News Archives • Page 240 of 632 • Daily CyberSecurity

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution ClamAV Vulnerability ClamAV Vulnerabilities, RCE

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

Ddos June 19, 2025

Cisco’s ClamAV, one of the most widely used open-source antivirus engines, has released versions 1.4.3 and 1.0.9...

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress AI Engine Flaw (CVE-2025-5071): Critical Bug Allows Subscriber-Level Account Takeover

Ddos June 19, 2025

Security researchers at Wordfence have uncovered a vulnerability in the popular AI Engine plugin for WordPress, which...

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks

Ddos June 19, 2025

Cisco has disclosed a vulnerability in its Meraki MX and Z Series devices, affecting the Cisco AnyConnect...

Apache Traffic Server Flaws Allow Access Bypass & Remote DoS Apache Traffic Server Vulnerabilities CVE-2024-56195 and CVE-2024-56196

Apache Traffic Server Flaws Allow Access Bypass & Remote DoS

Ddos June 19, 2025

Two newly disclosed vulnerabilities in Apache Traffic Server (ATS)—a core component of many cloud and content delivery...

Root Access Unlocked: How a pam_namespace Flaw Lets Attackers Elevate Privileges on Linux Linux PAM, Privilege Escalation

Root Access Unlocked: How a pam_namespace Flaw Lets Attackers Elevate Privileges on Linux

Ddos June 19, 2025

A security vulnerability was found in Linux PAM (Pluggable Authentication Modules). Tracked as CVE-2025-6020, the flaw affects...

Tor Meets Docker: Sophisticated Crypto-Mining Campaign Hijacks Misconfigured APIs

Ddos June 19, 2025

Trend Micro researchers have uncovered a stealthy new attack method that fuses misconfigured Docker remote APIs with...

MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents MySQL Attacks, UDF Exploitation pREST, SQL injection

MySQL Attacks, UDF Exploitation pREST, SQL injection

MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents

Ddos June 19, 2025

Threat actors are ramping up attacks on poorly managed MySQL servers, particularly those running in Windows environments,...

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying SSRF, Cloudflare OpenNext

SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Ddos June 19, 2025

A Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, potentially allowing unauthenticated users...

Elastic Uncovers Stealthy Campaign Using GHOSTPULSE and ARECHCLIENT2 Malware Fake captcha

Elastic Uncovers Stealthy Campaign Using GHOSTPULSE and ARECHCLIENT2 Malware

Ddos June 19, 2025

Elastic Security Labs has revealed a highly sophisticated multi-stage attack chain exploiting a social engineering method dubbed...

Ransomware Gang Qilin Rises Amid Collapse of Major Gangs Like RansomHub and LockBit

Ddos June 19, 2025

The ransomware threat landscape is undergoing dramatic upheaval. As legacy groups like RansomHub, LockBit, Everest, and BlackLock...

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways KAON Wi-Fi Gateway, Authentication Bypass

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

Ddos June 19, 2025

A critical vulnerability has been disclosed in KAON’s KCM3100 Wi-Fi gateway devices that could allow attackers to...

Invoice to Infection: Sorillus RAT Campaign Strikes European Organizations

Ddos June 19, 2025

A fresh wave of targeted cyberattacks is sweeping across Europe, leveraging invoice-themed phishing emails and weaponizing legitimate...

XDSpy Resurfaces: Stealthy Cyber-Espionage Campaign Targets Governments with Obscure Windows LNK Flaw

Ddos June 19, 2025

After years of operating in near-total obscurity, the cyber-espionage group XDSpy has resurfaced in a sophisticated campaign...

TikTok Gets Another Lifeline: Trump Extends Ban Deadline by 90 Days TikTok USDS Joint Venture LLC divestiture, Project Texas 2.0 ByteDance stake TikTokRefugee TikTok Ban, US Extension

TikTok USDS Joint Venture LLC divestiture, Project Texas 2.0 ByteDance stake TikTokRefugee TikTok Ban, US Extension

TikTok Gets Another Lifeline: Trump Extends Ban Deadline by 90 Days

Ddos June 18, 2025

Following the Trump administration’s initial decision in early April to grant TikTok’s U.S. operations an additional 75-day...

Python Protobuf Flaw Allows DoS Via Nested Messages Python Protobuf, DoS Vulnerability

Python Protobuf Flaw Allows DoS Via Nested Messages

Ddos June 18, 2025

A high-severity vulnerability has been uncovered in the pure-Python backend of Google’s Protocol Buffers (protobuf), potentially allowing...

D-Link Router Flaws Allow Code Execution, PoC Available, No Patch D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link Router Flaws Allow Code Execution, PoC Available, No Patch

Ddos June 18, 2025

D-Link has issued an official advisory warning users of its legacy DIR-632 router that two critical vulnerabilities...

Broadcom Unveils VMware Cloud Foundation 9.0: A Unified Private Cloud for AI & Modern Workloads Broadcom VCF, Private Cloud

Broadcom Unveils VMware Cloud Foundation 9.0: A Unified Private Cloud for AI & Modern Workloads

Ddos June 18, 2025

Broadcom has officially unveiled VMware Cloud Foundation (VCF) 9.0, marking a significant stride in advancing its modern...

Wi-Fi 8 is Coming: Ultra-Reliable Connectivity Set for 2028 Launch EU 6GHz Spectrum Wi-Fi 7 vs 6G Wi-Fi 8, Wireless Standard Captive portal - WPA3 Security

EU 6GHz Spectrum Wi-Fi 7 vs 6G Wi-Fi 8, Wireless Standard Captive portal - WPA3 Security

Wi-Fi 8 is Coming: Ultra-Reliable Connectivity Set for 2028 Launch

Ddos June 18, 2025

An increasing number of devices are now beginning to support the Wi-Fi 7 standard, yet its adoption...

OneDrive Shock: User Loses 30 Years of Photos After Account Suspension, Highlighting Cloud Backup Risks OneDrive cloud deletion 2026 OneDrive Facial Recognition, Three-Time Limit OneDrive Suspension, Data Loss

OneDrive cloud deletion 2026 OneDrive Facial Recognition, Three-Time Limit OneDrive Suspension, Data Loss

OneDrive Shock: User Loses 30 Years of Photos After Account Suspension, Highlighting Cloud Backup Risks

Ddos June 18, 2025

After Microsoft integrated OneDrive cloud storage into Windows 10 and 11, a significant number of users were...

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping Mastodon Data, AI Scraping CVE-2024-23832 PoC

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping

Ddos June 18, 2025

The decentralized social networking platform Mastodon has recently issued an email to its users, notifying them of...