cybersecurity Archives • Page 35 of 86 • Daily CyberSecurity

CVE-2025-6507 (CVSS 9.8): Critical H2O-3 Vulnerability Puts Machine Learning at Risk H2O-3, remote code execution

CVE-2025-6507 (CVSS 9.8): Critical H2O-3 Vulnerability Puts Machine Learning at Risk

Ddos September 2, 2025

H2O-3, a widely used open-source platform for distributed and scalable machine learning, has been found vulnerable to...

Why Antivirus Software Flags Your Linux ISO as Malware Linux Kernel legacy driver removal Linux kernel x86 page fault, interrupt state asymmetry fix Linux ISO, false positive CVE-2023-6200 - Linux Kernel 6.12 LTS 6.14

Linux Kernel legacy driver removal Linux kernel x86 page fault, interrupt state asymmetry fix Linux ISO, false positive CVE-2023-6200 - Linux Kernel 6.12 LTS 6.14

Why Antivirus Software Flags Your Linux ISO as Malware

Ddos September 2, 2025

The website DistroWatch, known for its coverage of Linux-related developments, has recently highlighted an issue encountered by...

No, There Was No “Major Gmail Security Breach”

Google Self-Preferencing Fine Idealo Antitrust Damages Anthropic, Google TPUs Google DMA Compliance, Search Self-Preferencing Google Play Store Ruling, Epic Games Victory Google fine, ad tech Google lawsuit, privacy violation Gmail security, false alarm Google Play EU regulation Google Security, Phone Number Leak Google 2025 - Google China’s Anti-Monopoly Law Google monopoly, ad tech Pixel 7a battery, battery swelling

No, There Was No “Major Gmail Security Breach”

Ddos September 2, 2025

Recently, reports of a so-called “major Gmail security breach” spread rapidly across the internet, with headlines such...

TinkyWinkey: A Stealthy New Keylogger Is Hunting for Credentials on Windows TinkyWinkey Keylogger, Windows malware

TinkyWinkey: A Stealthy New Keylogger Is Hunting for Credentials on Windows

Ddos September 2, 2025

Researchers at CYFIRMA have released an in-depth analysis of a newly observed Windows malware family dubbed the...

Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks

Ddos September 2, 2025

Fox-IT and NCC Group have released a detailed joint analysis exposing how a Lazarus Group subgroup continues...

Critical CVE-2025-21483 & CVE-2025-27034 in Qualcomm Modems Score CVSS 9.8 Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Qualcomm Security Bulletin CVE-2026-25254 RCE Qualcomm Diversification, Mobile Chip Competition CVE-2023-33025

Critical CVE-2025-21483 & CVE-2025-27034 in Qualcomm Modems Score CVSS 9.8

Ddos September 2, 2025

Qualcomm has published its September 2025 Security Bulletin, addressing a wide range of vulnerabilities across its chipsets,...

The Master Key: Exposed JSON File Gives Attackers Full Control of Azure AD Azure AD, misconfiguration

The Master Key: Exposed JSON File Gives Attackers Full Control of Azure AD

Ddos September 2, 2025

Resecurity’s HUNTER Team uncovered a severe misconfiguration: sensitive Azure Active Directory (Azure AD) application credentials exposed in...

CVE-2025-6203: DoS Flaw in HashiCorp Vault Allows Attackers to Crash Servers HashiCorp Vault, vulnerability CVE-2024-7594 - Vault Community Edition

HashiCorp Vault, vulnerability CVE-2024-7594 - Vault Community Edition

CVE-2025-6203: DoS Flaw in HashiCorp Vault Allows Attackers to Crash Servers

Ddos September 2, 2025

HashiCorp has issued a security advisory for a newly disclosed vulnerability in Vault, its widely used secrets...

Operation HanKook Phantom: APT-37 Targets South Korean Institutions with LNK-Based Espionage Campaign North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Operation HanKook Phantom: APT-37 Targets South Korean Institutions with LNK-Based Espionage Campaign

Ddos September 2, 2025

Researchers at Seqrite Lab have uncovered a new spear-phishing operation attributed to APT-37 (ScarCruft / InkySquid /...

