cybersecurity Archives • Page 38 of 86 • Daily CyberSecurity

PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

Ddos August 28, 2025

watchTowr Labs has released a detailed analysis of CVE-2025-54309, a zero-day authentication bypass vulnerability in CrushFTP, the...

Infrawatch Uncovers Belarusian-Run Residential Proxy Network Inside U.S. Homes Residential proxies, DSLRoot

Infrawatch Uncovers Belarusian-Run Residential Proxy Network Inside U.S. Homes

Ddos August 28, 2025

A new investigation by Infrawatch, in collaboration with KrebsOnSecurity, has revealed that a Belarusian national is covertly...

A Persistent Threat: Blind Eagle Hacking Group Continues to Target Colombia Blind Eagle, cyber espionage

A Persistent Threat: Blind Eagle Hacking Group Continues to Target Colombia

Ddos August 28, 2025

Insikt Group has released new findings on TAG-144, also known as Blind Eagle, AguilaCiega, APT-C-36, or APT-Q-98,...

Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens Salesforce data theft

Data Theft Alert: Salesforce Instances Breached via Third-Party App OAuth Tokens

Ddos August 28, 2025

The Google Threat Intelligence Group (GTIG) has issued an urgent advisory on a widespread data theft campaign...

A Silent Threat: How a Stealthy Campaign Is Stealing ScreenConnect Credentials for Ransomware ScreenConnect, credential harvesting

A Silent Threat: How a Stealthy Campaign Is Stealing ScreenConnect Credentials for Ransomware

Ddos August 28, 2025

The Mimecast Threat Research team, led by Samantha Clarke, has exposed an ongoing credential harvesting campaign (designated...

The Reversed Phishing Attack: New Campaign Triggers Victims to Call Hackers NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The Reversed Phishing Attack: New Campaign Triggers Victims to Call Hackers

Ddos August 28, 2025

Check Point Research (CPR) has exposed a new phishing campaign dubbed ZipLine, which flips the traditional social...

NVIDIA Warns of a High-Severity Flaw in NeMo AI Curator (CVE-2025-23307) NeMo Curator, NVIDIA vulnerability

NVIDIA Warns of a High-Severity Flaw in NeMo AI Curator (CVE-2025-23307)

Ddos August 27, 2025

NVIDIA has released an important security update addressing a high-severity vulnerability in its NeMo Curator tool. The...

PoC Available: D-Link Router Flaw with CVSS 9.8 and No Patch D-Link EOL RCE, Unauthenticated Command Injection D-Link Command Injection CVE-2025-57105

D-Link EOL RCE, Unauthenticated Command Injection D-Link Command Injection CVE-2025-57105

PoC Available: D-Link Router Flaw with CVSS 9.8 and No Patch

Ddos August 27, 2025

D-Link has issued an important security bulletin concerning its legacy DI-7400G+ router series, warning users of a...

Nx Build System Compromise Targets Developers with AI-Enhanced Supply Chain Attack Nx supply chain attack

Nx Build System Compromise Targets Developers with AI-Enhanced Supply Chain Attack

Ddos August 27, 2025

The StepSecurity research team has issued a warning about a large-scale supply chain attack involving the popular...

Beyond Compliance: Broadcom’s New Private Cloud Tools Secure AI Workloads Private cloud security, AI security

Beyond Compliance: Broadcom’s New Private Cloud Tools Secure AI Workloads

Ddos August 27, 2025

In addition to introducing privatized AI services within VMware Cloud Foundation (VCF) 9.0, enabling enterprises to natively...

A New AI Frontier: Claude’s Chrome Extension Opens the Door to New Dangers Anthropic valuation $350 billion AI agent, prompt injection

A New AI Frontier: Claude’s Chrome Extension Opens the Door to New Dangers

Ddos August 27, 2025

Recently, Anthropic introduced a Chrome-based extension for Claude Max users, designed to read active web pages and...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Google Chrome Patches Critical ANGLE Vulnerability (CVE-2025-9478) Discovered by AI Agent Big Sleep

Ddos August 27, 2025

Google has released a critical security update for the Stable channel of Chrome, addressing a use-after-free vulnerability...

Hook v3: The Banking Trojan That’s Evolving into a Hybrid Ransomware-Spyware Threat Hook malware, Android trojan

Hook v3: The Banking Trojan That’s Evolving into a Hybrid Ransomware-Spyware Threat

Ddos August 27, 2025

The zLabs research team at Zimperium has uncovered a dangerous new evolution of the Hook Android banking...

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk Welotec Vulnerability CVE-2025-41702

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk

Ddos August 27, 2025

A critical flaw has been identified in the Welotec egOS WebGUI backend, tracked as CVE-2025-41702, which could...

Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign UNC6384, cyber-espionage

Google Threat Intelligence Exposes UNC6384’s Stealthy Espionage Campaign

Ddos August 27, 2025

Google Threat Intelligence Group (GTIG) uncovered a complex, multi-stage cyber-espionage campaign attributed to the PRC-linked threat actor...

SpyNote’s New Lure: The Stealthy Campaign Using Fake App Stores Android RAT, SpyNote

SpyNote’s New Lure: The Stealthy Campaign Using Fake App Stores

Ddos August 27, 2025

Researchers at DomainTools have uncovered a persistent SpyNote Android Remote Access Trojan (RAT) campaign, where threat actors...

Cephalus: The New Ransomware That Abuses Legitimate Tools to Bypass Security

Ddos August 27, 2025

Recently, threat hunters at Huntress observed two separate incidents involving a new ransomware variant dubbed Cephalus. The...

The Underground Ransomware Gang Is Back with a Vicious New Global Campaign

Ddos August 27, 2025

The Underground ransomware gang is intensifying its operations, launching continuous ransomware attacks against companies worldwide, including high-profile...

Farmers Insurance Breach: 1.1 Million Customers Exposed in Salesforce Attack Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan