cybersecurity Archives • Page 43 of 86 • Daily CyberSecurity

MadeYouReset: New HTTP/2 Flaw Threatens to Cripple Servers with DDoS Attacks MadeYouReset, HTTP/2 vulnerability FSF, AI Scraping Attacks OracleIV botnet

MadeYouReset, HTTP/2 vulnerability FSF, AI Scraping Attacks OracleIV botnet

MadeYouReset: New HTTP/2 Flaw Threatens to Cripple Servers with DDoS Attacks

Ddos August 15, 2025

CERT/CC has issued a vulnerability note warning about a newly discovered flaw in multiple HTTP/2 implementations that...

An Ethereum Dev’s Wallet Drained by a Fake AI Extension Crypto Drain Conspiracy, Malicious MobileConfig phone phishing Cryptocurrency Phishing

Crypto Drain Conspiracy, Malicious MobileConfig phone phishing Cryptocurrency Phishing

An Ethereum Dev’s Wallet Drained by a Fake AI Extension

Ddos August 15, 2025

It turns out that even seasoned professionals are not entirely immune to the deceptive tactics of phishing...

A Blast from the Past: Why a 2017 Office Flaw Still Haunts Enterprises Today Microsoft Office, CVE-2017-11882

A Blast from the Past: Why a 2017 Office Flaw Still Haunts Enterprises Today

Ddos August 15, 2025

Under normal circumstances, software developers recommend that users promptly update to the latest version after a release....

“Curly COMrades” Group Unmasked: Russian Threat Actors Deploy New Backdoor in Geopolitical Espionage Campaign Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

“Curly COMrades” Group Unmasked: Russian Threat Actors Deploy New Backdoor in Geopolitical Espionage Campaign

Ddos August 14, 2025

Bitdefender Labs has uncovered a new cyber-espionage group, dubbed “Curly COMrades”, believed to operate in support of...

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss WordPress vulnerability, CVE-2025-7384

Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss

Ddos August 14, 2025

A critical security vulnerability has been disclosed in the widely used Database for Contact Form 7, WPforms,...

Phishing-Resistant No More? New Attack Bypasses FIDO Passkeys with Downgrade Trick FIDO passkeys, downgrade attack

Phishing-Resistant No More? New Attack Bypasses FIDO Passkeys with Downgrade Trick

Ddos August 14, 2025

FIDO-based passkeys are widely regarded as one of the strongest defenses against phishing and account takeover (ATO)...

PS1Bot Malware Campaign Unleashes Modular PowerShell Framework with Stealthy New Tricks ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

PS1Bot Malware Campaign Unleashes Modular PowerShell Framework with Stealthy New Tricks

Ddos August 14, 2025

Cisco Talos has uncovered an ongoing and highly active malware campaign deploying a sophisticated, modular framework dubbed...

CVE-2025-40746: Critical Vulnerability Found in Siemens SIMATIC RTLS Locating Manager Siemens RTLS, CVE-2025-40746 CVE-2024-22040 - SINEC Security Monitor Siemens Security Advisory SENTRON 7KT PAC1260

Siemens RTLS, CVE-2025-40746 CVE-2024-22040 - SINEC Security Monitor Siemens Security Advisory SENTRON 7KT PAC1260

CVE-2025-40746: Critical Vulnerability Found in Siemens SIMATIC RTLS Locating Manager

Ddos August 14, 2025

Siemens ProductCERT has issued a high-severity security advisory (SSA-493787) warning of a critical vulnerability in its SIMATIC...

Unmasking VexTrio: A 15-Year Cybercrime Empire of Scams, Spam, and Fake Apps VexTrio, cybercrime syndicate

Unmasking VexTrio: A 15-Year Cybercrime Empire of Scams, Spam, and Fake Apps

Ddos August 14, 2025

In a detailed investigation, Infoblox Threat Intel has unmasked VexTrio as a sprawling cybercriminal network whose operations...

Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Kimsuky Hacked: Hackers Leak 8.9GB of Stolen Data and Tools from North Korean Group

Ddos August 14, 2025

Recently, the North Korean hacking group Kimsuky suffered a breach resulting in the leak of 8.9 GB...

