Do Son, Author at Daily CyberSecurity • Page 363 of 732

CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory

Do Son January 22, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a...

9.9 CVE-2025-20156 (CVSS 9.9): Cisco Meeting Management Flaw Allows for Privilege Escalation

Do Son January 22, 2025

Cisco has issued a security advisory addressing a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Purrglar: Emerging Stealer Targets Chrome and Exodus Wallet Data on macOS

Do Son January 22, 2025

Kandji’s Threat Research team has uncovered a potential new macOS stealer named “Purrglar.” This malware, uploaded to...

Signal and Discord Vulnerabilities Exposed: 0-Click Deanonymization Attack Revealed deanonymization attack - cache geolocation attack

Signal and Discord Vulnerabilities Exposed: 0-Click Deanonymization Attack Revealed

Do Son January 22, 2025

Security researcher Daniel, also known as hackermondev, has revealed an 0-click deanonymization attack capable of exposing user...

ApateWeb Campaign Hijacks Blogspot, Spreads Phishing and Malware ApateWeb operation

ApateWeb Campaign Hijacks Blogspot, Spreads Phishing and Malware

Do Son January 22, 2025

Security researcher Aaron Meese, in collaboration with Validin, has uncovered an ongoing malicious campaign exploiting Blogspot redirectors...

Mercedes-Benz MBUX Vulnerabilities: User Data and Safety at Risk mercedes-benz-2692776_1280

Mercedes-Benz MBUX Vulnerabilities: User Data and Safety at Risk

Do Son January 22, 2025

Kaspersky Labs has unveiled critical vulnerabilities in the Mercedes-Benz User Experience (MBUX) infotainment system, shedding light on...

New Bruteforce Campaign Exploits fasthttp Library to Target Azure Environments Azure Bruteforce Campaign

New Bruteforce Campaign Exploits fasthttp Library to Target Azure Environments

Do Son January 22, 2025

On January 13, the SpearTip Security Operations Center, in collaboration with Managed SaaS Alerts, uncovered a sophisticated...

5.3 Proof-of-Concept Found for ClamAV DoS Flaw: CVE-2025-20128

Do Son January 22, 2025

Cisco has issued a security advisory detailing a vulnerability in the Object Linking and Embedding 2 (OLE2)...

GamaCopy: A New Cyber Espionage Group Imitating Gamaredon to Target Russia Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

GamaCopy: A New Cyber Espionage Group Imitating Gamaredon to Target Russia

Do Son January 22, 2025

A recent report from the Knownsec 404 Advanced Threat Intelligence team reveals the emergence of GamaCopy, a...

8.2 Security Update for Chrome: Protect Against CVE-2025-0611 and CVE-2025-0612

Do Son January 22, 2025

Google has released a important security update for its Chrome web browser, addressing three vulnerabilities, two of...

Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns CVE-2024-36072 Water Gamayun, MSC EvilTwin

Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns

Do Son January 22, 2025

A recent report from Qianxin details the sophisticated cyber-espionage tactics employed by the New OceanLotus group. Active...

Cybercriminals Exploit AnyDesk to Impersonate CERT-UA in Sophisticated Phishing Campaign BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

Cybercriminals Exploit AnyDesk to Impersonate CERT-UA in Sophisticated Phishing Campaign

Do Son January 22, 2025

In a recent alert, CERT-UA researchers have unveiled a series of cyber-attacks leveraging the legitimate remote access...

Breaking News: Introducing the Stargate Project – OpenAI’s Transformative AI Infrastructure Yoshua Bengio AI sycophancy, reverse deception AI feedback AI chatbots, FTC investigation AI-generated content Trump AI Policy, AI Deregulation Military AI, DoD Funding Stargate Project AI Art Restoration

Yoshua Bengio AI sycophancy, reverse deception AI feedback AI chatbots, FTC investigation AI-generated content Trump AI Policy, AI Deregulation Military AI, DoD Funding Stargate Project AI Art Restoration

Breaking News: Introducing the Stargate Project – OpenAI’s Transformative AI Infrastructure

Do Son January 22, 2025

In conjunction with Donald Trump’s inauguration as the 47th President of the United States, a groundbreaking initiative...

Mirai Botnet Unleashes Record-Breaking DDoS Attack, Cloudflare Thwarts Threat MadeYouReset, HTTP/2 vulnerability FSF, AI Scraping Attacks OracleIV botnet

MadeYouReset, HTTP/2 vulnerability FSF, AI Scraping Attacks OracleIV botnet

Mirai Botnet Unleashes Record-Breaking DDoS Attack, Cloudflare Thwarts Threat

Do Son January 22, 2025

On October 29, 2024, Cloudflare revealed details of a DDoS attack orchestrated using a Mirai botnet comprising...

ASUS and AdGuard Team Up to Deliver Ad-Free Wi-Fi 7 Experience AdGuard DNS

ASUS and AdGuard Team Up to Deliver Ad-Free Wi-Fi 7 Experience

Do Son January 22, 2025

ASUS, a leading name in networking hardware, has partnered with AdGuard to integrate AdGuard DNS directly into...

9.8 CVE-2024-12857: Critical Flaw in AdForest Theme Allows Complete Account Takeover, Thousands of Sites at Risk

Do Son January 21, 2025

A severe security flaw (CVE-2024-12857) has been discovered in the AdForest WordPress theme, a popular premium classified...

7.7 CVE-2025-23083: Node.js Vulnerability Exposes Sensitive Data and Resources CVE-2025-23083 - Node.js EOL

7.7 CVE-2025-23083: Node.js Vulnerability Exposes Sensitive Data and Resources

Do Son January 21, 2025

The Node.js project has released updates to address several security vulnerabilities, including a high-severity flaw that could...

400,000+ Systems Infected: DigitalPulse Proxyware Returns with New Tricks DigitalPulse Proxyware malware

400,000+ Systems Infected: DigitalPulse Proxyware Returns with New Tricks

Do Son January 21, 2025

A recent report from the AhnLab Security Intelligence Center (ASEC) detailed the spread of DigitalPulse proxyware via...

Critical Critical Apache Ambari Security Vulnerabilities Discovered: What You Need to Know CVE-2025-23195, CVE-2025-23196, and CVE-2024-51941

Critical Critical Apache Ambari Security Vulnerabilities Discovered: What You Need to Know

Do Son January 21, 2025

Critical flaws in the popular Hadoop management platform leave systems open to remote code execution and data...

Zendesk Infrastructure Exploited in Phishing and Pig Butchering Schemes BitoPro Hack, Lazarus Group

Zendesk Infrastructure Exploited in Phishing and Pig Butchering Schemes

Do Son January 21, 2025

A new report from CloudSEK reveals threat actors are leveraging Zendesk’s free trial to create convincing phishing...