Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Apr 24, 2026
Security & Infrastructure Tools
ADT confirms data breach after ShinyHunters leak threat
ADT confirms a data breach after a ShinyHunters extortion threat, detecting unauthorized access on April 20, 2026 and concluding personal data was stolen. The exposed information includes names, phone numbers, and addresses, with a small percentage containing dates of birth and the last four digits of Social Security numbers or Tax IDs; payment data was not accessed and customer security systems were not affected. ShinyHunters claimed as many as 10 million records were stolen and threatened to leak the data unless a ransom is paid. The attackers allegedly used a vishing campaign to compromise an employee’s Okta SSO and accessed Salesforce data. ADT says it has contacted all affected individuals.
By TechLogHub
Apr 24, 2026
Security & Infrastructure Tools
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
Researchers have disclosed Pack2TheRoot, a local privilege escalation vulnerability (CVE-2026-41651) in the PackageKit daemon that could let an unprivileged Linux user install or remove system packages and gain root. The flaw has persisted since 2014 in PackageKit 1.0.2 through 1.3.4 and is being mitigated by PackageKit 1.3.5. Affected distributions include Ubuntu (18.04–26.x), Debian, Rocky Linux, and Fedora; other PackageKit–using systems may be vulnerable. Users should upgrade to PackageKit 1.3.5, verify packagekit version with dpkg -l | grep packagekit (or rpm -qa), and check the PackageKit daemon status with systemctl status packagekit or pkmon. The Deutsche Telekom Red Team uncovered that certain commands could bypass authentication on Fedora, enabling privilege escalation; details and PoC are redacted to allow patch propagation.
By TechLogHub
Apr 24, 2026
Security & Infrastructure Tools
DORA and operational resilience: Credential management as a financial risk control
EU’s Digital Operational Resilience Act (DORA) Article 9 makes credential security a binding financial risk control for banks and financial institutions, emphasizing that stolen credentials are the top initial access vector and can enable months of unseen operational disruption. The post breaks down Article 9 requirements—phishing-resistant MFA (FIDO2/WebAuthn), least-privilege access with just-in-time provisioning, and cryptographic key protection with encrypted credential vaults—and maps them to practical controls like PAM, session recording, and comprehensive audit trails. It uses breaches (France’s national bank registry and Santander’s vendor-based Snowflake breach) to illustrate regulatory exposure and the risk of vendor credentials. A four-part program is proposed: deploy phishing-resistant MFA, enforce least privilege, vault all credentials, and monitor continuously. Passwork is highlighted as a self-hosted, ISO 27001-certified solution that supports these controls and provides audit-ready logs, with an emphasis on audit preparation to satisfy regulators.
By TechLogHub
Apr 24, 2026
Security & Infrastructure Tools
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
More than 10,000 Zimbra Collaboration Suite installations exposed online remain vulnerable to an ongoing XSS flaw (CVE-2025-48700), risking unauthenticated data exposure via JavaScript in user sessions. Affected versions include ZCS 8.8.15, 9.0, 10.0, and 10.1; patches were released by Synacor in June 2025. CISA has flagged the vulnerability as exploited in the wild and added it to the Known Exploited Vulnerabilities catalog, with federal agencies ordered to patch by April 23, 2026. Shadowserver reports about 10,500 unpatched servers, concentrated in Asia and Europe. The situation echoes past Zimbra abuses by state-backed groups (e.g., APT28, Cozy Bear) in phishing and credential-stealing campaigns, underscoring ongoing risk to governments and enterprises.
By TechLogHub