Daily CyberSecurity • Page 176 of 733 • Zero-hour alerts. Unmatched analysis.

Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances SillyTavern DNS Rebinding, CVE-2025-59159

Critical Flaw CVE-2025-59159 (CVSS 9.7) in SillyTavern Allows Full Remote Control of Local AI Instances

Do Son October 7, 2025

The developers of SillyTavern, a popular locally hosted interface for large language models (LLMs) and AI tools,...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Do Son October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation

Do Son October 7, 2025

IBM has released fixes for three security vulnerabilities affecting its IBM Security Verify Access and IBM Verify...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)

Do Son October 7, 2025

Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities...

PoC Released for Linux Kernel Escalates Privileges Flaw Linux kernel exploit - SLUBStick - Cross-Cache Attacks

PoC Released for Linux Kernel Escalates Privileges Flaw

Do Son October 7, 2025

A detailed exploit analysis of CVE-2023-4921 (CVSS 7.8) reveals how a subtle use-after-free flaw in the Linux...

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware

Do Son October 7, 2025

A new report from StrikeReady Labs has revealed a sophisticated spear-phishing campaign targeting European governmental and aviation...

New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion Yurei Ransomware, Double Extortion

New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion

Do Son October 7, 2025

A new ransomware variant known as Yurei Ransomware has emerged, and according to researchers from CYFIRMA, it...

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage

Do Son October 7, 2025

A new report from Hunt Intelligence reveals that APT SideWinder — one of South Asia’s most active...

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released Snipe-IT RCE Chain, Deserialization

Snipe-IT Flaw Chained: XSS (CVE-2025-59712) to RCE (CVE-2025-59713) Achieves Full Server Compromise, PoC Released

Do Son October 7, 2025

Cybersecurity researchers at Synacktiv have uncovered two critical vulnerabilities in Snipe-IT, an open-source IT asset management system,...

Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management Reemo-key-visual_1_1759753040bu4Bt3DRet

Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management

cybernewswire October 6, 2025

Paris, France, 6th October 2025, CyberNewsWire

StreetViewAI: Google’s Multimodal AI Brings Conversational Street View Navigation to the Visually Impaired StreetViewAI, Visually Impaired Navigation

StreetViewAI, Visually Impaired Navigation

StreetViewAI: Google’s Multimodal AI Brings Conversational Street View Navigation to the Visually Impaired

Do Son October 6, 2025

Google Research and DeepMind have recently unveiled a groundbreaking study introducing an innovative system called “StreetViewAI,” designed...

ChatGPT Lockdown Mode OpenAI OpenClaw acquisition OpenAI Prism GPT-5.2 LaTeX, scientific research AI workspace OpenAI, Mixpanel Breach ChatGPT Data Preservation, NYT Lawsuit ChatGPT Apps SDK, super app OpenAI Jony Ive, AI Hardware Delay Musk Apple lawsuit, App Store antitrust UK AI Partnership, OpenAI Collaboration Jony Ive OpenAI, DoD Contract OpenAI Lawsuit, ChatGPT Privacy North Korea ChatGPT - GPT-4.5 model OpenAI Models, AI Advancements OpenAI pricing, Flex API

OpenAI and Jony Ive’s AI Device Launch Delayed Over Compute, Privacy, and “Personality” Challenges

Do Son October 6, 2025

According to a report by the Financial Times, the first AI-powered device jointly developed by OpenAI and...

Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games Unity RCE, CVE-2025-59489

Unity Flaw CVE-2025-59489 Allows Local Code Execution in Millions of Games

Do Son October 6, 2025

A serious vulnerability in the Unity Runtime, tracked as CVE-2025-59489 (CVSS 8.4), has been discovered by security...

Qualcomm Antitrust Trial Begins: UK Consumer Group Seeks £480 Million for Inflated Smartphone Prices Qualcomm Samsung 2nm foundry deal, Snapdragon 8 Elite 2nm refresh Qualcomm Ventana Acquisition, RISC-V Strategy Qualcomm Autotalks, China Antitrust Qualcomm Antitrust, Which? Lawsuit Qualcomm GPU driver, CVE-2024-38399 Qualcomm's March 2025 Security Bulletin

Qualcomm Samsung 2nm foundry deal, Snapdragon 8 Elite 2nm refresh Qualcomm Ventana Acquisition, RISC-V Strategy Qualcomm Autotalks, China Antitrust Qualcomm Antitrust, Which? Lawsuit Qualcomm GPU driver, CVE-2024-38399 Qualcomm's March 2025 Security Bulletin

Qualcomm Antitrust Trial Begins: UK Consumer Group Seeks £480 Million for Inflated Smartphone Prices

Do Son October 6, 2025

Qualcomm is once again facing legal action — but this time, the lawsuit does not come from...

Critical Denial-of-Service Vulnerability Discovered in HAProxy

Do Son October 6, 2025

A newly discovered vulnerability in HAProxy, the widely used open-source reverse proxy and load balancer, could allow...

OpenAI Acquires AI Investment App Roi, Signaling ChatGPT’s Pivot to Personalized Financial Advice OpenAI Roi Acquisition, AI Finance

OpenAI Acquires AI Investment App Roi, Signaling ChatGPT’s Pivot to Personalized Financial Advice

Do Son October 6, 2025

OpenAI has once again ventured into acquisition, this time targeting Roi, an AI-driven personal investment application. While...

TamperedChef Malware: Fake PDF Editor Stole Credentials After Two Months of Covert Operation TamperedChef, Malvertising

TamperedChef Malware: Fake PDF Editor Stole Credentials After Two Months of Covert Operation

Do Son October 6, 2025

Cybersecurity researchers at WithSecure’s Strategic Threat Intelligence & Research Group (STINGR) have uncovered a highly sophisticated malware...

CVE-2025-27237: Zabbix Agent Flaw Allows Local Privilege Escalation via OpenSSL DLL Injection CVE-2024-22120 Zabbix DLL Injection, CVE-2025-27237

CVE-2024-22120 Zabbix DLL Injection, CVE-2025-27237

CVE-2025-27237: Zabbix Agent Flaw Allows Local Privilege Escalation via OpenSSL DLL Injection

Do Son October 6, 2025

A newly disclosed vulnerability in the Zabbix Agent and Agent 2 for Windows could allow local attackers...

Trinity of Chaos: New Alliance of Hackers Extorts 39 Firms, Leaking Data Stolen from Cisco, Google, and Global Airlines Trinity of Chaos, Data Extortion

Trinity of Chaos: New Alliance of Hackers Extorts 39 Firms, Leaking Data Stolen from Cisco, Google, and Global Airlines

Do Son October 6, 2025

A new report from Resecurity’s HUNTER team has exposed a massive data extortion operation conducted by a...

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access

Do Son October 6, 2025

A newly disclosed vulnerability in DrayTek’s Vigor routers, tracked as CVE-2025-10547, could allow remote attackers to execute...

Critical Alert 1 Active Exploit Detected Today