News Archives • Page 304 of 633 • Daily CyberSecurity

CERT-UA Alert: DarkCrystal RAT Deployed via Signal in Ukraine

Ddos March 19, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a security alert regarding a series of...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2024-10441 (CVSS 9.8): Synology Patches Critical Code Execution Flaw in Multiple Products

Ddos March 18, 2025

Synology has updated their security advisories to disclosure to a critical security vulnerability affecting several of its...

End of Windows 10: Microsoft Warns Users, Update or Pay KB5083769 Update Windows 11 24H2 end of support File Explorer White Flash Windows 11 Dark Mode Bug Windows 11 SE, End of Support Windows Update, Automatic Upgrade CVE-2023-38146 Windows 10

KB5083769 Update Windows 11 24H2 end of support File Explorer White Flash Windows 11 Dark Mode Bug Windows 11 SE, End of Support Windows Update, Automatic Upgrade CVE-2023-38146 Windows 10

End of Windows 10: Microsoft Warns Users, Update or Pay

Ddos March 18, 2025

If you are still using Windows 10 and have logged into your Microsoft account, you might have...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Hidden Threat: Zero-Day Windows Shortcut Exploited by Global APT Networks

Ddos March 18, 2025

A recently uncovered vulnerability, ZDI-CAN-25373, identified by the Trend Zero Day Initiative (ZDI), is at the center...

Million-Download Node.js Library xml-crypto Hit by Critical Security Flaws (CVE-2025-29774, CVE-2025-29775)

Ddos March 18, 2025

Two critical vulnerabilities have been identified in the xml-crypto library, a popular Node.js library for XML digital...

Cybersecurity Alert: CISA Adds Fortinet and GitHub Action Vulnerabilities to Exploited List

Ddos March 18, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities to its Known...

FIN7’s New Stealth Weapon: AnubisBackdoor Emerges in the Wild DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

FIN7’s New Stealth Weapon: AnubisBackdoor Emerges in the Wild

Ddos March 18, 2025

Threat intelligence company PRODAFT uncovers a new Python-based backdoor named AnubisBackdoor, wielded by the infamous FIN7 group,...

CVE-2025-2000 (CVSS 9.8): Qiskit SDK Vulnerability Allows Arbitrary Code Execution

Ddos March 18, 2025

A security vulnerability has been discovered in the Qiskit Software Development Kit (SDK). The issue, tracked as...

Unusual Malware Samples Discovered, Including C++/CLI IIS Backdoor

Ddos March 18, 2025

A recent report by Unit 42 highlights the discovery of several new malware samples with unique characteristics....

Critical Vulnerabilities Found in Sungrow iSolarCloud App and WiNet Firmware

Ddos March 18, 2025

In a recent security advisory, the Cybersecurity and Infrastructure Security Agency (CISA) revealed multiple critical vulnerabilities impacting...

INDOHAXSEC: Emerging Indonesian Hacktivist Collective Targets Southeast Asia

Ddos March 18, 2025

A new report by Arctic Wolf Labs has shed light on a growing hacktivist group operating out...

CVE-2025-2263 (CVSS 9.8): Stack Overflow Flaw Threatens Patient Data in PACS Systems, PoC Published CVE-2025-2263 Orthanc Security DICOM Vulnerabilities

CVE-2025-2263 Orthanc Security DICOM Vulnerabilities

CVE-2025-2263 (CVSS 9.8): Stack Overflow Flaw Threatens Patient Data in PACS Systems, PoC Published

Ddos March 18, 2025

Multiple critical security vulnerabilities have been discovered in Sante PACS Server, a widely used DICOM 3.0 compliant...

Google’s Android Terminal: More Linux Apps, Not a Linux Desktop Android 16 adoption rate Android 16KB Page, .NET MAUI 9 Android Security, Fast Charging Android Canary, Developer Program Android Updates, EU Regulation Android 16 Google Android Terminal Cloud Compilation Android, Google I/O

Android 16 adoption rate Android 16KB Page, .NET MAUI 9 Android Security, Fast Charging Android Canary, Developer Program Android Updates, EU Regulation Android 16 Google Android Terminal Cloud Compilation Android, Google I/O

Google’s Android Terminal: More Linux Apps, Not a Linux Desktop

Ddos March 18, 2025

Google’s newly developed terminal application for the Android system has already been made available in the Android...

Critical Flaws Expose SICK DL100 Devices to Code Execution and Password Hacks CVE-2024-10025 CVE-2025-27593 & CVE-2025-27595

Critical Flaws Expose SICK DL100 Devices to Code Execution and Password Hacks

Ddos March 18, 2025

SICK has released a security advisory (sca-2025-0004) warning of critical vulnerabilities in its DL100-2xxxxxxx devices. The advisory,...

Massive Ad Fraud Campaign Deployed 331 Apps, Resulting in 60 Million Downloads

Ddos March 18, 2025

Cybercriminals have once again exploited Google Play’s security mechanisms, infiltrating the app marketplace with at least 331...

Google’s New YouTube Warning: No Ad Blockers or Lose Your Account? YouTube Shorts, digital well-being YouTube AI doppelgängers Shorts, Gemini 3 Playables games

YouTube Shorts, digital well-being YouTube AI doppelgängers Shorts, Gemini 3 Playables games

Google’s New YouTube Warning: No Ad Blockers or Lose Your Account?

Ddos March 18, 2025

Have you ever considered the possibility that installing an ad blocker while watching YouTube videos could lead...

iOS 18.3.2 Bug? iCloud Mail Push Notifications Broken iCloud Mail iOS 18.3.2

iOS 18.3.2 Bug? iCloud Mail Push Notifications Broken

Ddos March 18, 2025

If you use Apple’s iCloud Mail in conjunction with the native iOS Mail app, you may have...

CVE-2024-27564: Attackers Exploit OpenAI Vulnerability in the Wild

Ddos March 18, 2025

A newly disclosed server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564, has become a significant target for...

Multiple Security Vulnerabilities Plague PHP, Exposing Applications to Risk CVE-2024-1874 PHP Vulnerabilities

Multiple Security Vulnerabilities Plague PHP, Exposing Applications to Risk

Ddos March 17, 2025

A series of security vulnerabilities has been uncovered in the PHP programming language, potentially exposing web applications...

CVE-2025-27591: Privilege Escalation Vulnerability Found in Below Linux Tool

Ddos March 17, 2025

A privilege escalation vulnerability has been discovered in Below, a tool for recording and displaying system data...