New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

The newly discovered Reaper malware bypasses Apple's macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor...

CLEANSTART-2026-GH89210 Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-EP51501 Security fixes for CVE-2024-6763, CVE-2025-11143, CVE-2026-1225, CVE-2026-22184, CVE-2026-27171, CVE-2026-34757, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-gc5v-m9x4-r6x2, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r1, 4.0.1-r2, 4.0.1-r3, 4.0.1-r4

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-LZ07533 Security fixes for CVE-2026-44431, CVE-2026-44432, ghsa-gc5v-m9x4-r6x2, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 3.8.0-r3, 3.8.0-r7

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-42577 vulnerabilities

Vulnerabilities for packages: apache-pulsar-fips, apache-pulsar, druid, keycloak, spark-kubernetes-operator-fips, cassandra, tez, management-api-for-apache-cassandra-5.0, strimzi-kafka-operator-fips, strimzi-kafka-operator, celeborn, flyway, zookeeper, thingsboard, wildfly, spark-fips,...

GHSA-RWM7-X88C-3G2P vulnerabilities

Vulnerabilities for packages: apache-pulsar-fips, apache-pulsar, druid, keycloak, spark-kubernetes-operator-fips, cassandra, tez, management-api-for-apache-cassandra-5.0, strimzi-kafka-operator-fips, strimzi-kafka-operator, celeborn, flyway, zookeeper, thingsboard, wildfly, spark-fips,...

CVE-2026-42577 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, solr, wavefront-proxy, kserve-modelmesh, druid, strimzi-kafka-operator, cassandra-reaper, kafka, trino, wildfly, celeborn, zookeeper, tez, infinispan, apache-activemq-artemis, flyway, spark, cassandra, keycloak, neo4j,...

GHSA-RWM7-X88C-3G2P vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, solr, wavefront-proxy, kserve-modelmesh, druid, strimzi-kafka-operator, cassandra-reaper, kafka, trino, wildfly, celeborn, zookeeper, tez, infinispan, apache-activemq-artemis, flyway, spark, cassandra, keycloak, neo4j,...

CLEANSTART-2026-TX96881 Security fixes for CVE-2024-6763, CVE-2026-1225, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r2

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-72HV-8253-57QQ vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, airflow, jenkins-plugin-manager, solr, gradle, wavefront-proxy, logstash, cass-config-builder, kserve-modelmesh, apicurio-registry, apache-nifi-registry, strimzi-kafka-operator, akhq, spdx-tools-java, thingsboard,...

GHSA-72HV-8253-57QQ vulnerabilities

Vulnerabilities for packages: cassandra, confluent-kafka, opensearch, apache-tika, opensearch-fips, elasticsearch-fips, akhq, spdx-tools-java, cass-config-builder, apache-hop, management-api-for-apache-cassandra-4.1, scala, cassandra-reaper, nacos-docker, apache-pulsar, gradle-stage0,...

AZL-78290 CVE-2026-2739 affecting package reaper 3.1.1-22

This affects versions of the package bn.js before 5.2.3. Calling maskn0 on any BN instance corrupts the internal state, causing toString, divmod, and other methods to enter an infinite loop, hanging the process indefinitely...

ExploitReaper

Exploit Reaper...

📄 Magento 2 / Adobe Commerce 2.4.x SessionReaper

This PHP script is a proof of concept exploit targeting Magento for CVE‑2025‑54236, commonly referred to as SessionReaper. It is a PHP port of an original Metasploit module and is designed for security testing...

CVE-2024-6485 affecting package reaper for versions less than 3.1.1-22

CVE-2024-6485 affecting package reaper for versions less than 3.1.1-22. A patched version of the package is available...

GHSA-C43Q-5HPJ-4CRV vulnerabilities

Vulnerabilities for packages: cassandra-reaper...

GHSA-9H6P-92JQ-888X vulnerabilities

Vulnerabilities for packages: cassandra-reaper...

GHSA-J26W-F9RQ-MR2Q vulnerabilities

Vulnerabilities for packages: cassandra-reaper...

CVE-2024-9823 vulnerabilities

Vulnerabilities for packages: cassandra-reaper...

CVE-2021-28168 vulnerabilities

Vulnerabilities for packages: cassandra-reaper...