News Archives • Page 201 of 653 • Daily CyberSecurity

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns Stealerium, infostealer

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns

Do Son September 4, 2025

Proofpoint threat researchers have uncovered a surge in campaigns distributing Stealerium-based malware, an open-source infostealer first released...

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

Do Son September 4, 2025

Researchers from Palo Alto Networks’ Unit 42 have disclosed a critical weakness in the AI supply chain...

CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

Django Security Update CVE-2026-25673 Django Security Update SQL Injection Vulnerability Django SQL Injection, PostgreSQL Flaw CVE-2022-34265 PoC Django, SQL injection

CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk

Do Son September 4, 2025

The Django Software Foundation has released important security updates for multiple supported versions of the popular Python...

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2 GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2

Do Son September 4, 2025

Researchers from ReversingLabs have discovered two malicious npm packages leveraging Ethereum smart contracts to conceal and deliver...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in ASP.NET Machine Key Configurations

Do Son September 4, 2025

A coordinated disclosure by Mandiant and Sitecore has revealed the active exploitation of a critical configuration vulnerability...

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers Obscura ransomware, domain controller

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers

Do Son September 4, 2025

Security analysts at Huntress reported the discovery of a previously unseen ransomware variant, named Obscura. The malware...

CISA Warns: Actively Exploited TP-Link Router Flaws Added to KEV Catalog TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

CISA Warns: Actively Exploited TP-Link Router Flaws Added to KEV Catalog

Do Son September 4, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added two TP-Link router vulnerabilities to its Known Exploited...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

Do Son September 4, 2025

Researchers at Armis Labs have uncovered a set of ten severe vulnerabilities in Copeland E2 and E3...

DireWolf: The New Ransomware Group Targeting Global Businesses DireWolf execution flow

DireWolf: The New Ransomware Group Targeting Global Businesses

Do Son September 4, 2025

The DireWolf ransomware group, first emerging in May 2025, has rapidly evolved into a formidable cyber threat...

Gemini Arrives: Is a New Era for the Smart Home Coming? Google Home, Gemini for Home

Gemini Arrives: Is a New Era for the Smart Home Coming?

Do Son September 3, 2025

Google has announced that on October 1, 2025 (U.S. local time), it will host a special event...

Envoy Project Patches Two Flaws: DoS (CVE-2025-54588) and Session Hijacking (CVE-2025-55162) Risks Envoy Project, vulnerability

Envoy Project Patches Two Flaws: DoS (CVE-2025-54588) and Session Hijacking (CVE-2025-55162) Risks

Do Son September 3, 2025

The Envoy Project has issued a new security advisory addressing two significant vulnerabilities impacting its popular L7...

Android’s Anti-Theft Protection Now Backs Up to the Cloud Android security, anti-theft backup Android Identity Check & Theft Detection Lock

Android’s Anti-Theft Protection Now Backs Up to the Cloud

Do Son September 3, 2025

Previously, Google introduced anti-theft protection for Android devices to strengthen security in cases of loss or theft....

OpenAI Acquires Statsig in $1.1B Deal, Shakes Up Leadership OpenAI acquisition, Statsig

OpenAI Acquires Statsig in $1.1B Deal, Shakes Up Leadership

Do Son September 3, 2025

On September 2, OpenAI announced the $1.1 billion acquisition of Statsig, a company specializing in A/B testing...

Chrome 140 Patches Six Vulnerabilities, Including High-Severity V8 Flaw (CVE-2025-9864) Chrome, Antitrust Browser Security, Local Network Access CVE-2022-3075 history-sniffing vulnerability

Chrome, Antitrust Browser Security, Local Network Access CVE-2022-3075 history-sniffing vulnerability

Chrome 140 Patches Six Vulnerabilities, Including High-Severity V8 Flaw (CVE-2025-9864)

Do Son September 3, 2025

Google has announced the Chrome 140 stable channel release for Windows, macOS, and Linux. The rollout, with...

A Single Click Can Hijack Your PC: CVE-2025-58176 RCE Flaw Found in Dive Desktop App Dive desktop app, remote code execution

A Single Click Can Hijack Your PC: CVE-2025-58176 RCE Flaw Found in Dive Desktop App

Do Son September 3, 2025

The Open Agent Platform has issued a security advisory warning of a critical vulnerability in its Dive...

Microsoft Edge Google account login interface and synchronization settings Browser Choice Alliance letter Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

A New Push for Edge: Microsoft Retires Its Popular Editor Extension

Do Son September 3, 2025

In August 2025, Microsoft announced the discontinuation of its Microsoft Lens document scanner app, and now the...

PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy Remote code execution, IIS Web Deploy

PoC Published for Remote Code Execution Flaw in Microsoft IIS Web Deploy

Do Son September 3, 2025

Security researcher Batuhan Er of HawkTrace has been credited by Microsoft for uncovering CVE-2025-53772, a critical remote...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Issues Security Updates for BlueField, DOCA, Mellanox, ConnectX, Cumulus Linux, and NVOS

Do Son September 3, 2025

NVIDIA has released a critical set of software updates addressing multiple vulnerabilities across its BlueField DPUs, DOCA...

Unsecured Database Linked to Navy Federal Credit Union Exposed Online Booking.com Data Breach Claude Code Leak Anthropic Source Code YggTorrent data breach PS5 BootROM key leak 2026, PlayStation 5 unpatchable jailbreak Great Firewall data leak Dating App Breach, Tea App Leak 23andMe Data Leak