cybersecurity Archives • Page 43 of 88 • Daily CyberSecurity

8.4 CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data Apache Tika XXE, Malicious PDF Exploit Apache Tika, XXE vulnerability CVE-2025-54988

8.4 CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data

Do Son August 21, 2025

The widely used Apache Tika toolkit, a powerful library for detecting and extracting metadata and text from...

A Trojan in Disguise: New Python Package on PyPI Hides a Multi-Stage Malware Operation Supply chain attack

A Trojan in Disguise: New Python Package on PyPI Hides a Multi-Stage Malware Operation

Do Son August 21, 2025

Zscaler’s ThreatLabz team has issued a warning after uncovering a malicious Python package on the Python Package...

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities WinRAR Zero-day

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities

Do Son August 21, 2025

BI.ZONE Threat Intelligence uncovered a series of targeted cyber-espionage campaigns conducted by the Paper Werewolf (GOFFEE) cluster,...

Critical Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse Docker Malware Campaign Docker Vulnerability CVE-2025-9074

Docker Malware Campaign Docker Vulnerability CVE-2025-9074

Critical Critical Docker Desktop Vulnerability Exposes Host Systems to Container Abuse

Do Son August 20, 2025

A critical vulnerability in Docker Desktop has been disclosed, tracked as CVE-2025-9074 with a CVSSv4 severity score...

10.0 Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

10.0 Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild

Do Son August 20, 2025

Apple has released urgent security updates to patch a zero-day vulnerability actively exploited in the wild, warning...

9.8 CVE-2025-54336 (CVSS 9.8): Critical Flaw in Plesk Obsidian Exposes Servers to Full Compromise CVE-2025-54336 Plesk Vulnerability

9.8 CVE-2025-54336 (CVSS 9.8): Critical Flaw in Plesk Obsidian Exposes Servers to Full Compromise

Do Son August 20, 2025

A newly disclosed security vulnerability in Plesk Obsidian, a widely used web hosting control panel, has been...

Firefox Switches to CRLite, Ditching OCSP for Better Speed and Privacy Firefox 32-bit Linux Firefox, CRLite Firefox 141, AI Tab Groups Firefox Focus Android

Firefox 32-bit Linux Firefox, CRLite Firefox 141, AI Tab Groups Firefox Focus Android

Firefox Switches to CRLite, Ditching OCSP for Better Speed and Privacy

Do Son August 20, 2025

The Mozilla Foundation recently announced on its official blog the deployment of the CRLite digital certificate revocation...

The Backdoor Is No More: UK Government Drops Demand for Access to iCloud Apple Background Security CVE-2026-20643 Apple Background Security Improvement Apple Backdoor Apple Lawsuit, Data Exfiltration CVE-2024-44131 - CVE-2025-24118 PoC

Apple Background Security CVE-2026-20643 Apple Background Security Improvement Apple Backdoor Apple Lawsuit, Data Exfiltration CVE-2024-44131 - CVE-2025-24118 PoC

The Backdoor Is No More: UK Government Drops Demand for Access to iCloud

Do Son August 20, 2025

In February 2025, reports emerged claiming that the UK government had secretly issued a notice to Apple,...

Critical CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software Municipal software, Vulnerability

Critical CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software

Do Son August 20, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of serious security flaws in Workhorse...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

8.8 Google Chrome Issues High-Severity Fix for V8 Engine Vulnerability (CVE-2025-9132)

Do Son August 20, 2025

Google has released a Stable Channel Update for its Chrome browser, addressing a critical security issue in...

Spies in Your Skype: GodRAT Malware Uses Steganography to Target Financial Firms Cyber-espionage, GodRAT

Spies in Your Skype: GodRAT Malware Uses Steganography to Target Financial Firms

Do Son August 20, 2025

Kaspersky Labs has identified a sophisticated cyber-espionage campaign targeting financial institutions, particularly trading and brokerage firms, through...

A ChatGPT App Is Hiding a Backdoor: Microsoft Exposes the PipeMagic Malware PipeMagic, Ransomware

A ChatGPT App Is Hiding a Backdoor: Microsoft Exposes the PipeMagic Malware

Do Son August 20, 2025

Microsoft Threat Intelligence has uncovered PipeMagic, a sophisticated modular backdoor used by the financially motivated threat actor...

7.8 Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang Windows vulnerability, Ransomware

7.8 Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang

Do Son August 20, 2025

In April, Microsoft has patched a high-severity, zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System...

Beyond AI Lures: Noodlophile Stealer Evolves with Stealthy Copyright Phishing Infostealer, Noodlophile

Beyond AI Lures: Noodlophile Stealer Evolves with Stealthy Copyright Phishing

Do Son August 20, 2025

The Noodlophile Stealer, a malware family first exposed for distributing through fake AI video-generation platforms, has resurfaced...

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives

Do Son August 20, 2025

CyberProof’s MDR analysts have uncovered a multi-stage cryptomining attack delivered via infected USB devices, demonstrating the persistent...

“Lazarus Stealer”: A New Android Trojan Is Stealing Financial Data from Russian Banks Android malware, banking trojan Lazarus Stealer

“Lazarus Stealer”: A New Android Trojan Is Stealing Financial Data from Russian Banks

Do Son August 20, 2025

A new CYFIRMA report has revealed the discovery of Lazarus Stealer, a highly sophisticated Android malware designed...

9.0 CVE-2025-55205: Critical Flaw in Capsule Kubernetes Exposes Clusters to Cross-Tenant Attacks Kubernetes security, multi-tenancy vulnerability CVE-2025-55205

Kubernetes security, multi-tenancy vulnerability CVE-2025-55205

9.0 CVE-2025-55205: Critical Flaw in Capsule Kubernetes Exposes Clusters to Cross-Tenant Attacks

Do Son August 19, 2025

A newly disclosed vulnerability in the Capsule Kubernetes multi-tenancy framework exposes organizations to privilege escalation and cross-tenant...

Phishing Scam Alert: McAfee Uncovers a New Android Campaign Impersonating a Government Solar Program FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud

FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud

Phishing Scam Alert: McAfee Uncovers a New Android Campaign Impersonating a Government Solar Program

Do Son August 19, 2025

McAfee Labs has uncovered an active Android phishing campaign targeting users in India, where attackers impersonate a...

PyPI Fights Back: New Security Feature Prevents Account Takeovers via Expired Domains Supply chain security

PyPI Fights Back: New Security Feature Prevents Account Takeovers via Expired Domains

Do Son August 19, 2025

The Python Package Index (PyPI) is taking a significant step toward securing the open-source software supply chain...

9.4 CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948) n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

9.4 CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948)

Do Son August 19, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability—CVE-2025-54948—to...