cybersecurity Archives • Page 34 of 88 • Daily CyberSecurity

High GitLab Urges Immediate Update for Two High-Severity Flaws GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

GitLab Security Update Account Impersonation GitLab Security Update CVE-2026-1090 GitLab vulnerability GitLab vulnerability, GitLab patches

High GitLab Urges Immediate Update for Two High-Severity Flaws

Do Son September 10, 2025

GitLab has released new versions of its Community and Enterprise Editions to address several security vulnerabilities, including...

Voicemail Goldmine: A Data Exposure of 1.6M Audio Files Puts Gym Members at Risk Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Voicemail Goldmine: A Data Exposure of 1.6M Audio Files Puts Gym Members at Risk

Do Son September 10, 2025

Cybersecurity researcher Jeremiah Fowler has disclosed a massive data exposure involving over 1.6 million audio recordings belonging...

9.8 Sophos Fixes Critical Authentication Bypass (CVE-2025-10159) in AP6 Series Wireless Access Points Sophos vulnerability CVE-2025-10159

9.8 Sophos Fixes Critical Authentication Bypass (CVE-2025-10159) in AP6 Series Wireless Access Points

Do Son September 10, 2025

Sophos has released a fix for a critical authentication bypass vulnerability (CVE-2025-10159) affecting its AP6 Series Wireless...

8.8 Patch Tuesday: Microsoft Fixes 86 Flaws, Including 9 Critical and 2 Zero-Days (CVE-2025-55234 & CVE-2024-21907) Microsoft Patch Tuesday fixes disclosed zero day vulnerabilities Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

Microsoft Patch Tuesday fixes disclosed zero day vulnerabilities Windows Wormable Exploit April 2026 Patch Tuesday Microsoft Patch Tuesday Zero-Day Vulnerabilities Microsoft, Patch Tuesday CVE-2025-55234 CVE-2024-43573 and CVE-2024-43572 Microsoft Patch Tuesday Security Vulnerabilities

8.8 Patch Tuesday: Microsoft Fixes 86 Flaws, Including 9 Critical and 2 Zero-Days (CVE-2025-55234 & CVE-2024-21907)

Do Son September 10, 2025

Microsoft’s September 2025 Patch Tuesday addresses 86 vulnerabilities across its product ecosystem, including two zero-days and nine...

Critical Critical Flaws in Hiawatha Web Server Could Allow Authentication Bypass and RCE Hiawatha vulnerability

Critical Critical Flaws in Hiawatha Web Server Could Allow Authentication Bypass and RCE

Do Son September 10, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting three serious flaws in the Hiawatha...

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2 APT28, GONEPOSTAL

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2

Do Son September 10, 2025

Kroll has identified a new espionage campaign attributed to Russia’s APT28 (Fancy Bear), involving a custom Outlook...

8.0 Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign Lazarus Group, phishing campaign

8.0 Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign

Do Son September 10, 2025

KuCoin’s security team has identified fresh phishing campaigns orchestrated by the Lazarus Group (APT38), a North Korean...

Beyond Cryptominers: A New Malware Strain Is Hijacking Exposed Docker APIs Docker malware, exposed APIs

Beyond Cryptominers: A New Malware Strain Is Hijacking Exposed Docker APIs

Do Son September 10, 2025

The Akamai Hunt Team has discovered a new strain of malware targeting exposed Docker APIs. Unlike earlier...

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer

Do Son September 10, 2025

Zscaler ThreatLabz has uncovered new details about North Korean-aligned threat actor APT37 (also known as ScarCruft, Ruby...

High Ivanti Patches Two High-Severity RCE Flaws in Endpoint Manager Ivanti EPMM security updates Ivanti ITSM vulnerability authenticated privilege escalation Ivanti Xtraction vulnerability CVE-2026-8043 Ivanti EPM RCE, SQL Injection Ivanti EPM, remote code execution CVE-2024-50330 - CVE-2025-0282 and CVE-2025-0283

Ivanti EPMM security updates Ivanti ITSM vulnerability authenticated privilege escalation Ivanti Xtraction vulnerability CVE-2026-8043 Ivanti EPM RCE, SQL Injection Ivanti EPM, remote code execution CVE-2024-50330 - CVE-2025-0282 and CVE-2025-0283

High Ivanti Patches Two High-Severity RCE Flaws in Endpoint Manager

Do Son September 9, 2025

Ivanti has released important security updates for Ivanti Endpoint Manager (EPM), addressing two high-severity vulnerabilities that could...

9.6 CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6 CVE-2024-21915 Rockwell Stratix switch CVE-2025-7350

9.6 CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6

Do Son September 9, 2025

Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet switches,...

10.0 SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944) SAP security patch day critical security vulnerabilities SAP SQL Injection April 2026 Patch Day SAP Security, Critical Vulnerabilities Security Patch Day CVE-2025-42944

SAP security patch day critical security vulnerabilities SAP SQL Injection April 2026 Patch Day SAP Security, Critical Vulnerabilities Security Patch Day CVE-2025-42944

10.0 SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

Do Son September 9, 2025

Today, SAP released 21 new Security Notes and 4 updates as part of its monthly Security Patch...

Salesforce Breach Through Salesloft Drift Hits Google, Cloudflare, and 750 Firms Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Salesforce Breach Through Salesloft Drift Hits Google, Cloudflare, and 750 Firms

Do Son September 9, 2025

Beginning in July 2025, several high-profile companies reported breaches of their Salesforce CRM (Customer Relationship Management) systems,...

Plex Urges Password Reset After Data Breach Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Plex Urges Password Reset After Data Breach

Do Son September 9, 2025

The popular streaming platform Plex was recently the target of a cyberattack that resulted in a database...

9.3 CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk MySQL Attacks, UDF Exploitation pREST, SQL injection

9.3 CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Do Son September 9, 2025

The pREST project has issued a security advisory for CVE-2025-58450, a systemic SQL injection flaw that threatens...

Massive npm Supply Chain Attack: Qix’s Account Compromised, Billions of Weekly Downloads at Risk

Do Son September 9, 2025

Socket has detected a large-scale supply chain attack in progress targeting the npm ecosystem. The account of...

MostereRAT: The New RAT That Is Bypassing Antivirus and EDR Solutions MostereRAT, defense evasion

MostereRAT: The New RAT That Is Bypassing Antivirus and EDR Solutions

Do Son September 9, 2025

FortiGuard Labs has uncovered a sophisticated phishing campaign that deploys a new Remote Access Trojan (RAT) dubbed...

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands

Do Son September 9, 2025

Security researchers at Insikt Group have uncovered a major advancement in the operations of a newly designated...

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks CVE-2024-2044 pgAdmin, OAuth vulnerability

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

Do Son September 8, 2025

The developers of pgAdmin, the most widely used open-source administration and development platform for PostgreSQL, have patched...

3.8 CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available ImageMagick, heap out-of-bounds write

3.8 CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

Do Son September 8, 2025

Security researcher Lumina Mescuwa has disclosed a critical vulnerability in ImageMagick, tracked as CVE-2025-57807 (CVSS 9.8). The...