cybersecurity Archives • Page 27 of 88 • Daily CyberSecurity

Critical .NET Flaw (CVE-2025-55315) in QNAP: NAS Backup Utility Vulnerable to Credential Theft QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

QNAP Security Patches, NAS Vulnerabilities ASP.NET, QNAP CVE-2023-39296 PoC - CVE-2024-50394

Critical .NET Flaw (CVE-2025-55315) in QNAP: NAS Backup Utility Vulnerable to Credential Theft

Do Son October 28, 2025

Earlier, Microsoft released a security update to address a critical vulnerability in ASP.NET, identified as CVE-2025-55315 with...

Google Debunks False Gmail Breach Rumors as Credentials Leak Again

Do Son October 28, 2025

Earlier, several media outlets misinterpreted and selectively quoted statements from Google’s Security Team, claiming that the data...

CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8) critical server patch Pygmy Goat malware - Fuji Electric Ransomware Attack

critical server patch Pygmy Goat malware - Fuji Electric Ransomware Attack

CRITICAL ALERT: Windows Server WSUS Flaw Actively Exploited (CVE-2025-59287, CVSS 9.8)

Do Son October 25, 2025

Microsoft has recently issued an emergency security update for enterprise Windows Server Update Services (WSUS) to address...

Windows Secure Lock Screen Clock Lag Windows 11 KB5079391 error Windows 11 Kernel Driver Trust Microslop Windows 11 Windows 11 modem driver removal 2026, CVE-2025-24052 Agere driver exploit Windows 11 Password Icon Bug Lock Screen Glitch Windows 11 26H1 ARM Snapdragon X2 Windows 11 Reboot-Free, Insider Build Windows Update Error, 0x80070103 File Explorer, NTLM leak Windows bug, WinRE Windows Update, UAC prompts Secure Boot Certificate, Windows Security Windows 11 22H2 Installation security updates Windows UEFI CA 2023 Windows 11 25H2

Security First: Windows 11 Disables File Previews for Web Downloads

Do Son October 23, 2025

Earlier this month, Microsoft released a Windows 11 cumulative update addressing several known feature issues and security...

Two Critical Oracle Marketing Flaws (CVE-2025-53072, CVE-2025-62481) — Patch Immediately or Risk Full Takeover IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

IRGC Oracle Cloud Dubai strike Oracle global layoffs 2026 Oracle Fusion Middleware Vulnerability CVE-2026-21992 Oracle Edge Cloud Vulnerability CVE-2026-21994 Oracle Critical RCE, EBS Marketing Flaws CVE-2024-21182 PoC Exploit Oracle EBS Auth Bypass, CVE-2025-61884

Two Critical Oracle Marketing Flaws (CVE-2025-53072, CVE-2025-62481) — Patch Immediately or Risk Full Takeover

Do Son October 22, 2025

Oracle has released its October 2025 Critical Patch Update (CPU), fixing a massive 374 security vulnerabilities and...

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It Mercenary spyware, developer target Serbian Spyware

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It

Do Son October 22, 2025

Developer Jay Gibson recently contacted TechCrunch to recount his experience of being targeted by a state-sponsored spyware...

7-Zip Flaw (CVE-2025-11001) with Public Exploit Code Threatens Unpatched Systems 7-Zip heap buffer overflow CVE-2025-0411 7-Zip path traversal

7-Zip Flaw (CVE-2025-11001) with Public Exploit Code Threatens Unpatched Systems

Do Son October 21, 2025

Researchers recently disclosed a path-traversal vulnerability (CVE-2025-11001) in the open-source archiver 7-Zip that allows attackers to craft...

Warning: Xubuntu Website Compromised to Deliver Malware Xubuntu supply chain attack

Warning: Xubuntu Website Compromised to Deliver Malware

Do Son October 21, 2025

The official website of Xubuntu, a Linux distribution derived from Ubuntu, appears to have been compromised by...

Tor Browser Ditches AI: Why Privacy Trumps Convenience Tor IP spoofing Tor Browser, AI privacy

Tor Browser Ditches AI: Why Privacy Trumps Convenience

Do Son October 21, 2025

The Tor Project has recently released Tor Browser v15.0a4, an update that introduces numerous routine bug fixes...

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration Zimbra SSRF, Chat Proxy Flaw

Zimbra Issues Emergency Patch for Critical SSRF Vulnerability in Chat Proxy Configuration

Do Son October 17, 2025

Zimbra has released an emergency security patch (version 10.1.12) to address a critical Server-Side Request Forgery (SSRF)...

Cisco Patches High-Severity CVE-2025-20350 DoS Flaw in Desk and IP Phones Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco Phone DoS, CVE-2025-20350 Cisco SNMP Flaw CVE-2025-20352 CVE-2024-20398 & CVE-2024-20381 CVE-2025-20206

Cisco Patches High-Severity CVE-2025-20350 DoS Flaw in Desk and IP Phones

Do Son October 17, 2025

Cisco has released security updates to patch two vulnerabilities (CVE-2025-20350 and CVE-2025-20351) affecting multiple Cisco Desk Phone...

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT Operation Silk Lure, ValleyRAT LNK

Operation Silk Lure: Chinese Espionage Targets FinTech with Malicious Resume LNK to Implant ValleyRAT

Do Son October 17, 2025

Researchers at Seqrite Labs have uncovered a highly targeted cyber-espionage campaign, dubbed Operation Silk Lure, that leverages...

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk SAP Security Patch Day CVE-2025-42944, CVE-2025-42937

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk

Do Son October 14, 2025

SAP has released its October 2025 Security Patch Day, addressing 13 new security notes and 3 updates...

Microsoft Offers Windows 10 ESU Free for One Year, Mandating Microsoft Account and OneDrive Backup Windows 10 ESU, OneDrive Mandatory

Microsoft Offers Windows 10 ESU Free for One Year, Mandating Microsoft Account and OneDrive Backup

Do Son October 13, 2025

Several years ago, Microsoft announced that it would officially end technical support for Windows 10 on October...

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing npm Phishing, Beamglea

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing

Do Son October 11, 2025

Socket’s Threat Research Team has uncovered a massive supply-chain abuse campaign leveraging npm’s public registry and unpkg.com’s...

DFIR Tool Hijacked: Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

DFIR Tool Hijacked: Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks

Do Son October 10, 2025

Cisco Talos has confirmed that ransomware operators are now abusing Velociraptor, an open-source digital forensics and incident...

ClickFix Phishing: New Automated Kits Trick Users Into Manually Running Malware and Stealers Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

ClickFix Phishing: New Automated Kits Trick Users Into Manually Running Malware and Stealers

Do Son October 10, 2025

Researchers from Palo Alto Networks Unit 42 have discovered a new phishing trend where attackers trick victims...

1Password Launches Secure Agentic Autofill with Human-in-the-Loop to Protect Credentials from AI Agents 1Password hardware token PIN 1Password Agentic Autofill, Human-in-the-Loop 1Password has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219)

1Password hardware token PIN 1Password Agentic Autofill, Human-in-the-Loop 1Password has released security updates to address two vulnerabilities (CVE-2024-42218 and CVE-2024-42219)

1Password Launches Secure Agentic Autofill with Human-in-the-Loop to Protect Credentials from AI Agents

Do Son October 9, 2025

Major AI platforms are increasingly developing browser-based intelligent agents capable of performing tasks such as browsing the...

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER

Do Son October 7, 2025

CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Do Son October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

Critical Alert 4 Active Exploits Detected Today