Daily CyberSecurity • Page 292 of 739 • Zero-hour alerts. Unmatched analysis.

Ivanti EPMM Under Attack: Zero-Day RCE Exploited by China-Linked Group UNC5221 Ivanti EPMM RCE, China-nexus threat

Ivanti EPMM Under Attack: Zero-Day RCE Exploited by China-Linked Group UNC5221

Do Son May 23, 2025

A newly discovered zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM) — CVE-2025-4428 — is being actively...

Malicious VS Code Extensions Deliver Spyware, Steal Crypto Credentials VS Code security, crypto wallet theft

Malicious VS Code Extensions Deliver Spyware, Steal Crypto Credentials

Do Son May 23, 2025

In a detailed report published by Datadog Security Research, threat actor MUT-9332 has been linked to a...

Dark Web Alert: Genesis Market Returns with Stealthy Browser Extension Attack Attack Tree

Dark Web Alert: Genesis Market Returns with Stealthy Browser Extension Attack

Do Son May 23, 2025

The Genesis Market, a notorious dark web marketplace dismantled by law enforcement in early 2023, appears to...

Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform halo-security-soc2-type-1-pr_1747861523NMPbWxqoaj

halo-security-soc2-type-1-pr_1747861523NMPbWxqoaj

Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform

cybernewswire May 22, 2025

Miami, Florida, 22nd May 2025, CyberNewsWire

Your AI Summary Will Have Ads: Google Integrates Sponsored Content into Search AI overview ads, Google search ads

Your AI Summary Will Have Ads: Google Integrates Sponsored Content into Search

Do Son May 22, 2025

Google published a new blog post detailing its plans to incorporate sponsored content and advertisements into its...

Critical 0-Day: Cityworks Flaw Actively Exploited by Chinese APT UAT-6382

Do Son May 22, 2025

A newly identified Chinese-speaking threat actor cluster, tracked as UAT-6382, is actively exploiting a zero-day vulnerability in...

Europol & Microsoft Lead Global Takedown of Lumma Stealer, World’s Largest Infostealer Lumma Stealer takedown Cybercrime disruption

Europol & Microsoft Lead Global Takedown of Lumma Stealer, World’s Largest Infostealer

Do Son May 22, 2025

Europol’s European Cybercrime Centre (EC3) and Microsoft’s Digital Crimes Unit (DCU) have successfully disrupted the Lumma Stealer,...

INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia Cyberwire_Logo_-_INE_Security_-_1200x720px_1747851790kp8Vx0TKi1

INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia

cybernewswire May 22, 2025

Cary, North Carolina, 22nd May 2025, CyberNewsWire

ThreatBook Named a Notable Vendor in Global Network Analysis and Visibility (NAV) Independent Report ThreatBook_Logo_1747885054D8rFflroB8

ThreatBook Named a Notable Vendor in Global Network Analysis and Visibility (NAV) Independent Report

cybernewswire May 22, 2025

Beijing, China, 22nd May 2025, CyberNewsWire

Privilege Escalation Flaws in Cisco Unified Intelligence Center Threaten User Data Integrity Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Cisco ISE Root Escalation * Read-Only Admin Exploit Cisco Secure FMC Vulnerability CVE-2026-20131 Cisco Meeting Management Vulnerability CVE-2026-20098 Cisco vulnerability, RCE flaw CVE-2025-20265 Cisco Meraki, VPN Vulnerability Cisco Nexus Dashboard - CVE-2024-20424 CVE-2025-20115 Cisco Vulnerability CVE-2018-0171 Privilege Escalation Cisco Unified Intelligence Center

Privilege Escalation Flaws in Cisco Unified Intelligence Center Threaten User Data Integrity

Do Son May 22, 2025

Cisco has released security updates addressing two privilege escalation vulnerabilities—CVE-2025-20113 and CVE-2025-20114—in its Unified Intelligence Center (UIC)...

