cybersecurity Archives • Page 30 of 86 • Daily CyberSecurity

From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published Linux Kernel vulnerability CVE-2025-21692

From Simple Bug to RCE: A Flaw (CVE-2025-21692) in the Linux Kernel, PoC Published

Ddos September 18, 2025

Security researcher Volticks has published a deep technical writeup on CVE-2025-21692, a vulnerability in the Linux kernel’s...

CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution WatchGuard Agent Privilege Escalation CVE-2026-6787 WatchGuard Vulnerability CVE-2026-1498 WatchGuard Firebox VPN Flaws, Command Injection WatchGuard Vulnerability CVE-2024-6592 and CVE-2024-6593

CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution

Ddos September 17, 2025

WatchGuard has issued a security advisory addressing a critical vulnerability in its Fireware OS, tracked as CVE-2025-9242...

Firefox Password Manager: Stronger Security With New Encryption Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Sanitizer API Firefox 148 Security Firefox WebRTC Vulnerability CVE-2025-14321 PoC Firefox VPN Feature, Browser-Only VPN Firefox Add-ons Rollback Firefox Encryption Firefox MKV support Firefox ESR, Windows 7

Firefox Password Manager: Stronger Security With New Encryption

Ddos September 17, 2025

The password manager in Firefox supports cloud-based data synchronization, with the Mozilla Foundation employing the AES-256-GCM encryption...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server

Ddos September 17, 2025

NVIDIA has released a software update addressing multiple high- and critical-severity vulnerabilities in its Triton Inference Server,...

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways

Ddos September 17, 2025

HPE Aruba Networking has released patches addressing multiple high- and medium-severity vulnerabilities in its EdgeConnect SD-WAN Gateways,...

A New Crisis for CrowdStrike: A Self-Replicating Worm Has Compromised Its NPM Packages OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

OCRFix Botnet EtherHiding CrowdStrike supply chain attack Ivanti CSA Vulnerabilities

A New Crisis for CrowdStrike: A Self-Replicating Worm Has Compromised Its NPM Packages

Ddos September 17, 2025

In July 2024, cybersecurity firm CrowdStrike triggered a global-scale incident that left more than eight million PCs...

Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708) Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708)

Ddos September 17, 2025

A newly disclosed vulnerability in the Kubernetes C# client has been assigned CVE-2025-9708 with a CVSS score...

RevengeHotels Strikes Back: AI-Generated Phishing and a New RAT Target Hotels RevengeHotels, Hospitality Cybercrime

RevengeHotels Strikes Back: AI-Generated Phishing and a New RAT Target Hotels

Ddos September 17, 2025

The long-running cybercrime group RevengeHotels—also tracked as TA558—has resurfaced with a new campaign targeting hotels and the...

Shai-Hulud Supply Chain Attack Now Targets CrowdStrike’s npm Packages supply-chain-attack

Shai-Hulud Supply Chain Attack Now Targets CrowdStrike’s npm Packages

Ddos September 17, 2025

The malicious supply chain campaign dubbed “Shai-Hulud” has struck again, this time compromising multiple npm packages published...

KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available Linux DoS CVE-2025-38501

KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available

Ddos September 17, 2025

A newly disclosed vulnerability in the Linux kernel’s KSMBD subsystem has been assigned CVE-2025-38501, allowing remote attackers...

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage

Ddos September 17, 2025

The Russian-linked threat actor APT28, also known as Sofacy, Fancy Bear, Forest Blizzard, and TAG-110, has unveiled...

SmokeLoader Rises From the Ashes with New, Evasive Variants SmokeLoader, Malware

SmokeLoader Rises From the Ashes with New, Evasive Variants

Ddos September 17, 2025

First emerging in 2011, SmokeLoader (also known as Smoke or Dofoil) has remained one of the most...

PureHVNC RAT: Inside the HVNC Malware and the PureCoder Ecosystem Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

PureHVNC RAT: Inside the HVNC Malware and the PureCoder Ecosystem

Ddos September 17, 2025

A recent forensic investigation by Check Point Research (CPR) has shed light on the Pure malware family,...

AISURU Botnet: From Record-Breaking DDoS to Residential Proxy Empire CVE-2024-22394

AISURU Botnet: From Record-Breaking DDoS to Residential Proxy Empire

Ddos September 17, 2025

The AISURU botnet, first disclosed by XLab in 2024, has rapidly become one of the most dangerous...

Malicious Update to Popular NPM Package TinyColor Exposes Software Supply Chains Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Malicious Update to Popular NPM Package TinyColor Exposes Software Supply Chains

Ddos September 16, 2025

The Socket Research Team has uncovered a large-scale supply chain attack on the npm ecosystem, with more...

Unmasking the DarkCloud: A New Stealer Is Hiding Malware in JPG Files Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Unmasking the DarkCloud: A New Stealer Is Hiding Malware in JPG Files

Ddos September 16, 2025

CyberProof’s MDR analysts and Threat Hunters observed a sharp increase in DarkCloud Stealer infections, with campaigns primarily...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild

Ddos September 16, 2025

Hackers are exploiting a critical authentication bypass vulnerability in the Case Theme User plugin, a WordPress plugin...

HijackLoader: The Stealthy Malware Loader Powering Modern Cyberattacks Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

HijackLoader: The Stealthy Malware Loader Powering Modern Cyberattacks

Ddos September 16, 2025

Cybercriminals are increasingly relying on malware loaders to gain initial access, evade defenses, and deliver sophisticated payloads....

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code CVE-2024-25617 CVE-2025-59362 Squid Proxy ICP Vulnerability

Stack-Based Buffer Overflow in Squid Could Let Hackers Execute Arbitrary Code

Ddos September 15, 2025

Squid, the widely deployed caching proxy supporting HTTP, HTTPS, FTP, and more, has patched a critical security...

FBI Alert: Two Cybercriminal Groups Are Actively Compromising Salesforce TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

FBI Alert: Two Cybercriminal Groups Are Actively Compromising Salesforce

Ddos September 15, 2025

The Federal Bureau of Investigation (FBI), in coordination with DHS/CISA, has released a new FLASH Alert (FLASH-20250912-001)...