News Archives • Page 335 of 633 • Daily CyberSecurity

Android Boosts Anti-Theft Measures with AI and Biometric Security Android security, anti-theft backup Android Identity Check & Theft Detection Lock

Android security, anti-theft backup Android Identity Check & Theft Detection Lock

Android Boosts Anti-Theft Measures with AI and Biometric Security

Ddos January 24, 2025

In today’s world, our smartphones are practically extensions of ourselves. We use them for everything from banking...

CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code CVE-2024-43468 PoC exploit

CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code

Ddos January 23, 2025

Security researcher Mehdi Elyassa from Synacktiv published the technical details and a proof-of-concept (PoC) exploit code for...

CVE-2025-21535 (CVSS 9.8): Vulnerability in Oracle WebLogic Server Could Lead to Remote Code Execution CVE-2025-21535 Oracle EBS RCE, CVE-2025-61882

CVE-2025-21535 (CVSS 9.8): Vulnerability in Oracle WebLogic Server Could Lead to Remote Code Execution

Ddos January 23, 2025

Oracle has issued a critical security advisory addressing a high-severity vulnerability in WebLogic Server, identified as CVE-2025-21535....

Malicious VS Code Extension Masquerades as Zoom to Steal Chrome Cookies

Ddos January 23, 2025

A recent investigation by Hunt.io has unveiled a concerning campaign targeting software developers through malicious Visual Studio...

CVE-2024-43707: Kibana Patches High Severity Vulnerability Exposing Sensitive Information CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2024-43707 Kibana vulnerability Prototype pollution CVE-2025-25014

CVE-2024-43707: Kibana Patches High Severity Vulnerability Exposing Sensitive Information

Ddos January 23, 2025

Kibana, the popular open-source data visualization and exploration tool, has released a security update addressing two vulnerabilities,...

Beyond DocuSign: Credential Harvesting Now Targets a Wider Range of Cloud Apps

Ddos January 23, 2025

A recent report by Stephen Kowski, Field CTO at SlashNext, highlights a concerning trend in credential harvesting:...

Donot APT Group Targets Android Devices with Malicious Chat Apps Donot APT Group - Android zero-day

Donot APT Group Targets Android Devices with Malicious Chat Apps

Ddos January 23, 2025

The research team at CYFIRMA has uncovered an alarming Android malware campaign attributed to the Indian advanced...

2024 Payment Fraud Report: E-Skimming, Check Fraud, and Threat Actor Sophistication Soar

Ddos January 23, 2025

Cybercriminals are increasingly targeting both physical and digital payment systems, with over 269 million stolen cards and...

phpMyAdmin Patches XSS Vulnerabilities in Latest Release phpMyAdmin Vulnerabilities

phpMyAdmin Patches XSS Vulnerabilities in Latest Release

Ddos January 23, 2025

phpMyAdmin, a popular web-based tool for managing MySQL and MariaDB databases, has addressed two cross-site scripting (XSS)...

CVE-2024-7029 and CVE-2017-17215 Exploited in Latest Murdoc Botnet Attacks FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

CVE-2024-7029 and CVE-2017-17215 Exploited in Latest Murdoc Botnet Attacks

Ddos January 23, 2025

The Qualys Threat Research Unit has unveiled an extensive campaign involving a new variant of the infamous...

Stealthy and Persistent: New Ransomware Tactics Target VMware ESXi SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

Stealthy and Persistent: New Ransomware Tactics Target VMware ESXi

Ddos January 23, 2025

Sygnia’s latest report reveals the evolving tactics of ransomware groups targeting VMware ESXi appliances. By exploiting these...

STAC5143 and STAC5777: New Ransomware Campaigns Target Microsoft Office 365 Users NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

STAC5143 and STAC5777: New Ransomware Campaigns Target Microsoft Office 365 Users

Ddos January 23, 2025

Sophos X-Ops has uncovered two distinct ransomware campaigns to infiltrate organizations via Microsoft Office 365 and Teams....

CVE-2025-23006 (CVSS 9.8): SonicWall Warns of Active Exploits, Issues Urgent Update for SMA1000 Users SonicWall Security Advisory SonicOS Patch 2026 CVE-2025-23006 SonicWall, SMA 100 Vulnerabilities

CVE-2025-23006 (CVSS 9.8): SonicWall Warns of Active Exploits, Issues Urgent Update for SMA1000 Users

Ddos January 23, 2025

SonicWall has issued an urgent security advisory warning of a critical vulnerability in its SMA1000 Appliance Management...

CVE-2025-0314: GitLab Releases Patch for XSS Exploit GitLab AI Gateway Vulnerability CVE-2026-1868 CVE-2025-0314 GitLab Security Update CVE-2025-9222

CVE-2025-0314: GitLab Releases Patch for XSS Exploit

Ddos January 23, 2025

GitLab has issued a important security update addressing several vulnerabilities, including a high severity cross-site scripting (XSS)...

CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory

Ddos January 22, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a...

CVE-2025-20156 (CVSS 9.9): Cisco Meeting Management Flaw Allows for Privilege Escalation

Ddos January 22, 2025

Cisco has issued a security advisory addressing a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Purrglar: Emerging Stealer Targets Chrome and Exodus Wallet Data on macOS

Ddos January 22, 2025

Kandji’s Threat Research team has uncovered a potential new macOS stealer named “Purrglar.” This malware, uploaded to...

Signal and Discord Vulnerabilities Exposed: 0-Click Deanonymization Attack Revealed deanonymization attack - cache geolocation attack

Signal and Discord Vulnerabilities Exposed: 0-Click Deanonymization Attack Revealed

Ddos January 22, 2025

Security researcher Daniel, also known as hackermondev, has revealed an 0-click deanonymization attack capable of exposing user...

ApateWeb Campaign Hijacks Blogspot, Spreads Phishing and Malware ApateWeb operation

ApateWeb Campaign Hijacks Blogspot, Spreads Phishing and Malware

Ddos January 22, 2025

Security researcher Aaron Meese, in collaboration with Validin, has uncovered an ongoing malicious campaign exploiting Blogspot redirectors...

Mercedes-Benz MBUX Vulnerabilities: User Data and Safety at Risk mercedes-benz-2692776_1280

Mercedes-Benz MBUX Vulnerabilities: User Data and Safety at Risk

Ddos January 22, 2025

Kaspersky Labs has unveiled critical vulnerabilities in the Mercedes-Benz User Experience (MBUX) infotainment system, shedding light on...

Critical Alert 1 Active Exploit Detected Today