News Archives • Page 163 of 652 • Daily CyberSecurity

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE Magento SessionReaper, RCE Exploitation

Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE

Do Son October 29, 2025

The Akamai Security Intelligence Group has issued an urgent warning after observing active exploitation in the wild...

Beast Ransomware Emerges as New RaaS Threat, Using ChaCha20 and Stealthy VSS Deletion Beast RaaS, ChaCha20 Stealth

Beast Ransomware Emerges as New RaaS Threat, Using ChaCha20 and Stealthy VSS Deletion

Do Son October 29, 2025

Researchers at the AhnLab Security Intelligence Center (ASEC) have released an in-depth analysis of the Beast ransomware...

Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig MikroTik HTTP Credential Leak, WebFig MitM CVE-2025-61481

MikroTik HTTP Credential Leak, WebFig MitM CVE-2025-61481

Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig

Do Son October 29, 2025

A newly disclosed vulnerability, CVE-2025-61481, rated a maximum CVSS score of 10.0, affects MikroTik RouterOS (v7.14.2) and...

WhatsApp antitrust API probe India SIM-Binding Mandate Messaging App KYC WhatsApp DMA Interoperability BirdyChat Haiket Denmark Social Media Ban CVE-2025-55177 WhatsApp vulnerability, zero-click flaw npm Malware, System Wipe WhatsApp Windows App, WebView2 Downgrade WhatsApp Ban, US House NSO WhatsApp, Pegasus Spyware WhatsApp iPad iPadOS app

Water Saci Evolves: Multi-Layered WhatsApp Worm Uses IMAP Email for Covert C2 and Session Hijacking

Do Son October 29, 2025

Researchers from Trend Research have identified a major evolution in the Water Saci malware campaign, marking one...

Rhadamanthys Infostealer Hides in Ren’Py Visual Novel Games, Deploys Malware via Fake 1 Million Second Loading Screen Rhadamanthys Ren'Py, Fake Game Stealer

Rhadamanthys Infostealer Hides in Ren’Py Visual Novel Games, Deploys Malware via Fake 1 Million Second Loading Screen

Do Son October 29, 2025

Researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a new malware campaign in which the...

Critical .NET Flaw (CVE-2025-55315) in QNAP: NAS Backup Utility Vulnerable to Credential Theft QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

Critical .NET Flaw (CVE-2025-55315) in QNAP: NAS Backup Utility Vulnerable to Credential Theft

Do Son October 28, 2025

Earlier, Microsoft released a security update to address a critical vulnerability in ASP.NET, identified as CVE-2025-55315 with...

Microsoft Teams Will Auto-Track Office Location via Wi-Fi Teams Workplace Check-in Microsoft 365 privacy, employee tracking tools, Teams location sharing Microsoft Teams EU antitrust, Teams Wi-Fi tracking, employee privacy

Teams Workplace Check-in Microsoft 365 privacy, employee tracking tools, Teams location sharing Microsoft Teams EU antitrust, Teams Wi-Fi tracking, employee privacy

Microsoft Teams Will Auto-Track Office Location via Wi-Fi

Do Son October 28, 2025

Microsoft’s collaborative workspace platform Microsoft Teams, widely used by enterprises and professional teams, is set to receive...

Grokipedia Launches: Elon Musk’s xAI Debuts AI Encyclopedia to Rival Wikipedia Grokipedia, AI encyclopedia

Grokipedia Launches: Elon Musk’s xAI Debuts AI Encyclopedia to Rival Wikipedia

Do Son October 28, 2025

Elon Musk’s artificial intelligence company xAI has recently unveiled Grokipedia, a new encyclopedia platform built upon its...

Twitter.com retirement, passkey reset Musk Twitter Severance, Lawsuit Settlement

RIP Twitter.com: X Retires Old Domain, Forcing Passkey Reset by Nov 10

Do Son October 28, 2025

Elon Musk’s social media platform X (formerly Twitter) has announced that it will permanently retire the old...

