploit <![CDATA[Trellix Source Code Breach Highlights Growing Supply Chain Threats]]> https://labs.cosmicbytez.ca/news/2026-05-09-trellix-source-code-breach-highlights-growing-supply-chain-threats https://labs.cosmicbytez.ca/news/2026-05-09-trellix-source-code-breach-highlights-growing-supply-chain-threats Sat, 09 May 2026 00:00:00 GMT news Data Breach Supply Chain Trellix RansomHouse edr Source Code Dark Reading <![CDATA[Zara Data Breach Exposed Personal Information of 197,000 People]]> https://labs.cosmicbytez.ca/news/2026-05-09-zara-data-breach-exposed-personal-information-of-197000-people https://labs.cosmicbytez.ca/news/2026-05-09-zara-data-breach-exposed-personal-information-of-197000-people Sat, 09 May 2026 00:00:00 GMT news Data Breach Zara Inditex Retail Have I Been Pwned Consumer Data Spain BleepingComputer <![CDATA[CVE-2026-25199: Apache CloudStack Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access]]> https://labs.cosmicbytez.ca/security/cve-2026-25199 https://labs.cosmicbytez.ca/security/cve-2026-25199 Sat, 09 May 2026 00:00:00 GMT security CVE-2026-25199 Apache CloudStack Proxmox Tenant Isolation Cloud Security Multi-Tenancy Virtualization Unauthorized Access CWE-284 Critical <![CDATA[CVE-2026-37431: Beauty Parlour Management System SQL Injection (CVSS 9.8)]]> https://labs.cosmicbytez.ca/security/cve-2026-37431 https://labs.cosmicbytez.ca/security/cve-2026-37431 Sat, 09 May 2026 00:00:00 GMT security CVE SQL Injection Web Application CVSS Critical NVD <![CDATA[CVE-2026-41583: ZEBRA Zcash Node Consensus Rule Bypass (CVSS 9.1)]]> https://labs.cosmicbytez.ca/security/cve-2026-41583 https://labs.cosmicbytez.ca/security/cve-2026-41583 Sat, 09 May 2026 00:00:00 GMT security CVE Blockchain Zcash Consensus Bug Cryptocurrency CVSS Critical NVD <![CDATA[CVE-2026-41588: RELATE Courseware Timing Attack in Authentication (CVSS 9.0)]]> https://labs.cosmicbytez.ca/security/cve-2026-41588 https://labs.cosmicbytez.ca/security/cve-2026-41588 Sat, 09 May 2026 00:00:00 GMT security CVE Timing Attack authentication Education Software CVSS Critical NVD <![CDATA[CVE-2026-42193: Plunk Email Platform SNS Webhook Forgery]]> https://labs.cosmicbytez.ca/security/cve-2026-42193 https://labs.cosmicbytez.ca/security/cve-2026-42193 Sat, 09 May 2026 00:00:00 GMT security CVE AWS Cloud Security NVD Email Security Webhook SNS <![CDATA[CVE-2026-42296: Argo Workflows templateReferencing Strict Mode Bypass]]> https://labs.cosmicbytez.ca/security/cve-2026-42296 https://labs.cosmicbytez.ca/security/cve-2026-42296 Sat, 09 May 2026 00:00:00 GMT security CVE Kubernetes Argo Workflows Privilege Escalation Container Security <![CDATA[CVE-2026-8153: Universal Robots PolyScope OS Command Injection — Unauthenticated RCE on Industrial Robots]]> https://labs.cosmicbytez.ca/security/cve-2026-8153 https://labs.cosmicbytez.ca/security/cve-2026-8153 Sat, 09 May 2026 00:00:00 GMT security CVE-2026-8153 Universal Robots PolyScope OS Command Injection CWE-78 OT/ICS Robotics Unauthenticated RCE Industrial Security Critical Infrastructure <![CDATA[CISA Gives Federal Agencies Four Days to Patch Actively Exploited Ivanti Zero-Day]]> https://labs.cosmicbytez.ca/news/2026-05-08-cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day https://labs.cosmicbytez.ca/news/2026-05-08-cisa-gives-feds-four-days-to-patch-ivanti-flaw-exploited-as-zero-day Fri, 08 May 2026 00:00:00 GMT news Zero-Day Ivanti CISA EPMM Federal Patch Tuesday KEV <![CDATA[Ivanti Customers Confront Yet Another Actively Exploited Zero-Day in EPMM]]> https://labs.cosmicbytez.ca/news/2026-05-08-ivanti-customers-confront-yet-another-actively-exploited-zero-day https://labs.cosmicbytez.ca/news/2026-05-08-ivanti-customers-confront-yet-another-actively-exploited-zero-day Fri, 08 May 2026 00:00:00 GMT news Zero-Day Ivanti EPMM Mobile Security Network Edge Vulnerability CyberScoop <![CDATA[NVIDIA Confirms GeForce NOW Data Breach Affecting Armenian Users]]> https://labs.cosmicbytez.ca/news/2026-05-08-nvidia-confirms-geforce-now-data-breach-affecting-armenian-users https://labs.cosmicbytez.ca/news/2026-05-08-nvidia-confirms-geforce-now-data-breach-affecting-armenian-users Fri, 08 May 2026 00:00:00 GMT news Data Breach NVIDIA GeForce NOW Cloud Gaming