Daily CyberSecurity •

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

GitHub

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

June 17, 2025

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT

GrayAlpha, FIN7

Cybercriminals

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT

June 17, 2025

Google Play Store Alert: New Phishing Apps Bypass Security, Stealing Crypto Wallet Seeds

Crypto Phishing Apps, Google Play Store

Cybercriminals

Google Play Store Alert: New Phishing Apps Bypass Security, Stealing Crypto Wallet Seeds

June 16, 2025

Obscure VBScript “sostener.vbs” Unmasked: Fuels Multi-Stage RAT Delivery, Linked to Blind Eagle APT

RAT

Cybercriminals

Obscure VBScript “sostener.vbs” Unmasked: Fuels Multi-Stage RAT Delivery, Linked to Blind Eagle APT

June 16, 2025

Fileless AsyncRAT Campaign Targets German Users with Stealthy PowerShell Payload

BingX cyberattack

Malware

Fileless AsyncRAT Campaign Targets German Users with Stealthy PowerShell Payload

June 17, 2025

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

GitHub

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

June 17, 2025

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

Zyxel Firewall, CVE-2023-28771

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

June 17, 2025

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

CVE-2025-3248 PoC script execution

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

June 16, 2025

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

Paraguay Data Breach, Ransomware

Data Leak

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

June 17, 2025

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks

Smartwatch Hacking, Air-Gapped Data Exfiltration

Data Leak

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks

June 16, 2025

Android’s Secret Tracking: Meta & Yandex Abused Localhost for User Data

Android Tracking

Data Leak

Android’s Secret Tracking: Meta & Yandex Abused Localhost for User Data

June 9, 2025

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

Data Leak

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

June 7, 2025

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw Windows Hello vulnerabilities Windows Hello, Facial Recognition

Windows Hello vulnerabilities Windows Hello, Facial Recognition

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw

Ddos June 17, 2025

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass

Ddos June 17, 2025

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign Team46 APT, Google Chrome Zero-Day

Team46 APT, Google Chrome Zero-Day

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign

Ddos June 17, 2025

Critical Teleport Flaw (CVSS 9.8): Remote Authentication Bypass Threatens Infrastructure Access Teleport Vulnerability, Remote Authentication Bypass

Teleport Vulnerability, Remote Authentication Bypass

Critical Teleport Flaw (CVSS 9.8): Remote Authentication Bypass Threatens Infrastructure Access

Ddos June 17, 2025

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments MCP Inspector, RCE Vulnerability

MCP Inspector, RCE Vulnerability

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

Ddos June 17, 2025

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer sslh Vulnerabilities, DoS Attack

sslh Vulnerabilities, DoS Attack

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer

Ddos June 17, 2025

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover BeyondTrust RCE, Server-Side Template Injection

BeyondTrust RCE, Server-Side Template Injection

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover

Ddos June 17, 2025

Fileless AsyncRAT Campaign Targets German Users with Stealthy PowerShell Payload BingX cyberattack

BingX cyberattack

Fileless AsyncRAT Campaign Targets German Users with Stealthy PowerShell Payload

Ddos June 17, 2025

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers GitHub

GitHub

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

Ddos June 17, 2025

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed Apache Tomcat Vulnerabilities

Apache Tomcat Vulnerabilities

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed

Ddos June 17, 2025

Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers zero

zero

Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers

Ddos June 17, 2025

OneLogin AD Connector Flaw Exposes Credentials & Allows Account Impersonation OneLogin Vulnerability, Active Directory Hack

OneLogin Vulnerability, Active Directory Hack

OneLogin AD Connector Flaw Exposes Credentials & Allows Account Impersonation

Ddos June 17, 2025

PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs PoCGen, LLM Exploit Generation

PoCGen, LLM Exploit Generation

PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs

Ddos June 17, 2025

Zyxel Firewalls Under Attack via Critical CVE-2023-28771 Zyxel Firewall, CVE-2023-28771

Zyxel Firewall, CVE-2023-28771

Zyxel Firewalls Under Attack via Critical CVE-2023-28771

Ddos June 17, 2025

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom Paraguay Data Breach, Ransomware

Paraguay Data Breach, Ransomware

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

Ddos June 17, 2025

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT GrayAlpha, FIN7

GrayAlpha, FIN7

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT

Ddos June 17, 2025

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet CVE-2025-3248 PoC script execution

CVE-2025-3248 PoC script execution

Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

Ddos June 16, 2025

Apple Confirms EU Restriction on iPhone Mirroring: Fears Android Mirroring Mandate iPhone Mirroring, EU Restrictions

iPhone Mirroring, EU Restrictions

Apple Confirms EU Restriction on iPhone Mirroring: Fears Android Mirroring Mandate

Ddos June 16, 2025

MIT Unveils AI-Powered Painting Restoration: Reversible Tech Revives Masterpieces in Hours Stargate Project AI Art Restoration

Stargate Project AI Art Restoration

MIT Unveils AI-Powered Painting Restoration: Reversible Tech Revives Masterpieces in Hours

Ddos June 16, 2025

YouTube Expands 30-Second Non-Skippable Ads: Prepare for More Interruptions YouTube Ads, Non-Skippable

YouTube Ads, Non-Skippable

YouTube Expands 30-Second Non-Skippable Ads: Prepare for More Interruptions

Ddos June 16, 2025