cybersecurity Archives • Page 33 of 88 • Daily CyberSecurity

6.5 CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060) CUPS vulnerability, Linux printing

6.5 CUPS Flaws Allow Linux Remote DoS (CVE-2025-58364) and Authentication Bypass (CVE-2025-58060)

Do Son September 15, 2025

OpenPrinting has released patches addressing two significant security flaws in the Common Unix Printing System (CUPS), a...

Meet ZynorRAT: The New Cross-Platform Malware Controlled via Telegram ZynorRAT, Telegram malware

Meet ZynorRAT: The New Cross-Platform Malware Controlled via Telegram

Do Son September 13, 2025

The Sysdig Threat Research Team (TRT) has discovered a new cross-platform Remote Access Trojan (RAT) dubbed ZynorRAT,...

Apple Issues New Spyware Alerts for French Officials and Journalists Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Issues New Spyware Alerts for French Officials and Journalists

Do Son September 12, 2025

Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions have received...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

9.8 CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access

Do Son September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in...

7.5 CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios proxy vulnerabilities prototype pollution gadget Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

7.5 CVE-2025-58754: Axios Vulnerability Puts Node.js Processes at Risk of DoS Attacks

Do Son September 12, 2025

The Axios project has released a security advisory for a newly discovered vulnerability affecting its popular promise-based...

9.0 CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited Known Exploited Vulnerabilities CISA KEV

9.0 CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited

Do Son September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA Apriso...

Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA VoidProxy Phishing

Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA

Do Son September 12, 2025

Okta Threat Intelligence has published a detailed analysis of VoidProxy, a previously unreported Phishing-as-a-Service (PhaaS) platform that...

BlackNevas Ransomware: A Persistent Global Threat With Impossible-to-Decrypt Payloads INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

BlackNevas Ransomware: A Persistent Global Threat With Impossible-to-Decrypt Payloads

Do Son September 12, 2025

AhnLab researchers have published a technical analysis of BlackNevas, a ransomware group that has been steadily launching...

Beyond Cobalt Strike: A New Open-Source Hacking Tool Is on the Rise Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Beyond Cobalt Strike: A New Open-Source Hacking Tool Is on the Rise

Do Son September 11, 2025

Researchers at Palo Alto Networks’ Unit 42 have published a report detailing the rise of AdaptixC2, an...

7.5 CVE-2025-8696: DoS Flaw in Stork UI Allows Unauthenticated Attackers to Crash Servers CVE-2025-8696 Stork UI

7.5 CVE-2025-8696: DoS Flaw in Stork UI Allows Unauthenticated Attackers to Crash Servers

Do Son September 11, 2025

The Internet Systems Consortium (ISC) has issued a security advisory addressing a high-severity flaw in Stork UI,...

ChillyHell: A New macOS Backdoor Bypassed Apple Notarization for Years OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

ChillyHell: A New macOS Backdoor Bypassed Apple Notarization for Years

Do Son September 11, 2025

Jamf Threat Labs has uncovered a new variant of the ChillyHell malware family—an advanced, modular backdoor for...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

ACSC Warns of Active Exploitation of SonicWall SSL VPN Vulnerability (CVE-2024-40766)

Do Son September 11, 2025

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an alert on the active...

KillSec Ransomware Strikes Brazilian Healthcare Provider, Exposing Patient Data

Do Son September 11, 2025

Resecurity has reported that KillSec ransomware has targeted MedicSolution, a key healthcare software provider in Brazil, compromising...

Unsealed Indictment Exposes Mastermind Behind Notorious Ransomware Gangs WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Unsealed Indictment Exposes Mastermind Behind Notorious Ransomware Gangs

Do Son September 11, 2025

The U.S. Department of Justice has unsealed a superseding indictment against Volodymyr Viktorovich Tymoshchuk — also known...

7.1 CVE-2025-58063: CoreDNS Vulnerability Could Disrupt DNS Updates CoreDNS Security Encrypted DNS Vulnerabilities CoreDNS vulnerability, DNS cache poisoning

CoreDNS Security Encrypted DNS Vulnerabilities CoreDNS vulnerability, DNS cache poisoning

7.1 CVE-2025-58063: CoreDNS Vulnerability Could Disrupt DNS Updates

Do Son September 11, 2025

The CoreDNS project has disclosed a vulnerability in its etcd plugin, tracked as CVE-2025-58063 (CVSS 7.1), which...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

High NVIDIA Patches High-Severity Vulnerabilities in NVDebug Tool

Do Son September 11, 2025

NVIDIA has released a software update for its NVDebug tool, addressing three high-severity vulnerabilities (CVE-2025-23342, CVE-2025-23343, and...

Fake AI Ad Tool “Madgicx Plus” Hijacks Meta Advertiser Accounts LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

Fake AI Ad Tool “Madgicx Plus” Hijacks Meta Advertiser Accounts

Do Son September 11, 2025

Cybereason Security Services has uncovered a malicious Chrome extension campaign targeting Meta (Facebook and Instagram) advertisers. Branded...

The Gentlemen: A New Ransomware Group Using Legitimate Tools to Bypass Security Chinese espionage groups APT35 Phishing, Stormshield CTI

The Gentlemen: A New Ransomware Group Using Legitimate Tools to Bypass Security

Do Son September 11, 2025

Trend Micro researchers have revealed a new ransomware campaign orchestrated by The Gentlemen, an emerging threat group...

Luno: A “Self-Healing” Linux Botnet That Mines Crypto and Launches DDoS Attacks Luno botnet, Linux botnet

Luno: A “Self-Healing” Linux Botnet That Mines Crypto and Launches DDoS Attacks

Do Son September 11, 2025

Cyble Research and Intelligence Labs (CRIL) has discovered an active in-the-wild Linux botnet campaign dubbed “Luno,” which...

Apple’s “Most Significant Upgrade” to iPhone Security Is Here DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

Apple’s “Most Significant Upgrade” to iPhone Security Is Here

Do Son September 10, 2025

Apple Security Engineering and Architecture (SEAR) has unveiled Memory Integrity Enforcement (MIE), an always-on, hardware-assisted memory safety...