Unauthenticated Attacker Can Read Sensitive Files in Mitel OpenScape Xpressions MiContact Center Business Vulnerabilities Mitel vulnerability, OpenScape Xpressions

MiContact Center Business Vulnerabilities Mitel vulnerability, OpenScape Xpressions

Unauthenticated Attacker Can Read Sensitive Files in Mitel OpenScape Xpressions

Do Son May 22, 2025

Mitel has issued a security advisory warning of a high-severity path traversal vulnerability (CVE-2025-48026) in its OpenScape...

Google Chrome Update: 8 Security Fixes Including High-Severity Flaw Chrome security update, browser vulnerabilities

Google Chrome Update: 8 Security Fixes Including High-Severity Flaw

Do Son May 22, 2025

Google has released a Stable Channel update to version 137.0.7151.40/.41 for Windows and Mac as part of...

Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks Versa Concerto exploit, SD-WAN security

Unpatched 0-Days (CVSS 10): Versa Concerto Flaws Threaten Enterprise Networks

Do Son May 22, 2025

Versa Concerto, a popular SD-WAN and network orchestration platform used by large enterprises and governments, is under...

RADIUS Risk: Unauthenticated Remote Attacker Can Crash Cisco ISE by Default CVE-2024-20419 - Cisco Webex Vulnerability Cisco ISE DoS, CVE-2025-20152

CVE-2024-20419 - Cisco Webex Vulnerability Cisco ISE DoS, CVE-2025-20152

RADIUS Risk: Unauthenticated Remote Attacker Can Crash Cisco ISE by Default

Do Son May 22, 2025

Cisco has published a security advisory for a high-severity vulnerability impacting its Identity Services Engine (ISE) product....

Grafana Zero-Day? Emergency Patch Released ‘One Day Ahead of Schedule’ for XSS Flaw Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Zero-Day? Emergency Patch Released ‘One Day Ahead of Schedule’ for XSS Flaw

Do Son May 22, 2025

Grafana Labs issued an unscheduled security release—Grafana 12.0.0+security-01—alongside patches for all supported versions, addressing a high-severity cross-site...

GitLab Patches High-Severity Flaws: DoS and 2FA Bypass Fixed GitLab Security Update CVE-2026-0723 CVE-2023-7028 & CVE-2023-5356 GitLab vulnerability, DoS flaw

GitLab Security Update CVE-2026-0723 CVE-2023-7028 & CVE-2023-5356 GitLab vulnerability, DoS flaw

GitLab Patches High-Severity Flaws: DoS and 2FA Bypass Fixed

Do Son May 22, 2025

GitLab announced the release of versions 18.0.1, 17.11.3, and 17.10.7 for both its Community Edition (CE) and...

Docker Containers Under Attack: New Self-Replicating Dero Cryptominer Dero cryptominer, Docker container hack

Docker Containers Under Attack: New Self-Replicating Dero Cryptominer

Do Son May 22, 2025

Kaspersky Labs has uncovered a disturbing new malware campaign that turns exposed Docker containers into self-replicating Dero...

NIST Proposes New Metric to Predict “Likely Exploited” Vulnerabilities NIST LEV, vulnerability prioritization Likely Exploited Vulnerability

NIST LEV, vulnerability prioritization Likely Exploited Vulnerability

NIST Proposes New Metric to Predict “Likely Exploited” Vulnerabilities

Do Son May 22, 2025

The U.S. National Institute of Standards and Technology (NIST) is proposing a metric to address one of...

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE Langroid vulnerability, LLM agent exploit

Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE

Do Son May 22, 2025

Researchers have disclosed two critical vulnerabilities in Langroid, a popular Python framework designed for building large language...

Beyond Detection: PyBitmessage Protocol Used for Covert Monero Mining Campaign PyBitmessage malware, Monero coinminer

Beyond Detection: PyBitmessage Protocol Used for Covert Monero Mining Campaign

Do Son May 22, 2025

In a new and deeply evasive malware campaign, cybercriminals are leveraging the PyBitmessage protocol to hide a...