New Zero-Click Flaw Bypasses Microsoft’s Patch, Leaking NTLM Credentials, PoC Available Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

New Zero-Click Flaw Bypasses Microsoft’s Patch, Leaking NTLM Credentials, PoC Available

Ddos August 13, 2025

Cymulate Research Labs has uncovered a critical zero-click NTLM credential leakage vulnerability—CVE-2025-50154—that bypasses Microsoft’s April 2025 patch...

GitLab Patches High-Severity Flaws: Update Now to Prevent XSS and Account Takeover GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab security updates Duo AI flaw fixed GitLab Runner Hijack, DoS Fix GitLab GraphQL Flaws, CVE-2025-11340 CVE-2024-9693 GitLab vulnerability, XSS

GitLab Patches High-Severity Flaws: Update Now to Prevent XSS and Account Takeover

Ddos August 13, 2025

GitLab has announced the release of versions 18.2.2, 18.1.4, and 18.0.6 for both the Community Edition (CE)...

Critical XZ Backdoor Still Lurks in Docker Images, Posing Supply Chain Risk XZ backdoor, Docker Hub MIFARE classic backdoor C++/CLI IIS Backdoor

Critical XZ Backdoor Still Lurks in Docker Images, Posing Supply Chain Risk

Ddos August 13, 2025

The backdoor vulnerability in XZ-Utils first came to light in March 2024, and had it not been...

Microsoft’s August Patch Tuesday: Zero-Day Kerberos Flaw Threatens Domain Admins Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Windows Kernel Zero-Day, Patch Tuesday CVE-2022-34713 Patch Tuesday, Zero-day

Microsoft’s August Patch Tuesday: Zero-Day Kerberos Flaw Threatens Domain Admins

Ddos August 13, 2025

Microsoft’s August 2025 Patch Tuesday brings security updates for 119 vulnerabilities, including 13 rated Critical and 91...

Zoom Patches Critical Flaw (CVE-2025-49457): Windows Users Face Privilege Escalation Risk Zoom Rooms LPE, Downgrade Protection Bypass Zoom High-Risk Flaws Zoom security updates

Zoom Rooms LPE, Downgrade Protection Bypass Zoom High-Risk Flaws Zoom security updates

Zoom Patches Critical Flaw (CVE-2025-49457): Windows Users Face Privilege Escalation Risk

Ddos August 13, 2025

Zoom has released security updates addressing two significant vulnerabilities in its Windows-based clients—CVE-2025-49456 and CVE-2025-49457—that could enable...

Charon Ransomware Emerges: APT-Style Precision Meets Destructive Encryption Charon Ransomware, APT Tactics

Charon Ransomware Emerges: APT-Style Precision Meets Destructive Encryption

Ddos August 13, 2025

Trend Research has identified a new ransomware family named Charon, targeting the Middle East’s public sector and...

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations PowerShell Phishing

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations

Ddos August 13, 2025

The FortiMail Workspace Security team has uncovered a targeted intrusion campaign against multiple Israeli organizations, exploiting compromised...

PoisonSeed’s MFA-Resistant Phishing Kit Exposed: A Deep Dive into Precision-Validated Credential Theft

Ddos August 13, 2025

A new NVISO investigation has revealed the inner workings of PoisonSeed, a sophisticated threat actor whose tactics...

GitHub Malware Campaign: SmartLoader Poses as Game Cheats to Steal Data SmartLoader, Malware

GitHub Malware Campaign: SmartLoader Poses as Game Cheats to Steal Data

Ddos August 13, 2025

The AhnLab SEcurity intelligence Center (ASEC) has uncovered a large-scale malware distribution campaign leveraging GitHub to spread...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

Chrome Stable Update 139 Blocks High-Severity Exploits in V8, libaom, and ANGLE

Ddos August 13, 2025

Google has rolled out a Stable Channel update for desktop users, bringing Chrome to version 139.0.7258.127/.128 for...