cybersecurity Archives • Page 35 of 88 • Daily CyberSecurity

Azure to Enforce MFA for All Resource Management Operations Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure to Enforce MFA for All Resource Management Operations

Do Son September 8, 2025

As cyberattacks grow in frequency, sophistication, and impact, Microsoft is doubling down on its commitment to protect...

A New Threat to Artists: Hackers Threaten to Feed Stolen Art to AI AI extortion, artists' rights

A New Threat to Artists: Hackers Threaten to Feed Stolen Art to AI

Do Son September 8, 2025

For content creators, the unauthorized scraping of their work by AI companies for training artificial intelligence models...

6.5 CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE Apache Jackrabbit, JNDI injection CVE-2023-37895 Apache Jackrabbit, XXE Vulnerability

6.5 CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

Do Son September 8, 2025

The Apache Software Foundation has disclosed a new vulnerability in Apache Jackrabbit Core and JCR Commons, tracked...

8.4 Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388) CVE-2024-46909 & CVE-2024-8785 OpenEdge, Remote Command Execution

CVE-2024-46909 & CVE-2024-8785 OpenEdge, Remote Command Execution

8.4 Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

Do Son September 8, 2025

Progress Software has released patches for a high-severity vulnerability in the OpenEdge AdminServer component, tracked as CVE-2025-7388...

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender NightshadeC2, UAC Prompt Bombing

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender

Do Son September 8, 2025

Recently, the eSentire Threat Response Unit (TRU) identified a new botnet family dubbed NightshadeC2, deployed through a...

9.8 CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available cJSON vulnerability

9.8 CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

Do Son September 8, 2025

Security researcher Salah Chafai, an Exploit Development & Security specialist, has disclosed a critical flaw in the...

High Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

High Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

Do Son September 6, 2025

The FreePBX project has issued an important security advisory addressing two vulnerabilities that pose significant risks to...

Beyond Cracked Apps: New macOS Malware Is Using the Terminal to Steal Data Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Beyond Cracked Apps: New macOS Malware Is Using the Terminal to Steal Data

Do Son September 6, 2025

The Trend Micro Research team has uncovered a new campaign distributing Atomic macOS Stealer (AMOS), a malware...

Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns

Do Son September 5, 2025

Yesterday, we reported that security researchers had discovered three unauthorized digital certificates for Cloudflare’s public DNS server...

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching CISA KEV Catalog SharePoint RCE CISA, Known Exploited Vulnerabilities CVE-2023-33010

CISA KEV Catalog SharePoint RCE CISA, Known Exploited Vulnerabilities CVE-2023-33010

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

Do Son September 5, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

9.4 CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

Do Son September 5, 2025

Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches...

A Massive Coordinated Attack Is Probing Cisco ASA Devices Cisco ASA, reconnaissance

A Massive Coordinated Attack Is Probing Cisco ASA Devices

Do Son September 5, 2025

The GreyNoise Intelligence team has observed two unusually large waves of scanning activity targeting Cisco Adaptive Security...

Acronis TRU Uncovers Surge in ScreenConnect Abuse with Dual-RAT Deployment Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Acronis TRU Uncovers Surge in ScreenConnect Abuse with Dual-RAT Deployment

Do Son September 5, 2025

The Acronis Threat Research Unit (TRU) has released new findings on an evolving cyber campaign that abuses...

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth

Do Son September 5, 2025

Researchers at the Trellix Advanced Research Center have identified a sophisticated new campaign leveraging the XWorm backdoor,...

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros APT28, NotDoor

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros

Do Son September 5, 2025

The intelligence team at LAB52 (S2 Grupo) has uncovered a sophisticated new backdoor campaign attributed to APT28,...

9.0 CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild DELMIA Apriso, deserialization flaw

9.0 CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild

Do Son September 4, 2025

Manufacturing operations are increasingly threatened not just by IoT weaknesses, but also by vulnerabilities in the complex...

A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service Cloudflare, TLS certificates

A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service

Do Son September 4, 2025

Cybersecurity experts have issued warnings regarding three anomalous TLS certificates associated with Cloudflare’s widely used DNS service...

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2 GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2

Do Son September 4, 2025

Researchers from ReversingLabs have discovered two malicious npm packages leveraging Ethereum smart contracts to conceal and deliver...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

9.0 CVE-2025-53690: Mandiant and Sitecore Warn of Active Exploitation in ASP.NET Machine Key Configurations

Do Son September 4, 2025

A coordinated disclosure by Mandiant and Sitecore has revealed the active exploitation of a critical configuration vulnerability...

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers Obscura ransomware, domain controller

Obscura: A Stealthy New Go-Based Ransomware Is Abusing Domain Controllers

Do Son September 4, 2025

Security analysts at Huntress reported the discovery of a previously unseen ransomware variant, named Obscura. The malware...