Motorola Smart Feed redirect Anthropic Amazon 5GW partnership Amazon Perplexity lawsuit AWS-LC Vulnerabilities Cryptographic Bypass AWS Middle East drone strikes Amazon layoffs 2026, Amazon AI restructuring Amazon Kindle DRM Policy, Publisher Control EPUB AWS Nova Forge AI Model Customization AWS Trainium3 EC2 Trn3 UltraServer Route 53 Accelerated Recovery AWS DNS Resilience AI Browser War, Amazon Comet Amazon layoffs, cost reduction AWS outage, DynamoDB DNS AWS outage, cloud dependency AWS VPN Client, Root Privilege Escalation WSA shutdown, Amazon Appstore Amazon Wondery, Podcast Restructuring Amazon Q2 2025 Generative AI AWS Client VPN, Privilege Escalation Amazon AI, Wearable AI

One in Nine: Amazon Prepares for Massive Layoff of 30,000 Corporate Staff

Do Son October 28, 2025

Tech giant Amazon is reportedly preparing for another massive round of layoffs, with plans to cut as...

Privacy Win: Firefox Mandates Clear Data Collection Disclosure for All Extensions Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox built-in VPN Firefox VPN data limit, Firefox VPN countries, Mozilla VPN subscription Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Privacy Win: Firefox Mandates Clear Data Collection Disclosure for All Extensions

Do Son October 28, 2025

Extensions are an essential component of modern browsers, enabling a wide range of functionalities such as ad...

Values Over Cash: Python Foundation Rejects $1.5M US Grant Over Anti-DEI Clause Python Security Memory Safety PLY Vulnerability CVE-2025-56005 Python Software Foundation, NSF DEI CVE-2024-12254

Python Security Memory Safety PLY Vulnerability CVE-2025-56005 Python Software Foundation, NSF DEI CVE-2024-12254

Values Over Cash: Python Foundation Rejects $1.5M US Grant Over Anti-DEI Clause

Do Son October 28, 2025

In January 2025, the Python Software Foundation (PSF) submitted a proposal to the U.S. National Science Foundation...

Google Debunks False Gmail Breach Rumors as Credentials Leak Again

Do Son October 28, 2025

Earlier, several media outlets misinterpreted and selectively quoted statements from Google’s Security Team, claiming that the data...

Qilin RaaS Expands Global Impact: 40+ Victims/Month, Cyberduck Abuse, and WDigest Credential Theft Qilin RaaS, Cyberduck Credential Theft

Qilin RaaS Expands Global Impact: 40+ Victims/Month, Cyberduck Abuse, and WDigest Credential Theft

Do Son October 28, 2025

In its latest analysis covering the second half of 2025, researchers from Cisco Talos have revealed that...

Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign

Do Son October 28, 2025

Researchers at Kaspersky uncovered a sophisticated espionage campaign exploiting a zero-day vulnerability in Google Chrome and delivering...

High-Severity OpenVPN Flaw (CVE-2025-10680) Allows Script Injection on Linux/macOS via Malicious DNS Server OpenVPN Script Injection CVE-2025-10680

High-Severity OpenVPN Flaw (CVE-2025-10680) Allows Script Injection on Linux/macOS via Malicious DNS Server

Do Son October 28, 2025

Security researchers have disclosed a high-severity vulnerability, tracked as CVE-2025-10680 (CVSS 8.8), affecting OpenVPN 2.7_alpha1 through 2.7_beta1...

First Ever: Android Baohuo Backdoor Hides in Telegram X Clone, Uses Redis Database for C2 Commands

Do Son October 28, 2025

Cybersecurity experts at Doctor Web have identified a highly sophisticated Android backdoor hiding in maliciously modified versions...

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2 North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2

Do Son October 28, 2025

Security researchers at Lab52 have uncovered a new campaign by the Lazarus Group, in which threat actors...

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT