News Archives • Page 379 of 632 • Daily CyberSecurity

North Korean Cyber Espionage Group Tenacious Pungsan Compromises Open-Source Repositories with Backdoored npm Packages Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

North Korean Cyber Espionage Group Tenacious Pungsan Compromises Open-Source Repositories with Backdoored npm Packages

Ddos October 24, 2024

In a recent report, the Datadog Security Research Team exposed the latest nefarious activities of the Tenacious...

CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities CVE-2023-27532 & CVE-2024-37383

CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities

Ddos October 24, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two actively exploited...

UNC5267: Exposing North Korea’s State-Sponsored IT Worker Infiltration

Ddos October 24, 2024

In a recent report, Mandiant has uncovered the ongoing and sophisticated operations of a North Korean-aligned cyber...

One Identity Safeguard for Privileged Sessions Vulnerable to Authentication Bypass – CVE-2024-40595

Ddos October 24, 2024

A newly disclosed vulnerability in One Identity Safeguard for Privileged Sessions (SPS) could allow attackers to bypass...

AWS CDK Vulnerability: Missing S3 Bucket Could Lead to Account Takeover Overview of CDK attack vector

AWS CDK Vulnerability: Missing S3 Bucket Could Lead to Account Takeover

Ddos October 24, 2024

Security researchers Ofek Itach and Yakir Kadkoda from Aqua Security’s Team Nautilus uncovered a critical vulnerability in...

Ransomware Threat Escalates as Scattered Spider and RansomHub Combine Forces

Ddos October 24, 2024

ReliaQuest revealed a concerning new collaboration between the Scattered Spider cybercriminal collective and the rising ransomware group...

NVIDIA Patches Multi Vulnerabilities in Windows and Linux GPU Drivers

Ddos October 24, 2024

NVIDIA has issued a security bulletin addressing multiple vulnerabilities in its GPU Display Driver for both Windows...

New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack

Ddos October 24, 2024

In October 2024, Mandiant, in collaboration with Fortinet, uncovered the mass exploitation of FortiManager appliances across multiple...

CVE-2024-20424 (CVSS 9.9): Cisco FMC Software Vulnerability Grants Attackers Root Access Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

CVE-2024-20424 (CVSS 9.9): Cisco FMC Software Vulnerability Grants Attackers Root Access

Ddos October 23, 2024

Cisco has issued a critical security advisory warning of a command injection vulnerability in its Secure Firewall...

New Rust-Based Embargo Ransomware Threatens US Companies with Advanced Attack Techniques MDeployer and MS4Killer

New Rust-Based Embargo Ransomware Threatens US Companies with Advanced Attack Techniques

Ddos October 23, 2024

A new and highly sophisticated ransomware group, Embargo, has been targeting companies in the US. First observed...

Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481) Cisco SD-WAN Vulnerability CVE-2026-20127 CVE-2024-20481 - Daggerfly group

Cisco SD-WAN Vulnerability CVE-2026-20127 CVE-2024-20481 - Daggerfly group

Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481)

Ddos October 23, 2024

Cisco has disclosed an actively exploited vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat...

New WarmCookie/BadSpace Malware Targets Organizations Espionage Group Daggerfly

New WarmCookie/BadSpace Malware Targets Organizations

Ddos October 23, 2024

Cisco Talos researchers uncovered a new and highly adaptive malware family, WarmCookie, also referred to as BadSpace....

CVE-2024-20412: Unauthorized Access to Cisco Firepower Devices via Static Credentials Cisco Secure FMC CVE-2026-20079 Cisco RCE, Firewall Vulnerability Cisco Nexus, vulnerability CVE-2024-20412 - Cisco data breach

Cisco Secure FMC CVE-2026-20079 Cisco RCE, Firewall Vulnerability Cisco Nexus, vulnerability CVE-2024-20412 - Cisco data breach

CVE-2024-20412: Unauthorized Access to Cisco Firepower Devices via Static Credentials

Ddos October 23, 2024

Cisco has recently published a security advisory regarding a critical vulnerability in its Firepower Threat Defense (FTD)...

Nidec Precision Corporation Discloses Security Incident and Data Leak Nidec Precision Security Incident & Data Leak

Nidec Precision Corporation Discloses Security Incident and Data Leak

Ddos October 23, 2024

Nidec Precision Corporation, a leading manufacturer of precision motors and components, recently announced details of a security...

Webflow Weaponized: Phishing Attacks Target Crypto Wallets Webflow Phishing

Webflow Weaponized: Phishing Attacks Target Crypto Wallets

Ddos October 23, 2024

New research from Netskope Threat Labs reveals a surge in phishing attacks targeting cryptocurrency wallets, employing a...

CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover

Ddos October 23, 2024

Cisco has issued a critical security advisory warning of a vulnerability in the SSH subsystem of its...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8)

Ddos October 23, 2024

Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively...

Fake Crypto Game Hides Chrome Zero-Day CVE-2024-4947 Attack by Lazarus APT

Ddos October 23, 2024

Kaspersky Labs has uncovered a sophisticated campaign by the Lazarus APT group, utilizing a fake cryptocurrency game...

GitLab Security Alert: CVE-2024-8312 and CVE-2024-6826 Patched GitLab Security Update May 2026 GitLab XSS and DoS Vulnerabilities GitLab Security Session Hijacking GitLab Security Update, CI/CD Vulnerability GitLab DoS, Security Update bypassing SAML - CVE-2024-8312 and CVE-2024-6826