News Archives • Page 117 of 631 • Daily CyberSecurity

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades Rust Typosquatting, Unpinned Dependency Attack

Rust Typosquatting, Unpinned Dependency Attack

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades

Ddos December 8, 2025

A popular bioinformatics tool became the latest lure in a software supply chain attack, as threat actors...

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage BRICKSTORM Backdoor, VMware Espionage

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage

Ddos December 8, 2025

A new and sophisticated malware threat has emerged from the shadows of state-sponsored cyber espionage. The Cybersecurity...

High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression lz4-java Out-of-bounds Read, Library EOL

High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression

Ddos December 8, 2025

A high-severity vulnerability has been unearthed in lz4-java, a widely used Java library for the LZ4 compression...

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes

Ddos December 8, 2025

A severe security vulnerability has been uncovered in Cal.com, the popular open-source scheduling platform positioned as the...

High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption

Ddos December 8, 2025

WatchGuard Technologies has released a critical series of security advisories addressing five high-severity vulnerabilities across its Firebox...

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2 UDPGangster Backdoor, MuddyWater UDP C2

Iran-Linked MuddyWater Deploys UDPGangster Backdoor, Using UDP Protocol for Covert C2

Ddos December 8, 2025

A sophisticated new malware campaign attributed to the Iranian-linked threat group MuddyWater has been discovered targeting government...

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain Intellexa Zero-Days, Predator Spyware

Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain

Ddos December 8, 2025

The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to...

urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion urllib3 DoS, Decompression Bomb

urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion

Ddos December 8, 2025

The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two...

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading

Ddos December 8, 2025

A sophisticated malware campaign traditionally focused on Chinese-speaking targets has expanded its scope, now aggressively targeting English-speaking...

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints Palo Alto SonicWall Scanning, Coordinated Reconnaissance

Palo Alto SonicWall Scanning, Coordinated Reconnaissance

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints

Ddos December 6, 2025

A sudden surge in mass scanning activity has targeted two major enterprise security vendors, Palo Alto Networks...

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates Step CA Auth Bypass, Critical ACME Flaw

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates

Ddos December 6, 2025

A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used...

China APT UNC5174 Hijacks Discord API as Covert C2 Channel to Evade Detection and Conduct Espionage Discord C2, UNC5174 Espionage

China APT UNC5174 Hijacks Discord API as Covert C2 Channel to Evade Detection and Conduct Espionage

Ddos December 6, 2025

A sophisticated cyber-espionage campaign linked to the Chinese state-sponsored threat group UNC5174 has been discovered utilizing the...

Honesty is the Best Policy: OpenAI Trains AI Models to ‘Confess’ Errors and Hallucinations

Ddos December 5, 2025

To enhance transparency in artificial intelligence and curb the problem of confidently delivering nonsense, OpenAI has revealed...

New Android Call Scam Protection Pauses Calls for 30 Seconds During Financial App Use Android Call Scam Protection 30-Second Fraud Delay

New Android Call Scam Protection Pauses Calls for 30 Seconds During Financial App Use

Ddos December 5, 2025

Google is now expanding Android’s call-scam protection through Google Play Services, enhancing the system’s ability to safeguard...

Apple HomePad delay Tesla CarPlay integration 2026 Apple CarPlay AI integration 2026 Apple 2026 product roadmap rumors, foldable iPhone release date Apple Vision Pro sales slump, Vision Pro production cut Russia FaceTime Ban Network Blockade Apple Apple 2026 Roadmap, iPhone Foldable, Apple Intelligence Apple Maps ads, iOS monetization Apple, Digital Markets Act FCC Leak, iPhone 16e Schematics iPhone Fold Apple Made in India Apple US Investment, Indian Tariffs Apple Leadership, Tim Cook Tenure Siri Redesign, Apple AI Apple App Store Apple EU, Digital Markets Act CVE-2022-32898 Third-Party iOS Apps Apple Antitrust, DOJ Lawsuit

Russia Imposes Network-Level Blockade on Apple’s End-to-End Encrypted FaceTime

Ddos December 5, 2025

Russia has recently imposed a network-level blockade on Apple’s video-calling service FaceTime, which is developed and operated...

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass

Ddos December 5, 2025

The Apache Software Foundation has rolled out a crucial update for the ubiquitous Apache HTTP Server, addressing...

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion USB LNK Cryptominer, Smart Mining Evasion

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion

Ddos December 5, 2025

In an era dominated by cloud vulnerabilities and phishing emails, a classic threat vector has made a...

The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core Apache Tika XXE, Malicious PDF Exploit Apache Tika, XXE vulnerability CVE-2025-54988

The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core

Ddos December 5, 2025

The Apache Tika toolkit, the industry standard for detecting and extracting metadata from over a thousand file...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure

Ddos December 5, 2025

Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage...

Operation DUPEHIKE Hits Russian HR: Bonus Lure Delivers DUPERUNNER and Adaptix C2 via Process Injection AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Operation DUPEHIKE Hits Russian HR: Bonus Lure Delivers DUPERUNNER and Adaptix C2 via Process Injection

Ddos December 5, 2025

A new, highly targeted espionage campaign dubbed Operation DUPEHIKE has been uncovered targeting corporate entities within the...

Critical Alert 1 Active Exploit Detected Today