Do Son, Author at Daily CyberSecurity • Page 291 of 730

Critical Authentication Bypass in OpenPubkey and OPKSSH Exposes Systems to Remote Access Risks OpenPubkey, authentication bypass

Critical Authentication Bypass in OpenPubkey and OPKSSH Exposes Systems to Remote Access Risks

Do Son May 15, 2025

A pair of critical-severity vulnerabilities in the OpenPubkey authentication protocol and its companion tool, OPKSSH, could allow...

Xerox Patches Dozens of Vulnerabilities in FreeFlow Print Server with April 2025 Security Update Xerox security FreeFlow Print Server

Xerox Patches Dozens of Vulnerabilities in FreeFlow Print Server with April 2025 Security Update

Do Son May 15, 2025

On May 12, 2025, Xerox published Security Bulletin XRX25-009, announcing the release of its April 2025 Security...

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers PyPI malware, Solana developers

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Do Son May 15, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this...

HTTP.sys RCE vulnerability, Windows HTTP stack exploit, CVE-2026-47291 Netlogon RCE vulnerability Exploited in the wild Secure Boot certificate renewal 2026, Windows 11 UEFI update Community-First AI Infrastructure, Microsoft self-funding energy mandate aka.ms/aoh online portal CVE-2025-55681, Windows DWM Elevation Windows Administrator Protection, CVE-2025-60718 Microsoft AI Compute, IREN Infrastructure Microsoft Japan PPA, Renewable Energy Microsoft AI Investment, Cloud Expansion Microsoft Azure, Startup Credits Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

Microsoft Restructures: 6,000 Jobs Cut Amid AI Focus

Do Son May 14, 2025

Microsoft recently announced a strategic organizational restructuring, which will result in a workforce reduction of approximately 3%,...

Android 16 & Gemini AI Unleashed: Google’s Pre-I/O Powerhouse Android 16, Gemini AI

Android 16 & Gemini AI Unleashed: Google’s Pre-I/O Powerhouse

Do Son May 14, 2025

Before the official commencement of Google I/O 2025, Google unveiled several upcoming innovations through “The Android Show:...

Australian Human Rights Commission Data Breach Exposes Sensitive Documents Submitted via Website

Do Son May 14, 2025

The Australian Human Rights Commission (AHRC) has disclosed a significant data breach involving the unintended public exposure...

GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked GovDelivery phishing, Indiana toll scam

GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked

Do Son May 14, 2025

A sophisticated phishing campaign has exploited compromised Indiana state government accounts to distribute fraudulent toll collection messages...

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access

Do Son May 14, 2025

Siemens has released a critical security advisory (SSA-047424) addressing two severe vulnerabilities—CVE-2025-26389 and CVE-2025-26390—affecting its OZW672 and...

Ivanti Neurons for ITSM Hit by CVSS 9.8 Authentication Bypass Flaw Enabling Full Admin Access Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti Neurons for ITSM Hit by CVSS 9.8 Authentication Bypass Flaw Enabling Full Admin Access

Do Son May 14, 2025

Ivanti has released a critical security patch for its on-premises Neurons for ITSM platform, addressing a severe...

Varnish Vulnerability Exposes Cache to HTTP Request Smuggling CVE-2024-30156 Varnish, HTTP request smuggling

Varnish Vulnerability Exposes Cache to HTTP Request Smuggling

Do Son May 14, 2025

Varnish Software has disclosed a client-side desynchronization vulnerability, tracked as CVE-2025-47905, in both Varnish Cache and Varnish...

Zoom Patches High-Severity Flaw (CVE-2025-30663) in Workplace Apps CVE-2022-28756 Zoom Vulnerabilities, Privilege Escalation

Zoom Patches High-Severity Flaw (CVE-2025-30663) in Workplace Apps

Do Son May 14, 2025

Zoom has released a security bulletin addressing multiple vulnerabilities across its Workplace Apps suite. The bulletin details...

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248) Pgpool, Unauthenticated Access

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248)

Do Son May 14, 2025

A critical security vulnerability has been identified in the Bitnami Pgpool-II Docker image and the bitnami/postgres-ha Kubernetes...

TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence

Do Son May 14, 2025

In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts...

Siemens RUGGEDCOM Flaws Scored CVSS 9.9: Command Injection Bugs Threaten Industrial Networks RUGGEDCOM, Command Injection

Siemens RUGGEDCOM Flaws Scored CVSS 9.9: Command Injection Bugs Threaten Industrial Networks

Do Son May 14, 2025

Siemens ProductCERT released an urgent security advisory (SSA-301229) detailing multiple command injection vulnerabilities in its RUGGEDCOM ROX...

Chihuahua Stealer Unleashed: Obfuscated PowerShell and AES-GCM Encryption Fuel This Advanced Data Theft Campaign Chihuahua Stealer, Infostealer

Chihuahua Stealer Unleashed: Obfuscated PowerShell and AES-GCM Encryption Fuel This Advanced Data Theft Campaign

Do Son May 14, 2025

In the ever-expanding ecosystem of information stealers, a new and unusually sophisticated malware has entered the scene:...

Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure Earth Ammit, Supply Chain Attack

Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure

Do Son May 14, 2025

rend Micro researchers have uncovered the full extent of an elaborate, multi-phase cyber-espionage operation attributed to Earth...

Critical CVE-2025-4632 Flaw in Samsung MagicINFO Puts Global Signage Networks at Risk MagicINFO, CVE-2025-4632

Critical CVE-2025-4632 Flaw in Samsung MagicINFO Puts Global Signage Networks at Risk

Do Son May 14, 2025

A newly disclosed vulnerability in Samsung’s MagicINFO Server, tracked as CVE-2025-4632, poses a severe risk to digital...

Swan Vector Espionage Targets Japan & Taiwan with Advanced Malware

Do Son May 14, 2025

The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and...

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover WordPress vulnerabilities TheGem, WordPress Vulnerability

WordPress vulnerabilities TheGem, WordPress Vulnerability

82,000+ WordPress Sites at Risk: TheGem Theme Vulnerabilities Allow Full Site Takeover

Do Son May 14, 2025

In a recent disclosure by Wordfence, two serious vulnerabilities have been discovered in TheGem, a popular premium...

Horabot Malware Targets Latin America with Sophisticated Phishing

Do Son May 14, 2025

In a recent investigation, FortiGuard Labs has exposed a sophisticated phishing campaign distributing the Horabot malware family,...