cybersecurity Archives • Page 33 of 86 • Daily CyberSecurity

Plex Urges Password Reset After Data Breach Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Plex Urges Password Reset After Data Breach

Ddos September 9, 2025

The popular streaming platform Plex was recently the target of a cyberattack that resulted in a database...

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk MySQL Attacks, UDF Exploitation pREST, SQL injection

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Ddos September 9, 2025

The pREST project has issued a security advisory for CVE-2025-58450, a systemic SQL injection flaw that threatens...

Massive npm Supply Chain Attack: Qix’s Account Compromised, Billions of Weekly Downloads at Risk

Ddos September 9, 2025

Socket has detected a large-scale supply chain attack in progress targeting the npm ecosystem. The account of...

MostereRAT: The New RAT That Is Bypassing Antivirus and EDR Solutions MostereRAT, defense evasion

MostereRAT: The New RAT That Is Bypassing Antivirus and EDR Solutions

Ddos September 9, 2025

FortiGuard Labs has uncovered a sophisticated phishing campaign that deploys a new Remote Access Trojan (RAT) dubbed...

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands

Ddos September 9, 2025

Security researchers at Insikt Group have uncovered a major advancement in the operations of a newly designated...

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks CVE-2024-2044 pgAdmin, OAuth vulnerability

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

Ddos September 8, 2025

The developers of pgAdmin, the most widely used open-source administration and development platform for PostgreSQL, have patched...

CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available ImageMagick, heap out-of-bounds write

CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

Ddos September 8, 2025

Security researcher Lumina Mescuwa has disclosed a critical vulnerability in ImageMagick, tracked as CVE-2025-57807 (CVSS 9.8). The...

Azure to Enforce MFA for All Resource Management Operations Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure to Enforce MFA for All Resource Management Operations

Ddos September 8, 2025

As cyberattacks grow in frequency, sophistication, and impact, Microsoft is doubling down on its commitment to protect...

A New Threat to Artists: Hackers Threaten to Feed Stolen Art to AI AI extortion, artists' rights

A New Threat to Artists: Hackers Threaten to Feed Stolen Art to AI

Ddos September 8, 2025

For content creators, the unauthorized scraping of their work by AI companies for training artificial intelligence models...

CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE Apache Jackrabbit, JNDI injection CVE-2023-37895 Apache Jackrabbit, XXE Vulnerability

CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

Ddos September 8, 2025

The Apache Software Foundation has disclosed a new vulnerability in Apache Jackrabbit Core and JCR Commons, tracked...

Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388) CVE-2024-46909 & CVE-2024-8785 OpenEdge, Remote Command Execution

CVE-2024-46909 & CVE-2024-8785 OpenEdge, Remote Command Execution

Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

Ddos September 8, 2025

Progress Software has released patches for a high-severity vulnerability in the OpenEdge AdminServer component, tracked as CVE-2025-7388...

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender NightshadeC2, UAC Prompt Bombing

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender

Ddos September 8, 2025

Recently, the eSentire Threat Response Unit (TRU) identified a new botnet family dubbed NightshadeC2, deployed through a...

CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available cJSON vulnerability

CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

Ddos September 8, 2025

Security researcher Salah Chafai, an Exploit Development & Security specialist, has disclosed a critical flaw in the...

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

Ddos September 6, 2025

The FreePBX project has issued an important security advisory addressing two vulnerabilities that pose significant risks to...

Beyond Cracked Apps: New macOS Malware Is Using the Terminal to Steal Data Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Beyond Cracked Apps: New macOS Malware Is Using the Terminal to Steal Data

Ddos September 6, 2025

The Trend Micro Research team has uncovered a new campaign distributing Atomic macOS Stealer (AMOS), a malware...

Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns

Ddos September 5, 2025

Yesterday, we reported that security researchers had discovered three unauthorized digital certificates for Cloudflare’s public DNS server...

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching CISA KEV Catalog SharePoint RCE CISA, Known Exploited Vulnerabilities CVE-2023-33010

CISA KEV Catalog SharePoint RCE CISA, Known Exploited Vulnerabilities CVE-2023-33010

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

Ddos September 5, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

Ddos September 5, 2025

Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches...

A Massive Coordinated Attack Is Probing Cisco ASA Devices Cisco ASA, reconnaissance

A Massive Coordinated Attack Is Probing Cisco ASA Devices

Ddos September 5, 2025

The GreyNoise Intelligence team has observed two unusually large waves of scanning activity targeting Cisco Adaptive Security...

Acronis TRU Uncovers Surge in ScreenConnect Abuse with Dual-RAT Deployment Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Acronis TRU Uncovers Surge in ScreenConnect Abuse with Dual-RAT Deployment

Ddos September 5, 2025

The Acronis Threat Research Unit (TRU) has released new findings on an evolving cyber campaign that abuses...