News Archives • Page 162 of 631 • Daily CyberSecurity

CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

CVE-2025-54831: Apache Airflow Bug Exposes Sensitive Connection Passwords to Read-Only Users

Ddos September 26, 2025

The Apache Software Foundation has released a fix for Apache Airflow, a popular open-source platform for authoring,...

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

BRICKSTORM Malware: China-Linked Hackers Stealthily Target US Tech and Legal Firms for 393 Days

Ddos September 26, 2025

Google Threat Intelligence Group (GTIG) and Mandiant Consulting have released new findings on BRICKSTORM, a backdoor malware...

GitLab Fixes High-Severity DoS Flaws: Unauthenticated Attackers Could Crash Instances GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826

GitLab Fixes High-Severity DoS Flaws: Unauthenticated Attackers Could Crash Instances

Ddos September 26, 2025

GitLab has released security updates for versions 18.4.1, 18.3.3, and 18.2.7 of its Community Edition (CE) and...

NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA Patches High-Severity Code Injection Flaws in Megatron-LM AI Framework

Ddos September 26, 2025

Nvidia has issued an important security update addressing multiple high-severity vulnerabilities in its open-source Megatron-LM project, a...

AI vs. AI: Microsoft Blocks Phishing Attack Using LLM-Generated Obfuscated Code AI-Obfuscation, SVG Phishing

AI vs. AI: Microsoft Blocks Phishing Attack Using LLM-Generated Obfuscated Code

Ddos September 26, 2025

Microsoft Threat Intelligence has revealed details of a credential phishing campaign that likely harnessed AI-generated code to...

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices

Ddos September 26, 2025

Cofense Intelligence has uncovered an evolving phishing campaign that uses copyright takedown notices as its primary lure....

LNK Stomping: Attackers Bypass Windows Security by Stripping the ‘Mark of the Web’ LNK Stomping, MoTW Bypass

LNK Stomping: Attackers Bypass Windows Security by Stripping the ‘Mark of the Web’

Ddos September 26, 2025

Windows shortcut files (.LNK) were designed to simplify user navigation, but for years, they’ve been a favorite...

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Two WordPress Core Vulnerabilities Disclosed Without Patch: Sensitive Data Exposure and Stored XSS

Ddos September 25, 2025

Two vulnerabilities were found in WordPress Core, affecting all versions up to and including 6.8.2. Both flaws...

NVIDIA Open-Sources Audio2Face: Generative AI for Lifelike Character Animation is Now Free NVIDIA Audio2Face, AI Facial Animation

NVIDIA Open-Sources Audio2Face: Generative AI for Lifelike Character Animation is Now Free

Ddos September 25, 2025

NVIDIA has announced the open-sourcing of its Audio2Face model and accompanying SDK, enabling game and 3D application...

Instagram Crosses 3 Billion Users: Meta Prepares Major Redesign to Make Reels the Default Feed Instagram 3 Billion, Reels Focus

Instagram Crosses 3 Billion Users: Meta Prepares Major Redesign to Make Reels the Default Feed

Ddos September 25, 2025

Nearly fifteen years after its founding, Instagram has reached a new milestone in user growth. Meta CEO...

Qualcomm Launches APV: The Open Standard for Pro-Grade Video to Rival Apple ProRes AI interface, Qualcomm 6G Qualcomm APV, Professional Video

Qualcomm Launches APV: The Open Standard for Pro-Grade Video to Rival Apple ProRes

Ddos September 25, 2025

Alongside the launch of its new Snapdragon 8 Elite Gen 5 flagship mobile computing platform, Qualcomm also...

Qualcomm Unveils Snapdragon X2 Elite Chips: 5.0GHz Clock Speed to Power Next-Gen AI PCs Snapdragon X2 Elite, AI PC

Qualcomm Unveils Snapdragon X2 Elite Chips: 5.0GHz Clock Speed to Power Next-Gen AI PCs

Ddos September 25, 2025

At the Snapdragon Summit 2025 in Hawaii, Qualcomm officially unveiled two new PC-class processors—Snapdragon X2 Elite Extreme...

Snapdragon 8 Elite Gen 5 Unveiled: The Fastest Mobile Chip Powers Next-Gen Agentic AI Snapdragon 8 Elite Gen 5, Agentic AI

Snapdragon 8 Elite Gen 5 Unveiled: The Fastest Mobile Chip Powers Next-Gen Agentic AI

Ddos September 25, 2025

At the Snapdragon Summit 2025 in Hawaii, Qualcomm unveiled its next-generation flagship mobile computing platform—the Snapdragon 8...

Google Chrome DevTools Unleashes AI Debugging with New Model Context Protocol (MCP) Server Agentic AI Foundation, MCP Protocol Open-Source Chrome DevTools AI, MCP Protocol Model Context Protocol (MCP) Gemini AI Windows AI future, AI interoperability

Agentic AI Foundation, MCP Protocol Open-Source Chrome DevTools AI, MCP Protocol Model Context Protocol (MCP) Gemini AI Windows AI future, AI interoperability

Google Chrome DevTools Unleashes AI Debugging with New Model Context Protocol (MCP) Server

Ddos September 25, 2025

The Google Chrome development team has recently released a public preview of the Chrome DevTools Model Context...

Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access! Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco SNMP Flaw (CVE-2025-20352) Actively Exploited: Patch Now to Stop Root Access!

Ddos September 25, 2025

Cisco has issued a security advisory warning of a critical flaw in its IOS and IOS XE...

New LNK Malware Uses Windows LOLBins to Evade Detection Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

New LNK Malware Uses Windows LOLBins to Evade Detection

Ddos September 25, 2025

Researchers at K7 Security Labs have uncovered a new wave of Windows shortcut (.LNK) malware that exploits...

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Elementor Unauthenticated EoP, CVE-2025-8489 Exploitation WordPress Privilege Escalation, WP Freeio WordPress backdoor Jupiter X Core - CVE-2024-7781 & CVE-2024-7782

Hidden Backdoors in WordPress: How Attackers Use Fake Plugins and Core Files for Persistent Access

Ddos September 25, 2025

Security researcher Puja Srivastava from Sucuri uncovered two malicious files designed to guarantee persistent attacker access by...

Russian Disinformation Campaign Targets Moldova’s Pro-EU Elections Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Russian Disinformation Campaign Targets Moldova’s Pro-EU Elections

Ddos September 25, 2025

With Moldova’s nationwide elections approaching on September 28, 2025, researchers at Silent Push have uncovered a Russian-linked...

New Phishing Campaign Targets PyPI Maintainers with Fake Domain Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

New Phishing Campaign Targets PyPI Maintainers with Fake Domain

Ddos September 25, 2025

The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers,...

CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

CVE-2025-41715 (CVSS 9.8): Unauthenticated Flaw Exposes WAGO Industrial Databases

Ddos September 25, 2025

VDE CERT has issued a security advisory disclosing two vulnerabilities in WAGO Device Sphere and WAGO Solution...

Critical Alert 1 Active Exploit Detected Today