cybersecurity Archives • Page 28 of 86 • Daily CyberSecurity

OpenSSF Warns: Open Source Software Is Not a Free Service OpenSSF, open source

OpenSSF Warns: Open Source Software Is Not a Free Service

Ddos September 24, 2025

The Open Source Security Foundation (OpenSSF), together with several prominent open-source and software foundations, has issued a...

CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

Salesforce vulnerability CVE-2025-9844 Salt Typhoon cyberattack

CVE-2025-9844: Salesforce CLI Installer Vulnerability Could Lead to SYSTEM-Level Compromise

Ddos September 24, 2025

Salesforce has published a security advisory detailing a high-severity flaw in its Salesforce-CLI installer (sf-x64.exe). The vulnerability,...

CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk CVE-2025-64095 Site Takeover DNN Software, XSS, vulnerability

CVE-2025-59545: Critical XSS Flaw in DNN Software Puts 750,000 Websites at Risk

Ddos September 24, 2025

DNN Software has issued a security advisory warning of a critical stored cross-site scripting (XSS) vulnerability in...

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs CVE-2024-41988 & CVE-2024-41987

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs

Ddos September 24, 2025

Researchers at Cisco Talos have uncovered a long-running espionage campaign active since 2022, targeting the telecommunications and...

New Malware “YiBackdoor” Linked to IcedID and Latrodectus LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

New Malware “YiBackdoor” Linked to IcedID and Latrodectus

Ddos September 24, 2025

Researchers at Zscaler ThreatLabz have uncovered a new malware family, dubbed YiBackdoor, first observed in June 2025....

Zloader Resurfaces: Stealthier Trojan Evolves with DNS Tunneling and WebSocket C2 Zloader, ransomware

Zloader Resurfaces: Stealthier Trojan Evolves with DNS Tunneling and WebSocket C2

Ddos September 24, 2025

After nearly two years of silence, Zloader (a.k.a. Terdot, DELoader, or Silent Night) has returned with new...

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe Zyxel security - Mitel MiCollab Vulnerability

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe

Ddos September 24, 2025

Check Point Research (CPR) has published new findings on Nimbus Manticore, an Iranian state-aligned APT group overlapping...

Firefox Launches One-Click Rollback for Add-ons Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox Launches One-Click Rollback for Add-ons

Ddos September 24, 2025

The Mozilla Foundation has recently announced the launch of a rollback/restore feature for Firefox Add-ons, enabling developers...

CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2024-28991 & CVE-2024-28990 SolarWinds RCE vulnerability CVE-2025-26399

CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability

Ddos September 23, 2025

SolarWinds has released a hotfix for its Web Help Desk (WHD) software after the discovery of a...

Operation Rewrite: How a Malicious IIS Module Is Hijacking Websites Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Operation Rewrite: How a Malicious IIS Module Is Hijacking Websites

Ddos September 23, 2025

Researchers at Unit 42 uncovered a large-scale search engine optimization (SEO) poisoning campaign, tracked as CL-UNK-1037 and...

New Malware Found in npm Package “fezbox” Uses QR Codes to Steal Credentials GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

New Malware Found in npm Package “fezbox” Uses QR Codes to Steal Credentials

Ddos September 23, 2025

The Socket Threat Research Team has uncovered a new malware campaign hiding inside an npm package called...

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk

Ddos September 23, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Ddos September 23, 2025

Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security...

Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs ConnectWise ScreenConnect, RMM tool abuse

Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs

Ddos September 23, 2025

A new report from Hunt Intelligence reveals how attackers are abusing ConnectWise ScreenConnect (formerly ConnectWise Control) to...

EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus EDR evasion, Windows Defender

EDR-Freeze: How a Researcher Turned Windows Error Reporting Into a Weapon Against Antivirus

Ddos September 22, 2025

A new study from a ZeroSalarium security researcher sheds light on a new technique to bypass endpoint...

LastPass Warns of New SEO Poisoning Attack Targeting Mac Users LastPass, macOS infostealer

LastPass Warns of New SEO Poisoning Attack Targeting Mac Users

Ddos September 22, 2025

The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team has issued a warning about an ongoing infostealer...

PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0

Ddos September 22, 2025

Security researcher Ezzer17 published a clear, methodical write-up that walks through the root cause, the partial fixes,...

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide Microsoft Entra ID vulnerability CVE-2025-55241

Microsoft Entra ID vulnerability CVE-2025-55241

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide

Ddos September 22, 2025

In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in...

BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing BiDi Swap, phishing attacks Cybersecurity Threats

BiDi Swap: A Decade-Old Unicode Flaw Still Enables URL Spoofing

Ddos September 22, 2025

The Varonis Threat Labs team has published an eye-opening report about a persistent vulnerability in how modern...

PyPI Under Attack: New Malware ‘SilentSync’ Is Stealing Credentials SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

PyPI Under Attack: New Malware ‘SilentSync’ Is Stealing Credentials

Ddos September 22, 2025

Zscaler ThreatLabz has uncovered yet another supply chain attack against the Python Package Index (PyPI). In August...