BleepingComputer <![CDATA[Trellix Source Code Breach Claimed by RansomHouse Hackers]]> https://labs.cosmicbytez.ca/news/2026-05-08-trellix-source-code-breach-claimed-by-ransomhouse-hackers https://labs.cosmicbytez.ca/news/2026-05-08-trellix-source-code-breach-claimed-by-ransomhouse-hackers Fri, 08 May 2026 00:00:00 GMT news Data Breach Trellix RansomHouse Ransomware Source Code Threat Intelligence BleepingComputer <![CDATA[CVE-2026-33109: Azure Managed Instance for Apache Cassandra Remote Code Execution (CVSS 9.9)]]> https://labs.cosmicbytez.ca/security/cve-2026-33109 https://labs.cosmicbytez.ca/security/cve-2026-33109 Fri, 08 May 2026 00:00:00 GMT security CVE Azure Apache Cassandra Cloud Security NVD Remote Code Execution Access Control <![CDATA[CVE-2026-41500: electerm macOS Command Injection via Install Script]]> https://labs.cosmicbytez.ca/security/cve-2026-41500 https://labs.cosmicbytez.ca/security/cve-2026-41500 Fri, 08 May 2026 00:00:00 GMT security CVE Command Injection RCE macOS Terminal Supply Chain <![CDATA[CVE-2026-41501: electerm Linux Command Injection via Install Script]]> https://labs.cosmicbytez.ca/security/cve-2026-41501 https://labs.cosmicbytez.ca/security/cve-2026-41501 Fri, 08 May 2026 00:00:00 GMT security CVE Command Injection RCE Linux Terminal Supply Chain <![CDATA[CVE-2026-42208: LiteLLM AI Gateway Pre-Auth SQL Injection]]> https://labs.cosmicbytez.ca/security/cve-2026-42208 https://labs.cosmicbytez.ca/security/cve-2026-42208 Fri, 08 May 2026 00:00:00 GMT security CVE SQL Injection AI Gateway LiteLLM Pre-Auth LLM Security <![CDATA[CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV]]> https://labs.cosmicbytez.ca/news/2026-05-03-cisa-adds-actively-exploited-linux-root-access-bug-cve-2026-31431-to-kev https://labs.cosmicbytez.ca/news/2026-05-03-cisa-adds-actively-exploited-linux-root-access-bug-cve-2026-31431-to-kev Sun, 03 May 2026 00:00:00 GMT news Vulnerability CVE Linux CISA KEV Privilege Escalation The Hacker News <![CDATA[New Bluekit Phishing Kit Features AI Assistant and Automated Domain Registration]]> https://labs.cosmicbytez.ca/news/2026-05-03-new-bluekit-phishing-kit-features-ai-assistant https://labs.cosmicbytez.ca/news/2026-05-03-new-bluekit-phishing-kit-features-ai-assistant Sun, 03 May 2026 00:00:00 GMT news Phishing Threat Intelligence AI Cybercrime SecurityWeek <![CDATA[CVE-2026-5324: WordPress Brizy Page Builder Unauthenticated Stored XSS]]> https://labs.cosmicbytez.ca/security/cve-2026-5324 https://labs.cosmicbytez.ca/security/cve-2026-5324 Sun, 03 May 2026 00:00:00 GMT security CVE WordPress XSS NVD Vulnerability Web Security <![CDATA[ConsentFix v3 Automates Azure OAuth Abuse With Mass Compromise Potential]]> https://labs.cosmicbytez.ca/news/2026-05-02-consentfix-v3-attacks-target-azure-with-automated-oauth-abuse https://labs.cosmicbytez.ca/news/2026-05-02-consentfix-v3-attacks-target-azure-with-automated-oauth-abuse Sat, 02 May 2026 00:00:00 GMT news Azure OAuth Microsoft 365 Entra ID Identity Security Phishing Attack Technique <![CDATA[Critical cPanel Flaw Mass-Exploited in 'Sorry' Ransomware Attacks]]> https://labs.cosmicbytez.ca/news/2026-05-02-critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks https://labs.cosmicbytez.ca/news/2026-05-02-critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks Sat, 02 May 2026 00:00:00 GMT news Ransomware CVE cPanel Web Hosting Data Breach Cybercrime <![CDATA[Edu-Tech Firm Instructure Discloses Cyber Incident, Probes Impact on Canvas LMS]]> https://labs.cosmicbytez.ca/news/2026-05-02-edu-tech-firm-instructure-discloses-cyber-incident-probes-impact https://labs.cosmicbytez.ca/news/2026-05-02-edu-tech-firm-instructure-discloses-cyber-incident-probes-impact Sat, 02 May 2026 00:00:00 GMT news Data Breach Instructure Canvas Education Cybersecurity LMS <![CDATA[In Other News: Scattered Spider Member Arrested, SOC Metrics, NSA Tool Flaw]]> https://labs.cosmicbytez.ca/news/2026-05-02-in-other-news-scattered-spider-hacker-arrested-soc-effectiveness-metrics-nsa-too https://labs.cosmicbytez.ca/news/2026-05-02-in-other-news-scattered-spider-hacker-arrested-soc-effectiveness-metrics-nsa-too Sat, 02 May 2026 00:00:00 GMT news Scattered Spider Law Enforcement NSA SOC OFAC Iran Security Roundup