Daily CyberSecurity • Page 159 of 734 • Zero-hour alerts. Unmatched analysis.

Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor ThinkPHP Vulnerabilities

Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor

Do Son November 1, 2025

Researchers at Cyble Research and Intelligence Labs (CRIL) have identified a sophisticated malware campaign that leverages weaponized...

Pinterest AI layoffs 2026, Pinterest workforce reduction 15% OpenAI Pinterest acquisition 2026, multimodal AI training data Pinterest Assistant, AI Search, Visual Discovery

Pinterest Launches AI Assistant: Transforming Search to Personalized Visual Discovery

Do Son November 1, 2025

Pinterest recently announced the introduction of a new AI-powered search and recommendation tool called “Pinterest Assistant.” By...

Meta Quest 3 Gets Windows 11 Virtual Desktop—Bringing Mixed Reality to the Masses Mixed Reality, Virtual Desktop, Meta Quest 3

Meta Quest 3 Gets Windows 11 Virtual Desktop—Bringing Mixed Reality to the Masses

Do Son November 1, 2025

Microsoft recently announced the official rollout of its “Mixed Reality Link” feature for Windows 11, now available...

iPhone 17 Surge: Apple Hits Record $102B Revenue While Teasing AI Siri 2026 Debut Apple Earnings, iPhone 17 Sales Satellite connectivity, iPhone

iPhone 17 Surge: Apple Hits Record $102B Revenue While Teasing AI Siri 2026 Debut

Do Son November 1, 2025

Apple has announced its financial results for the fourth quarter of fiscal year 2025, ending on September...

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover

Do Son November 1, 2025

An extremely severe security vulnerability has been discovered and is being actively exploited in the Jobmonster –...

Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover CVE-2024-11972 - Hunk Companion

Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover

Do Son November 1, 2025

A critical security vulnerability has been identified and is being actively exploited in the King Addons for...

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover

Do Son November 1, 2025

The Post SMTP plugin, used by over 400,000 WordPress sites to ensure reliable email delivery, has been...

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control BRONZE BUTLER, Zero-Day

Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control

Do Son October 31, 2025

A sophisticated campaign executed by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) has...

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities

Do Son October 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new flaws—CVE-2025-24893 in XWiki Platform and...

Netflix Experiments with Vertical Video and Podcasts, Redefining Mobile Entertainment Amazon Aurora, Netflix Cloud Migration Netflix innovation, vertical video Netflix Dutch DPA

Amazon Aurora, Netflix Cloud Migration Netflix innovation, vertical video Netflix Dutch DPA

Netflix Experiments with Vertical Video and Podcasts, Redefining Mobile Entertainment

Do Son October 31, 2025

During a recent public appearance, Netflix Chief Technology Officer Elizabeth Stone revealed that the company is actively...

Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection Chrome 14-day update cycle Chromium JPEG-XL Image Format Debate Chromium DoS, document.title Browser Muting, iframe Media Supporters of Chromium-based Browsers

Chrome 14-day update cycle Chromium JPEG-XL Image Format Debate Chromium DoS, document.title Browser Muting, iframe Media Supporters of Chromium-based Browsers

Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection

Do Son October 31, 2025

Google’s Chromium, developed by Google, forms the foundation of many modern browsers — yet researchers have uncovered...

Samsung Internet Arrives on Windows, Pushing Forward Ambient AI Vision Samsung Internet, ambient AI

Samsung Internet Arrives on Windows, Pushing Forward Ambient AI Vision

Do Son October 31, 2025

Samsung has officially announced the launch of its Samsung Internet web browser for Windows 10 and Windows...

Court Mandate: Google Play Opens to External Payments in the US

Do Son October 31, 2025

Both Apple’s App Store and Google’s Play Store currently prohibit developers from directing users to make payments...

CVE-2025-64095: Critical CVSS 10.0 Flaw in DNN Platform Allows Unauthenticated Website Overwrite CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-64095: Critical CVSS 10.0 Flaw in DNN Platform Allows Unauthenticated Website Overwrite

Do Son October 31, 2025

The DNN Platform, a leading open-source Content Management System (CMS) in the Microsoft ecosystem, is urging its...

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image WooCommerce Skimmer, Fake PNG Steganography

WooCommerce Skimmer, Fake PNG Steganography

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image

Do Son October 31, 2025

The Wordfence Threat Intelligence Team has uncovered a highly sophisticated malware campaign targeting WordPress e-commerce sites using...

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies npm RDD Supply Chain, Slopsquatting

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies

Do Son October 31, 2025

Koi Security has uncovered a massive supply-chain campaign dubbed PhantomRaven, which has silently infected the npm ecosystem...

XLab Unveils RPX_Client, the First Confirmed Relay Node in PolarEdge IoT ORB Network P2P cryptominer malware threat Ollama endpoint attacks IoT Botnets DDoS Attacks

P2P cryptominer malware threat Ollama endpoint attacks IoT Botnets DDoS Attacks

XLab Unveils RPX_Client, the First Confirmed Relay Node in PolarEdge IoT ORB Network

Do Son October 31, 2025

Beijing-based XLab has unveiled the discovery of RPX_Client, a previously undocumented module linked to the PolarEdge ORB...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping Sandworm LotL, Ukraine Espionage

Russian APTs Exploit LotL Techniques in Ukraine Cyber Attacks, Deploying Sandworm-Linked Webshell and Credential Dumping

Do Son October 31, 2025

The Symantec Threat Hunter Team has uncovered two major cyber intrusions in Ukraine attributed to Russian-aligned threat...

Progress Patches High-Severity Vulnerability in MOVEit Transfer AS2 Module (CVE-2025-10932) CVE-2023-42659 & CVE-2024-8015 MOVEit AS2 DoS, Uncontrolled Resource Consumption

CVE-2023-42659 & CVE-2024-8015 MOVEit AS2 DoS, Uncontrolled Resource Consumption

Progress Patches High-Severity Vulnerability in MOVEit Transfer AS2 Module (CVE-2025-10932)

Do Son October 31, 2025

Progress Software Corporation has issued a security advisory warning of a high-severity vulnerability in its MOVEit Transfer...