cybersecurity Archives • Page 26 of 86 • Daily CyberSecurity

Microsoft Offers Windows 10 ESU Free for One Year, Mandating Microsoft Account and OneDrive Backup Windows 10 ESU, OneDrive Mandatory

Microsoft Offers Windows 10 ESU Free for One Year, Mandating Microsoft Account and OneDrive Backup

Ddos October 13, 2025

Several years ago, Microsoft announced that it would officially end technical support for Windows 10 on October...

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing npm Phishing, Beamglea

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing

Ddos October 11, 2025

Socket’s Threat Research Team has uncovered a massive supply-chain abuse campaign leveraging npm’s public registry and unpkg.com’s...

DFIR Tool Hijacked: Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

DFIR Tool Hijacked: Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks

Ddos October 10, 2025

Cisco Talos has confirmed that ransomware operators are now abusing Velociraptor, an open-source digital forensics and incident...

ClickFix Phishing: New Automated Kits Trick Users Into Manually Running Malware and Stealers Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

ClickFix Phishing: New Automated Kits Trick Users Into Manually Running Malware and Stealers

Ddos October 10, 2025

Researchers from Palo Alto Networks Unit 42 have discovered a new phishing trend where attackers trick victims...

1Password Launches Secure Agentic Autofill with Human-in-the-Loop to Protect Credentials from AI Agents 1Password Agentic Autofill, Human-in-the-Loop 1Password has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219)

1Password Agentic Autofill, Human-in-the-Loop 1Password has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219)

1Password Launches Secure Agentic Autofill with Human-in-the-Loop to Protect Credentials from AI Agents

Ddos October 9, 2025

Major AI platforms are increasingly developing browser-based intelligent agents capable of performing tasks such as browsing the...

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER

Ddos October 7, 2025

CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Ddos October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

DrayTek Vigor RCE, CVE-2025-10547 Router security, TheMoon malware

RCE Flaw CVE-2025-10547 in DrayTek Vigor Routers Allows Unauthenticated Root Access

Ddos October 6, 2025

A newly disclosed vulnerability in DrayTek’s Vigor routers, tracked as CVE-2025-10547, could allow remote attackers to execute...

CVE-2025-61882 (CVSS 9.8): Critical RCE Flaw in Oracle E-Business Suite CVE-2025-21535 Oracle EBS RCE, CVE-2025-61882

CVE-2025-61882 (CVSS 9.8): Critical RCE Flaw in Oracle E-Business Suite

Ddos October 6, 2025

Oracle has issued an emergency Security Alert addressing a critical vulnerability (CVE-2025-61882) in Oracle E-Business Suite, warning...

Red Hat Confirms Breach of GitLab Instance, Customer Network Blueprints Stolen Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Red Hat Confirms Breach of GitLab Instance, Customer Network Blueprints Stolen

Ddos October 5, 2025

IBM’s enterprise Linux subsidiary, Red Hat, has confirmed that its managed repository—hosted on the GitLab platform—was compromised...

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion

Ddos October 4, 2025

The latest analysis from Trellix ARC reveals the unexpected return of XWorm, a notorious Remote Access Trojan...

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798) Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

GreyNoise Detects Coordinated Surge Exploiting Grafana Path Traversal Flaw (CVE-2021-43798)

Ddos October 3, 2025

Recently, GreyNoise observed a sudden and highly coordinated wave of exploitation attempts targeting CVE-2021-43798, a Grafana path...

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates

Ddos October 3, 2025

The WARMCOOKIE backdoor has resurfaced with new features, expanded infrastructure, and updated delivery mechanisms, according to a...

Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication

Ddos October 2, 2025

The Termix project has disclosed a critical authentication bypass vulnerability in its official Docker image, exposing sensitive...

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access

Ddos October 1, 2025

The security of the open-source software supply chain was once again tested when JFrog’s security research team...

Hackers Hijack Industrial Cellular Routers to Launch Widespread Smishing Campaigns Across Europe CVE-2020-3259 Router Smishing, Grooza Cluster

CVE-2020-3259 Router Smishing, Grooza Cluster

Hackers Hijack Industrial Cellular Routers to Launch Widespread Smishing Campaigns Across Europe

Ddos October 1, 2025

A new report from Sekoia.io’s Threat Detection & Research (TDR) team reveals how attackers are weaponizing industrial...

Apple HomePad delay Tesla CarPlay integration 2026 Apple CarPlay AI integration 2026 Apple 2026 product roadmap rumors, foldable iPhone release date Apple Vision Pro sales slump, Vision Pro production cut Russia FaceTime Ban Network Blockade Apple Apple 2026 Roadmap, iPhone Foldable, Apple Intelligence Apple Maps ads, iOS monetization Apple, Digital Markets Act FCC Leak, iPhone 16e Schematics iPhone Fold Apple Made in India Apple US Investment, Indian Tariffs Apple Leadership, Tim Cook Tenure Siri Redesign, Apple AI Apple App Store Apple EU, Digital Markets Act CVE-2022-32898 Third-Party iOS Apps Apple Antitrust, DOJ Lawsuit

Major Blunder: FCC Accidentally Leaks Confidential iPhone 16e Schematics

Ddos September 30, 2025

The U.S. Federal Communications Commission (FCC) recently and inadvertently released a 163-page PDF document in its public...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Ddos September 30, 2025

A newly disclosed local privilege escalation vulnerability, CVE-2025-41244, has been exploited as a zero-day in the wild,...

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices AI Storage Shortage QLC SSD Demand CVE-2022-29841 WD My Cloud, RCE Vulnerability

AI Storage Shortage QLC SSD Demand CVE-2022-29841 WD My Cloud, RCE Vulnerability

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices

Ddos September 30, 2025

Western Digital (WD) has patched a critical vulnerability in its My Cloud NAS platforms that could allow...

Broadcom Fixes Multiple VMware vCenter and NSX Vulnerabilities VMware Telco Cloud Platform 9 Tesco, Broadcom, VMware Walmart Broadcom Jericho4, Distributed AI Infrastructure Broadcom VMware, Perpetual Licenses AI Data Centers, Network Switch Unix automation security, Broadcom vulnerability

Broadcom Fixes Multiple VMware vCenter and NSX Vulnerabilities

Ddos September 30, 2025

Broadcom has released patches for three vulnerabilities affecting VMware vCenter Server and VMware NSX, with severities rated...