News Archives • Page 268 of 632 • Daily CyberSecurity

Interlock Ransomware Hits U.S. Defense Contractor AMTEC in Espionage-Driven Data Breach Interlock Ransomware, defense contractor breach

Interlock Ransomware Hits U.S. Defense Contractor AMTEC in Espionage-Driven Data Breach

Ddos May 15, 2025

A sophisticated ransomware campaign targeting National Defense Corporation (NDC) and its subsidiaries affected the defense supply chain,...

Branch Privilege Injection (CVE-2024-45332): New Spectre-Class Attack Bypasses Intel Mitigations with Live PoC Branch Privilege Injection, speculative execution

Branch Privilege Injection, speculative execution

Branch Privilege Injection (CVE-2024-45332): New Spectre-Class Attack Bypasses Intel Mitigations with Live PoC

Ddos May 15, 2025

Security researchers at ETH Zürich have unveiled a novel speculative execution attack—Branch Privilege Injection (CVE-2024-45332)—that subverts Intel’s...

Obfuscated Malware Delivered via Google Calendar Invites and Unicode PUAs Google Calendar malware, Unicode PUAs

Obfuscated Malware Delivered via Google Calendar Invites and Unicode PUAs

Ddos May 15, 2025

Malware authors have begun exploiting Google Calendar invites and Unicode Private Use Area (PUA) characters to deliver...

Critical Authentication Bypass in OpenPubkey and OPKSSH Exposes Systems to Remote Access Risks OpenPubkey, authentication bypass

Critical Authentication Bypass in OpenPubkey and OPKSSH Exposes Systems to Remote Access Risks

Ddos May 15, 2025

A pair of critical-severity vulnerabilities in the OpenPubkey authentication protocol and its companion tool, OPKSSH, could allow...

Xerox Patches Dozens of Vulnerabilities in FreeFlow Print Server with April 2025 Security Update Xerox security FreeFlow Print Server

Xerox Patches Dozens of Vulnerabilities in FreeFlow Print Server with April 2025 Security Update

Ddos May 15, 2025

On May 12, 2025, Xerox published Security Bulletin XRX25-009, announcing the release of its April 2025 Security...

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers PyPI malware, Solana developers

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Ddos May 15, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this...

Netlogon RCE vulnerability Exploited in the wild Secure Boot certificate renewal 2026, Windows 11 UEFI update Community-First AI Infrastructure, Microsoft self-funding energy mandate aka.ms/aoh online portal CVE-2025-55681, Windows DWM Elevation Windows Administrator Protection, CVE-2025-60718 Microsoft AI Compute, IREN Infrastructure Microsoft Japan PPA, Renewable Energy Microsoft AI Investment, Cloud Expansion Microsoft Azure, Startup Credits Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

Microsoft Restructures: 6,000 Jobs Cut Amid AI Focus

Ddos May 14, 2025

Microsoft recently announced a strategic organizational restructuring, which will result in a workforce reduction of approximately 3%,...

Android 16 & Gemini AI Unleashed: Google’s Pre-I/O Powerhouse Android 16, Gemini AI

Android 16 & Gemini AI Unleashed: Google’s Pre-I/O Powerhouse

Ddos May 14, 2025

Before the official commencement of Google I/O 2025, Google unveiled several upcoming innovations through “The Android Show:...

Australian Human Rights Commission Data Breach Exposes Sensitive Documents Submitted via Website

Ddos May 14, 2025

The Australian Human Rights Commission (AHRC) has disclosed a significant data breach involving the unintended public exposure...

GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked GovDelivery phishing, Indiana toll scam

GovDelivery Exploited in TxTag Toll Scam: Indiana Government Sender Account Hacked

Ddos May 14, 2025

A sophisticated phishing campaign has exploited compromised Indiana state government accounts to distribute fraudulent toll collection messages...

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVE-2024-37998 and CVE-2024-39601 CVEs 2025-26389 and 2025-26390 Siemens OZW

CVSS 10.0 Flaws in Siemens OZW Web Servers Enable Unauthenticated RCE and Admin Access

Ddos May 14, 2025

Siemens has released a critical security advisory (SSA-047424) addressing two severe vulnerabilities—CVE-2025-26389 and CVE-2025-26390—affecting its OZW672 and...

Ivanti Neurons for ITSM Hit by CVSS 9.8 Authentication Bypass Flaw Enabling Full Admin Access Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti EPM Vulnerability CVE-2026-1603 Ivanti EPM Critical XSS, Unauthenticated File Write CVE-2024-29847 & CVE-2024-8190 Ivanti ITSM, Authentication Bypass

Ivanti Neurons for ITSM Hit by CVSS 9.8 Authentication Bypass Flaw Enabling Full Admin Access

Ddos May 14, 2025

Ivanti has released a critical security patch for its on-premises Neurons for ITSM platform, addressing a severe...

Varnish Vulnerability Exposes Cache to HTTP Request Smuggling CVE-2024-30156 Varnish, HTTP request smuggling

Varnish Vulnerability Exposes Cache to HTTP Request Smuggling

Ddos May 14, 2025

Varnish Software has disclosed a client-side desynchronization vulnerability, tracked as CVE-2025-47905, in both Varnish Cache and Varnish...

Zoom Patches High-Severity Flaw (CVE-2025-30663) in Workplace Apps CVE-2022-28756 Zoom Vulnerabilities, Privilege Escalation

Zoom Patches High-Severity Flaw (CVE-2025-30663) in Workplace Apps

Ddos May 14, 2025

Zoom has released a security bulletin addressing multiple vulnerabilities across its Workplace Apps suite. The bulletin details...

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248) Pgpool, Unauthenticated Access

Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248)

Ddos May 14, 2025

A critical security vulnerability has been identified in the Bitnami Pgpool-II Docker image and the bitnami/postgres-ha Kubernetes...

TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence

Ddos May 14, 2025

In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts...

Siemens RUGGEDCOM Flaws Scored CVSS 9.9: Command Injection Bugs Threaten Industrial Networks RUGGEDCOM, Command Injection

Siemens RUGGEDCOM Flaws Scored CVSS 9.9: Command Injection Bugs Threaten Industrial Networks

Ddos May 14, 2025

Siemens ProductCERT released an urgent security advisory (SSA-301229) detailing multiple command injection vulnerabilities in its RUGGEDCOM ROX...

Chihuahua Stealer Unleashed: Obfuscated PowerShell and AES-GCM Encryption Fuel This Advanced Data Theft Campaign Chihuahua Stealer, Infostealer

Chihuahua Stealer Unleashed: Obfuscated PowerShell and AES-GCM Encryption Fuel This Advanced Data Theft Campaign

Ddos May 14, 2025

In the ever-expanding ecosystem of information stealers, a new and unusually sophisticated malware has entered the scene:...

Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure Earth Ammit, Supply Chain Attack

Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure

Ddos May 14, 2025

rend Micro researchers have uncovered the full extent of an elaborate, multi-phase cyber-espionage operation attributed to Earth...

Critical CVE-2025-4632 Flaw in Samsung MagicINFO Puts Global Signage Networks at Risk MagicINFO, CVE-2025-4632

Critical CVE-2025-4632 Flaw in Samsung MagicINFO Puts Global Signage Networks at Risk

Ddos May 14, 2025

A newly disclosed vulnerability in Samsung’s MagicINFO Server, tracked as CVE-2025-4632, poses a severe risk to digital...

Critical Alert 1 Active Exploit Detected Today