News Archives • Page 345 of 632 • Daily CyberSecurity

Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions CVE-2024-56332 - CVE-2025-29927 Next.js, Cache Poisoning

Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions

Ddos January 3, 2025

The popular React framework, Next.js, has addressed a security vulnerability that could have allowed attackers to launch...

CVE-2024-56513: Karmada Vulnerability Grants Attackers Control of Kubernetes Systems

Ddos January 3, 2025

A high-severity vulnerability (CVE-2024-56513) has been identified in Karmada (Kubernetes Armada), a management platform designed to facilitate...

India’s VPN Crackdown: Popular Apps Vanish from App Stores India VPN

India’s VPN Crackdown: Popular Apps Vanish from App Stores

Ddos January 3, 2025

In 2022, India began enforcing a new VPN policy mandated by the Indian Computer Emergency Response Team...

Beware! Fake EditThisCookie Extension Steals User Data

Ddos January 3, 2025

EditThisCookie, a browser extension with over 3 million downloads, primarily used for editing local cookie files, has...

ESET’s Warning: Windows 10 Users Urged to Switch to 11 or Linux Transition Windows 10 to Linux

ESET’s Warning: Windows 10 Users Urged to Switch to 11 or Linux

Ddos January 3, 2025

With millions of German computers still running the soon-to-be-obsolete Windows 10, and a worryingly low adoption rate...

CVE-2025-22275 (CVSS 9.3): iTerm2 Patches Critical Security Flaw Exposing User Input and Output iTerm2 vulnerability

CVE-2025-22275 (CVSS 9.3): iTerm2 Patches Critical Security Flaw Exposing User Input and Output

Ddos January 2, 2025

A critical security vulnerability, tracked as CVE-2025-22275 (CVSS 9.3) has been discovered and patched in iTerm2, a...

SysBumps: Breaking Kernel Address Space Layout Randomization on macOS for Apple Silicon DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

SysBumps: Breaking Kernel Address Space Layout Randomization on macOS for Apple Silicon

Ddos January 2, 2025

In a recent study, researchers from Korea University have unveiled “SysBumps,” the first successful Kernel Address Space...

Supply Chain Attack on Ethereum Developers via Malicious npm Packages npm Supply Chain Attack

Supply Chain Attack on Ethereum Developers via Malicious npm Packages

Ddos January 2, 2025

In a revelation by the Socket Research Team, Ethereum developers have been targeted in a sophisticated supply...

Patched But Still Vulnerable: Windows BitLocker Encryption Bypassed Again Bypass Windows BitLocker - CVE-2023-21563

Patched But Still Vulnerable: Windows BitLocker Encryption Bypassed Again

Ddos January 2, 2025

A revelation emerged from the Chaos Communication Congress (CCC) last week, shaking the foundations of Windows’ trusted...

35+ Chrome Extensions Compromised: 2.5 Million Users at Risk Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

35+ Chrome Extensions Compromised: 2.5 Million Users at Risk

Ddos January 2, 2025

In a detailed report from Team Axon—led by Alon Klayman and Uri Kornitzer—researchers have revealed on a...

CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk

Ddos January 2, 2025

ASUS has issued a security advisory warning users of critical vulnerabilities affecting several router models. Two flaws,...

Project Quarantine: PyPI’s New Line of Defense Against Malware Project Quarantine PyPI Security Privilege Escalation

Project Quarantine: PyPI’s New Line of Defense Against Malware

Ddos January 2, 2025

In a significant stride toward enhancing security in the Python ecosystem, the Python Package Index (PyPI) has...

Unmasking Fraudulent Popularity: Study Exposes 4.5 Million Fake Stars on GitHub Screenshot 2025-01-02 170012

Unmasking Fraudulent Popularity: Study Exposes 4.5 Million Fake Stars on GitHub

Ddos January 2, 2025

In a study conducted by researchers from Carnegie Mellon University, North Carolina State University, and Socket, the...

Starlink V3 Satellites Promise Blazing Fast Internet Speeds

Ddos January 2, 2025

Starlink recently announced on its official X account that it will soon launch the V3 satellites, which...

PoC Exploit Released for Zero-Click Vulnerability CVE-2024-49113 in Windows CVE-2024-49112 PoC exploit

PoC Exploit Released for Zero-Click Vulnerability CVE-2024-49113 in Windows

Ddos January 1, 2025

SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP...

CVE-2024-12108 (CVSS 9.6) and Beyond: Progress Issues Critical Patch for WhatsUp Gold Network Monitoring Software CVE-2024-1800, CVE-2024-12108 & CVE-2024-12106

CVE-2024-1800, CVE-2024-12108 & CVE-2024-12106

CVE-2024-12108 (CVSS 9.6) and Beyond: Progress Issues Critical Patch for WhatsUp Gold Network Monitoring Software

Ddos January 1, 2025

Progress Software Corporation, a global provider of products to develop, deploy, and manage high-impact business applications, has...

From Fake Installers to Stolen Credentials: Decoding the LegionLoader Threat KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

From Fake Installers to Stolen Credentials: Decoding the LegionLoader Threat

Ddos January 1, 2025

TRAC Labs has released an in-depth report on LegionLoader, a sophisticated downloader malware that has evolved significantly...

New Research Reveals a Novel “Bad Likert Judge” Technique to Jailbreak LLMs Bad Likert Judge - Artificial Intelligence Diffusion

New Research Reveals a Novel “Bad Likert Judge” Technique to Jailbreak LLMs

Ddos January 1, 2025

Researchers at Unit 42 have discovered a new technique, dubbed “Bad Likert Judge,” that can bypass the...

D-Link Issues Warning on End-of-Life Routers Vulnerable to Botnet Exploits D-Link Vulnerability - End-of-Life Routers

D-Link Issues Warning on End-of-Life Routers Vulnerable to Botnet Exploits

Ddos January 1, 2025

D-Link has issued a critical advisory urging users to retire and replace several legacy router models, including...

CVE-2024-21182: PoC Exploit Code Published for Severe WebLogic Flaw IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

CVE-2024-21182: PoC Exploit Code Published for Severe WebLogic Flaw

Ddos December 31, 2024

A security researcher published a proof-of-concept (PoC) exploit for CVE-2024-21182, a critical vulnerability in Oracle WebLogic Server....

Critical Alert 1 Active Exploit Detected Today