Daily CyberSecurity • Page 140 of 739 • Zero-hour alerts. Unmatched analysis.

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading

Do Son December 8, 2025

A sophisticated malware campaign traditionally focused on Chinese-speaking targets has expanded its scope, now aggressively targeting English-speaking...

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints Palo Alto SonicWall Scanning, Coordinated Reconnaissance

Palo Alto SonicWall Scanning, Coordinated Reconnaissance

Coordinated Reconnaissance: 7,000+ IPs Target Palo Alto GlobalProtect and SonicWall API Endpoints

Do Son December 6, 2025

A sudden surge in mass scanning activity has targeted two major enterprise security vendors, Palo Alto Networks...

Key AI Solutions in Cybersecurity for 2026 WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

Key AI Solutions in Cybersecurity for 2026

Do Son December 6, 2025

As we move further into the digital age, the importance of robust cybersecurity measures has never been...

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates Step CA Auth Bypass, Critical ACME Flaw

Critical Step CA Flaw (CVE-2025-44005, CVSS 10.0) Allows Unauthenticated Bypass to Issue Fraudulent Certificates

Do Son December 6, 2025

A critical security vulnerability has been identified in Step CA, a popular online Certificate Authority tool used...

China APT UNC5174 Hijacks Discord API as Covert C2 Channel to Evade Detection and Conduct Espionage Discord C2, UNC5174 Espionage

China APT UNC5174 Hijacks Discord API as Covert C2 Channel to Evade Detection and Conduct Espionage

Do Son December 6, 2025

A sophisticated cyber-espionage campaign linked to the Chinese state-sponsored threat group UNC5174 has been discovered utilizing the...

Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing G2_PR_Winter_1764779986pS3XAjIIlK

Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing

cybernewswire December 5, 2025

Madison, United States, 5th December 2025, CyberNewsWire

Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM webinar_sns2_1764913495pMKY77PH7j

Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM

cybernewswire December 5, 2025

Torrance, California, USA, 5th December 2025, CyberNewsWire

Honesty is the Best Policy: OpenAI Trains AI Models to ‘Confess’ Errors and Hallucinations

Do Son December 5, 2025

To enhance transparency in artificial intelligence and curb the problem of confidently delivering nonsense, OpenAI has revealed...

New Android Call Scam Protection Pauses Calls for 30 Seconds During Financial App Use Android Call Scam Protection 30-Second Fraud Delay

New Android Call Scam Protection Pauses Calls for 30 Seconds During Financial App Use

Do Son December 5, 2025

Google is now expanding Android’s call-scam protection through Google Play Services, enhancing the system’s ability to safeguard...

Apple HomePad delay Tesla CarPlay integration 2026 Apple CarPlay AI integration 2026 Apple 2026 product roadmap rumors, foldable iPhone release date Apple Vision Pro sales slump, Vision Pro production cut Russia FaceTime Ban Network Blockade Apple Apple 2026 Roadmap, iPhone Foldable, Apple Intelligence Apple Maps ads, iOS monetization Apple, Digital Markets Act FCC Leak, iPhone 16e Schematics iPhone Fold Apple Made in India Apple US Investment, Indian Tariffs Apple Leadership, Tim Cook Tenure Siri Redesign, Apple AI Apple App Store Apple EU, Digital Markets Act CVE-2022-32898 Third-Party iOS Apps Apple Antitrust, DOJ Lawsuit

Russia Imposes Network-Level Blockade on Apple’s End-to-End Encrypted FaceTime

Do Son December 5, 2025

Russia has recently imposed a network-level blockade on Apple’s video-calling service FaceTime, which is developed and operated...

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

CVE-2024-40725 & CVE-2024-40898 Apache SSRF NTLM Leak, suexec Bypass

Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass

Do Son December 5, 2025

The Apache Software Foundation has rolled out a crucial update for the ubiquitous Apache HTTP Server, addressing...

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion USB LNK Cryptominer, Smart Mining Evasion

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion

Do Son December 5, 2025

In an era dominated by cloud vulnerabilities and phishing emails, a classic threat vector has made a...

The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core Apache Tika XXE, Malicious PDF Exploit Apache Tika, XXE vulnerability CVE-2025-54988

The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core

Do Son December 5, 2025

The Apache Tika toolkit, the industry standard for detecting and extracting metadata from over a thousand file...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure

Do Son December 5, 2025

Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage...

Operation DUPEHIKE Hits Russian HR: Bonus Lure Delivers DUPERUNNER and Adaptix C2 via Process Injection AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Operation DUPEHIKE Hits Russian HR: Bonus Lure Delivers DUPERUNNER and Adaptix C2 via Process Injection

Do Son December 5, 2025

A new, highly targeted espionage campaign dubbed Operation DUPEHIKE has been uncovered targeting corporate entities within the...

High-Severity Splunk Flaw Allows Local Privilege Escalation via Incorrect File Permissions on Windows

Do Son December 5, 2025

Splunk administrators managing Windows environments are being urged to patch immediately following the discovery of two high-severity...

High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection CVE-2024-25641 Cacti SNMP RCE, Command Injection

CVE-2024-25641 Cacti SNMP RCE, Command Injection

High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection

Do Son December 5, 2025

A high-severity security flaw has been uncovered in Cacti, the popular open-source network graphing solution. The vulnerability,...

Russian Calisto APT Targets Reporters Without Borders with Custom AiTM Phishing and “Missing File” Lure Calisto RSF Espionage, AiTM Phishing Lure

Calisto RSF Espionage, AiTM Phishing Lure

Russian Calisto APT Targets Reporters Without Borders with Custom AiTM Phishing and “Missing File” Lure

Do Son December 5, 2025

A fresh wave of cyber-espionage attacks has struck the international non-profit sector, with Russian state-sponsored hackers zeroing...

NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA DGX Cloud restructuring, Dwight Diercks engineering shift NVIDIA Isaac Launchable, Hard-coded Credentials NVIDIA Merlin Deserialization, AI Pipeline RCE Triton DoS Flaws, AI Inference Server Security NVIDIA AI programming AI Chips China 800VDC Data Center, AI Power Architecture CVE-2024-0114 NVIDIA Container Toolkit vulnerability Container escape

NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption

Do Son December 5, 2025

NVIDIA has issued a security bulletin regarding its Triton Inference Server, a cornerstone tool used by MLOps...

Patchwork APT Deploys StreamSpy Trojan, Hiding C2 Commands in WebSocket Traffic for Stealth Espionage Patchwork StreamSpy, WebSocket C2

Patchwork APT Deploys StreamSpy Trojan, Hiding C2 Commands in WebSocket Traffic for Stealth Espionage

Do Son December 5, 2025

The Patchwork APT group (also known as Bai Xiang or “White Elephant”), a cyberespionage actor believed to...