Daily CyberSecurity • Page 135 of 739 • Zero-hour alerts. Unmatched analysis.

Storm-0249 Abuses EDR Process via DLL Sideloading to Cloak Ransomware Access Storm-0249 EDR Abuse, DLL Sideloading

Storm-0249 Abuses EDR Process via DLL Sideloading to Cloak Ransomware Access

Do Son December 15, 2025

A notorious initial access broker (IAB) known as “Storm-0249” has radically shifted its tactics, moving from broad...

ImageMagick Flaw Risks Arbitrary Memory Disclosure via PSX TIM File Integer Overflow on 32-bit Systems ImageMagick Vulnerability CVE-2026-23876 ImageMagick TIM Overflow, Memory Disclosure Flaw ImageMagick vulnerabilities, memory corruption CVE-2023-34152

ImageMagick Flaw Risks Arbitrary Memory Disclosure via PSX TIM File Integer Overflow on 32-bit Systems

Do Son December 15, 2025

A high-severity vulnerability has been uncovered in ImageMagick, the ubiquitous open-source image processing suite used by millions...

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Do Son December 15, 2025

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a...

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners React2Shell RCE, Widespread Exploitation

React2Shell: Max-Score RCE (CVSS 10.0) Triggers Widespread Exploitation by Espionage Groups & Miners

Do Son December 13, 2025

The cybersecurity landscape was jolted this month by the disclosure of a catastrophic vulnerability in one of...

Linux Kernel io_uring UAF Flaw Used to Cheat BPF Verifier and Achieve Container Escape, PoC Releases Linux io_uring UAF, Kernel Exploit Primitive

Linux Kernel io_uring UAF Flaw Used to Cheat BPF Verifier and Achieve Container Escape, PoC Releases

Do Son December 13, 2025

Two security researchers, known by the handles st424204 and d4em0n, have published a deep-dive analysis of a...

Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Airflow Credential Leak, UI Redaction Failure CVE-2024-39877 & CVE-2024-45784 Airflow Connection Leak, CVE-2025-54831

Apache Airflow Flaws Leak Sensitive Credentials in UI via DAG Tracebacks & Template Rendering

Do Son December 13, 2025

The maintainers of Apache Airflow, the industry-standard platform for programmatic workflow authoring, have released a crucial security...

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Urgent: Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation Against High-Risk Targets

Do Son December 13, 2025

Apple has issued an urgent security intervention for iPhone and iPad users, releasing patches for two critical...

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide Critical_React2Shell_CVE-2025-55182____RSC______3_1765504077YqYq0hVYdr

Critical_React2Shell_CVE-2025-55182____RSC______3_1765504077YqYq0hVYdr

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

cybernewswire December 12, 2025

Torrance, United States / California, 12th December 2025, CyberNewsWire

OpenAI Fights Back: GPT-5.2 Unveiled to Rival Google’s Gemini 3 Pro OpenAI GPT-5.2, Gemini 3 Pro Rival

OpenAI Fights Back: GPT-5.2 Unveiled to Rival Google’s Gemini 3 Pro

Do Son December 12, 2025

On the very same day it announced its historic partnership with Disney, OpenAI finally unveiled the model...

The IP Wall Falls: Disney Invests $1B in OpenAI to License 200+ Characters for AI Disney OpenAI $1B, AI Character Licensing

The IP Wall Falls: Disney Invests $1B in OpenAI to License 200+ Characters for AI

Do Son December 12, 2025

Long regarded as the “most formidable legal department in the Western Hemisphere,” Disney has historically guarded its...

The AI Super-App Rises: Photoshop & Adobe Express Integrate into ChatGPT OpenAI Adobe Integration, ChatGPT Super-App

The AI Super-App Rises: Photoshop & Adobe Express Integrate into ChatGPT

Do Son December 12, 2025

Following earlier integrations with Spotify and Canva, OpenAI has taken yet another decisive step toward its ambition...

The “USB-C of AI” is Here: Google Launches Managed Servers for MCP Protocol Google MCP Protocol, Agentic AI Managed Servers Google Cloud Meta Google Cloud UniSuper

Google MCP Protocol, Agentic AI Managed Servers Google Cloud Meta Google Cloud UniSuper

The “USB-C of AI” is Here: Google Launches Managed Servers for MCP Protocol

Do Son December 12, 2025

Following the Linux Foundation’s establishment of the Agentic AI Foundation (AAIF) and its designation of the Model...

YouTube TV’s New Subscription Bundles: Is Streaming Becoming Cable All Over Again? YouTube TV Gemini Ask YouTube TV Bundles, Streaming Cable Model

YouTube TV Gemini Ask YouTube TV Bundles, Streaming Cable Model

YouTube TV’s New Subscription Bundles: Is Streaming Becoming Cable All Over Again?

Do Son December 12, 2025

Streaming television appears to be retracing the path once taken by traditional cable. YouTube TV has announced...

Farewell, Tabs: Google’s Experimental Disco Browser Generates Web Apps with AI Google Disco Browser, Gemini PWA Generation

Farewell, Tabs: Google’s Experimental Disco Browser Generates Web Apps with AI

Do Son December 12, 2025

The race among artificial intelligence models has entered a fevered, white-hot phase—and AI-driven browsers have now gained...

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Server Components Vulnerability CVE-2026-23870 React Server Components Server-Side DoS React DoS Vulnerability CVE-2026-23864 React Server Components DoS, Source Code Disclosure React RCE, Server Components Deserialization CVE-2025-55182

React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure

Do Son December 12, 2025

The security saga surrounding React Server Components continues this week. Just days after the React team patched...

Core Banking System Flaw: Apache Fineract IDOR Risks Authorization Bypass & Customer Data Access CVE-2024-32838 Apache Fineract IDOR, Core Banking Bypass

CVE-2024-32838 Apache Fineract IDOR, Core Banking Bypass

Core Banking System Flaw: Apache Fineract IDOR Risks Authorization Bypass & Customer Data Access

Do Son December 12, 2025

A trio of security vulnerabilities has been disclosed in Apache Fineract, the open-source core banking system that...

New 01flip Ransomware Hits APAC Critical Infra: Cross-Platform Rust Weapon Uses Sliver C2 01flip Rust Ransomware, Cross-Platform APAC

New 01flip Ransomware Hits APAC Critical Infra: Cross-Platform Rust Weapon Uses Sliver C2

Do Son December 12, 2025

A new and sophisticated ransomware player has entered the cybercrime arena, targeting critical infrastructure in the Asia-Pacific...

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

Do Son December 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo...

Military-Grade ValleyRAT Goes Rogue: Kernel Rootkit Builder Leak Triggers Massive Global Surge ValleyRAT Builder Leak, Kernel Rootkit Comoditization

ValleyRAT Builder Leak, Kernel Rootkit Comoditization

Military-Grade ValleyRAT Goes Rogue: Kernel Rootkit Builder Leak Triggers Massive Global Surge

Do Son December 12, 2025

A sophisticated cyber weapon previously linked to targeted espionage has gone rogue, flooding the threat landscape after...

Sophisticated Okta SSO Phishing Bypasses Defenses to Steal Session Tokens With Salary Review Lures UAT-8099 BadIIS Malware Pacific Islands Forum Cyberattack

UAT-8099 BadIIS Malware Pacific Islands Forum Cyberattack

Sophisticated Okta SSO Phishing Bypasses Defenses to Steal Session Tokens With Salary Review Lures

Do Son December 12, 2025

Just as employees begin anticipating their year-end performance reviews, a sophisticated new phishing campaign has emerged, turning...