A Deceptive Ad Campaign Is Stealing Credentials from the Hospitality Industry the phishing page prompts for OTP codes sent via SMS

A Deceptive Ad Campaign Is Stealing Credentials from the Hospitality Industry

Ddos September 2, 2025

Okta Threat Intelligence is sounding the alarm over a large-scale phishing campaign that has been actively impersonating...

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer ChaCha20 Cipher

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer

Ddos September 2, 2025

For over a year, Huntress researchers have been tracking the rise of ClickFix attacks, a form of...

AI Waifu RAT: A New Malware Masquerades as an AI Assistant to Hijack Your PC AI Waifu RAT, social engineering

AI Waifu RAT: A New Malware Masquerades as an AI Assistant to Hijack Your PC

Ddos September 2, 2025

Security researcher Ryingo has released a detailed analysis of a new malware strain dubbed the “AI Waifu...

CVE-2025-58158 Flaw in Harness Gitness Allows Arbitrary File Write Harness Gitness, arbitrary file write

CVE-2025-58158 Flaw in Harness Gitness Allows Arbitrary File Write

Ddos September 2, 2025

The open-source DevOps ecosystem has been hit with another critical security issue—this time in Harness Open Source,...

Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats Iranian-aligned, spear-phishing

Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats

Ddos September 2, 2025

Recently, researchers at Dream’s Threat Intelligence Team uncovered a sophisticated spear-phishing campaign that leveraged a compromised mailbox...

Anatomy of an Attack: New Report Exposes Ukrainian Networks Fueling Global Brute-Force Campaigns

Ddos September 2, 2025

A new report from Intrinsec has revealed a sprawling web of Ukrainian and offshore networks fueling large-scale...

CVE-2025-54857 (CVSS 9.8): Critical Flaw in Seiko Solutions Device Allows Remote Takeover Seiko Solutions, command injection

CVE-2025-54857 (CVSS 9.8): Critical Flaw in Seiko Solutions Device Allows Remote Takeover

Ddos September 1, 2025

A critical security flaw has been discovered in SkyBridge BASIC MB-A130, a networking device developed by Seiko...

CVE-2024-52284: SUSE Fleet Vulnerability Exposes Sensitive Helm Values in Plain Text Fleet security vulnerabilities cross namespace secret disclosure Rancher, GitOps Rancher Fleet Critical Vulnerability CVE-2026-41050

Fleet security vulnerabilities cross namespace secret disclosure Rancher, GitOps Rancher Fleet Critical Vulnerability CVE-2026-41050

CVE-2024-52284: SUSE Fleet Vulnerability Exposes Sensitive Helm Values in Plain Text

Ddos September 1, 2025

The SUSE Rancher Security Team has issued a security advisory warning of a high-severity vulnerability in Fleet,...

CVE-2025-57803: Critical Flaw in ImageMagick Could Lead to Remote Code Execution ImageMagick, remote code execution

CVE-2025-57803: Critical Flaw in ImageMagick Could Lead to Remote Code Execution

Ddos September 1, 2025

The ImageMagick team has disclosed a critical vulnerability in its BMP encoder, tracked as CVE-2025-57803, which can...

South Korea Fines SK Telecom $96.5M Over Massive Data Breach Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

South Korea Fines SK Telecom $96.5M Over Massive Data Breach

Ddos September 1, 2025

In April 2025, South Korea’s leading telecommunications provider SK Telecom (SKT) uncovered a long-standing software vulnerability that...

Elon Musk’s xAI Sues Ex-Engineer Over Stolen Grok AI Secrets Musk $134B OpenAI lawsuit, xAI Grok deepfake cease and desist xAI Series E $20 billion funding, Grok 5 NVIDIA supercomputer trade secret theft, xAI lawsuit Grok 2, Open Source AI Grok AI, xAI Investment xAI, MacroHard

Musk $134B OpenAI lawsuit, xAI Grok deepfake cease and desist xAI Series E $20 billion funding, Grok 5 NVIDIA supercomputer trade secret theft, xAI lawsuit Grok 2, Open Source AI Grok AI, xAI Investment xAI, MacroHard

Elon Musk’s xAI Sues Ex-Engineer Over Stolen Grok AI Secrets

Ddos September 1, 2025

Elon Musk’s artificial intelligence company xAI filed a lawsuit on August 28, 2025, in the U.S. District...