cybersecurity Archives • Page 31 of 86 • Daily CyberSecurity

Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control Digiever NVR, critical vulnerabilities

Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control

Ddos September 15, 2025

The Taiwan Computer Emergency Response Team (TWCERT/CC) has issued a vulnerability note warning of two critical security...

Unveiling BaoLoader: How One Malware Family Abuses Trust for 7 Years BaoLoader, code-signing abuse

Unveiling BaoLoader: How One Malware Family Abuses Trust for 7 Years

Ddos September 15, 2025

Expel researchers have lifted the veil on a long-running malware operation abusing the global trust model of...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk

Ddos September 15, 2025

The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational...

Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted

Ddos September 15, 2025

The U.S. energy industry has become a prime target for large-scale phishing operations in 2025, according to...

China-Aligned Hackers Unleash Upgraded Toneshell and New USB Worm China-aligned actor, Hive0154

China-Aligned Hackers Unleash Upgraded Toneshell and New USB Worm

Ddos September 15, 2025

IBM X-Force has published new findings on Hive0154, a China-aligned threat actor also tracked under names such...

VMScape (CVE-2025-40300): A New CPU Flaw Threatens Cloud Security VMScape, CPU vulnerability CVE-2025-40300

VMScape (CVE-2025-40300): A New CPU Flaw Threatens Cloud Security

Ddos September 15, 2025

Security researchers at ETH Zurich have published a study revealing how attackers can break through virtualization boundaries...

EvilAI Malware Campaign Exploits Trust in AI Tools to Infiltrate Global Industries EvilAI, malware campaign

EvilAI Malware Campaign Exploits Trust in AI Tools to Infiltrate Global Industries

Ddos September 15, 2025

Trend Micro researchers have uncovered a sophisticated malware campaign dubbed EvilAI, which disguises itself as productivity and...

CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060) CUPS vulnerability, Linux printing

CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060)

Ddos September 15, 2025

OpenPrinting has released patches addressing two significant security flaws in the Common Unix Printing System (CUPS), a...

Meet ZynorRAT: The New Cross-Platform Malware Controlled via Telegram ZynorRAT, Telegram malware

Meet ZynorRAT: The New Cross-Platform Malware Controlled via Telegram

Ddos September 13, 2025

The Sysdig Threat Research Team (TRT) has discovered a new cross-platform Remote Access Trojan (RAT) dubbed ZynorRAT,...

Apple Issues New Spyware Alerts for French Officials and Journalists Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Issues New Spyware Alerts for French Officials and Journalists

Ddos September 12, 2025

Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions have received...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access

Ddos September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in...

CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks

Ddos September 12, 2025

The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular promise-based...

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited Known Exploited Vulnerabilities CISA KEV

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited

Ddos September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA Apriso...

Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA VoidProxy Phishing

Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA

Ddos September 12, 2025

Okta Threat Intelligence has published a detailed analysis of VoidProxy, a previously unreported Phishing-as-a-Service (PhaaS) platform that...

BlackNevas Ransomware: A Persistent Global Threat With Impossible-to-Decrypt Payloads INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

BlackNevas Ransomware: A Persistent Global Threat With Impossible-to-Decrypt Payloads

Ddos September 12, 2025

AhnLab researchers have published a technical analysis of BlackNevas, a ransomware group that has been steadily launching...

Beyond Cobalt Strike: A New Open-Source Hacking Tool Is on the Rise Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Beyond Cobalt Strike: A New Open-Source Hacking Tool Is on the Rise

Ddos September 11, 2025

Researchers at Palo Alto Networks’ Unit 42 have published a report detailing the rise of AdaptixC2, an...

CVE-2025-8696: DoS Flaw in Stork UI Allows Unauthenticated Attackers to Crash Servers CVE-2025-8696 Stork UI

CVE-2025-8696: DoS Flaw in Stork UI Allows Unauthenticated Attackers to Crash Servers

Ddos September 11, 2025

The Internet Systems Consortium (ISC) has issued a security advisory addressing a high-severity flaw in Stork UI,...

ChillyHell: A New macOS Backdoor Bypassed Apple Notarization for Years OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain