Daily CyberSecurity • Page 295 of 739 • Zero-hour alerts. Unmatched analysis.

High DoS Risk: Multer Flaws Threaten Millions of Node.js Apps Multer vulnerability Node.js security

High DoS Risk: Multer Flaws Threaten Millions of Node.js Apps

Do Son May 20, 2025

With over 26.3 million monthly downloads, Multer is a go-to middleware for handling multipart/form-data in Node.js—especially for...

Critical Risk (CVSS 9.9): samlify Flaw Exposes SSO in Widely Used Library samlify vulnerability SAML Signature Wrapping

Critical Risk (CVSS 9.9): samlify Flaw Exposes SSO in Widely Used Library

Do Son May 20, 2025

A newly disclosed vulnerability, CVE-2025-47949 (CVSSv4 9.9), has put countless Single Sign-On (SSO) implementations at risk by...

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection SAP RCE, CVE-2025-31324

SAP NetWeaver RCE: Zero-Day Allows File Uploads, Qilin Ransomware Connection

Do Son May 20, 2025

In a recent revelation, OP Innovate has uncovered early evidence of real-world exploitation of CVE-2025-31324 (CVSS 10),...

Is Your Chatbot Spying On You? Dangerous Plugin Found in Koishi Framework Chatbot privacy, Koishi security

Is Your Chatbot Spying On You? Dangerous Plugin Found in Koishi Framework

Do Son May 20, 2025

Socket’s Threat Research Team has uncovered a dangerous new threat lurking in the npm ecosystem: a malicious...

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover Motors WordPress theme vulnerability CVE-2025-4322

High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites to Full Takeover

Do Son May 20, 2025

A critical vulnerability has been discovered in the Motors WordPress theme, a popular premium theme with over...

Spring Framework Flaw Allows Unauthorized Access via Security Bypass CVE-2024-38821 - CVE-2025-22223 and CVE-2025-22228 Spring Framework vulnerability, Spring Security

CVE-2024-38821 - CVE-2025-22223 and CVE-2025-22228 Spring Framework vulnerability, Spring Security

Spring Framework Flaw Allows Unauthorized Access via Security Bypass

Do Son May 20, 2025

Spring Framework developers have issued a security advisory addressing a vulnerability that could lead to unauthorized access...

High-Risk RAGFlow Flaw: Account Takeover Possible (No Patch, PoC Available)

Do Son May 20, 2025

RAGFlow, the open-source Retrieval-Augmented Generation (RAG) platform developed by Infiniflow, has been found vulnerable to a serious...

Can Your Firewall Be Hacked? Severe Flaws Found in pfSense pfSense hacking, network security risk

Can Your Firewall Be Hacked? Severe Flaws Found in pfSense

Do Son May 20, 2025

Security researcher Navy Titanium have released a technical deep-dive uncovering three severe vulnerabilities affecting pfSense, the popular...

More_Eggs Malware Deep Dive: Abusing ieuinit.exe and Polymorphic JavaScript More_Eggs analysis, ieuinit.exe abuse

More_Eggs Malware Deep Dive: Abusing ieuinit.exe and Polymorphic JavaScript

Do Son May 20, 2025

More_Eggs is back—and it’s sneakier than ever. A new report by researcher Tonmoy Jitu dissects a recent...

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites Houzez theme - CVE-2024-22303 and CVE-2024-21743

Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites

Do Son May 20, 2025

Imperva researchers have disclosed a newly discovered vulnerability in WordPress that could expose sensitive draft and private...

DBatLoader Analysis: Evasive Malware Uses DLL Side-Loading and Anti-Detection Tactics DBatLoader malware, DLL side-loading

DBatLoader Analysis: Evasive Malware Uses DLL Side-Loading and Anti-Detection Tactics

Do Son May 20, 2025

In a detailed threat analysis, AhnLab SEcurity intelligence Center (ASEC) has uncovered a deceptive malware campaign involving...

OPPO A40: Stay Connected During Urban Nights with Ultra Bright Display & Fast Charging Img_2025_05_19_17_25_03

OPPO A40: Stay Connected During Urban Nights with Ultra Bright Display & Fast Charging

Do Son May 19, 2025

Nighttime in urban cities transforms into vibrant activity when sunset touches the city buildings. Our smartphones take...

Warning: Windows Update Triggering BitLocker Recovery Windows update BitLocker, BitLocker recovery

Warning: Windows Update Triggering BitLocker Recovery

Do Son May 19, 2025

Last week, Microsoft released the May 2025 cumulative update for Windows 10 and 11. Following the update,...

Fix Windows Update Problems: Common Error Codes and Solutions Driver Cleanup CVE-2024-49138 - December Patch Tuesday Windows update errors, Windows update troubleshooting

Driver Cleanup CVE-2024-49138 - December Patch Tuesday Windows update errors, Windows update troubleshooting

Fix Windows Update Problems: Common Error Codes and Solutions

Do Son May 19, 2025

During the installation of Windows 10/11 updates, failures frequently occur due to a variety of reasons —...

Microsoft’s Command Palette: A New Way to Search and Launch in Windows Windows Command Palette

Microsoft’s Command Palette: A New Way to Search and Launch in Windows

Do Son May 19, 2025

Much like Apple’s Spotlight feature available on Mac devices, Microsoft has quietly introduced a new capability called...

Nextcloud vs. Google: Fight Over Android File Access Permissions Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Nextcloud vs. Google: Fight Over Android File Access Permissions

Do Son May 19, 2025

The open-source cloud storage application Nextcloud has long relied on the highly critical “Full Files Access” permission...

Pwn2Own: Firefox Hacked with JavaScript Zero-Days – Details on the Exploits Firefox security, JavaScript exploit

Pwn2Own: Firefox Hacked with JavaScript Zero-Days – Details on the Exploits

Do Son May 19, 2025

Mozilla has moved swiftly to patch two critical zero-day vulnerabilities in Firefox, both of which were exploited...

PoC Released: iOS Kernel Flaw Allows File System Modification Without Jailbreak iOS kernel vulnerability dirtyZero exploit

PoC Released: iOS Kernel Flaw Allows File System Modification Without Jailbreak

Do Son May 19, 2025

A patched kernel vulnerability, CVE-2025-24203, has attracted great attention in the security community as well as the...

Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads Auth0-PHP vulnerability CVE-2025-47275

Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads

Do Son May 19, 2025

Okta has issued a critical security advisory warning developers and enterprises using the Auth0-PHP SDK about a...

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287) Tornado DoS CVE-2025-47287

High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287)

Do Son May 19, 2025

A newly disclosed vulnerability in the Tornado Python web framework, tracked as CVE-2025-47287, exposes applications to a...