Security

Cybersecurity Alert: Risks of Plaintext Passwords, Zero-Day Vulnerabilities in ICS, Urgent Patch Notifications, and More Critical Updates

Published

1 hour ago

May 8, 2026

The flaws, tracked as CVE-2026-20014 and CVE-2026-20015, allow an attacker to execute arbitrary code remotely, leading to potential system compromise. The vulnerabilities exist due to improper input validation and insufficient restriction of paths in a ZIP file. Eclipse BaSyx is a middleware platform used in industrial automation and Industry 4.0 applications. The project has released patches to address the issues, and users are advised to update to the latest version to mitigate the risks.

into plain text.

They gain access to the victims’ accounts by logging in on their end while creating a fake login process on the victim’s screen.
It is important to note that in order to successfully carry out an attack, a threat actor must have already compromised the device through other means. CyberArk demonstrated a similar method of extracting cleartext credentials directly from Chromium’s memory in 2022. As VX-Underground pointed out in a post on X, while this method is interesting and showcases thorough research, it may not be considered critical. If a company is using this method in an enterprise environment, it indicates that the company has been fully compromised and is facing much larger issues.

The Week in Cybersecurity Threats

As the digital landscape continues to evolve, the past week has seen a series of significant events in the realm of cybersecurity. From guilty pleas to high-profile indictments, here are the key highlights:

Legal Action and Cybercrime

A range of legal actions have been taken by the U.S. Department of Justice, including the guilty plea of Fleming in January. Additionally, the shutdown of pcTattletale in 2024 following a data breach has raised concerns. Other notable actions include the indictment of Jonathan Spalletta for the theft of over $50 million from Uranium Finance, leading to its closure. Furthermore, the extradition of Gavril Sandu for alleged involvement in a voice phishing scheme and the sentencing of Deniss Zolotarjovs, a member of the Karakurt group, to 102 months in prison for ransomware attacks on multiple companies have marked significant developments in the cybersecurity landscape. Zolotarjovs was extradited to the U.S. in August 2024.

Hijacked .edu Subdomains

Malicious actors have been observed exploiting abandoned subdomains of prestigious universities such as MIT, Harvard, and Stanford to post explicit content under trusted “.edu” domains. By hijacking DNS records, these bad actors have managed to spread porn spam that Google indexed, posing a significant threat to the reputation of these educational institutions.

Rise of Fake AI App Malware

Recent malvertising campaigns on Google Search have been utilizing deceptive tactics to lure users into downloading trojanized installers disguised as legitimate AI applications. These installers contain stealer malware capable of extracting sensitive data from compromised systems. Known as Claude Fraud, this wave of fake AI apps has also targeted Mac users with the distribution of MacSync infostealer through Google Ads. Additionally, a new Rust-based infostealer named NWHStealer has been identified, posing a threat to user data and cryptocurrency wallets. The use of fake websites as bait for malicious payloads has been a common tactic in these campaigns, highlighting the importance of vigilance and caution in online activities.

As the cybersecurity landscape continues to evolve, it is crucial for individuals and organizations to stay informed and proactive in protecting their digital assets. Stay cautious of suspicious ads and always verify the legitimacy of software installations. Remember, vigilance is key in the digital age. Until next ThreatsDay, stay safe and secure online.