cybersecurity Archives • Page 46 of 86 • Daily CyberSecurity

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation CISA KEV, D-Link Vulnerabilities

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation

Ddos August 6, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning for organizations and government entities:...

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military

Ddos August 6, 2025

A new threat analysis by Kyaw Pyiyt Htet, a CREST-certified Threat Intelligence Analyst, has revealed the inner...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available

Ddos August 6, 2025

Adobe has released urgent patches for two critical vulnerabilities affecting Adobe Experience Manager (AEM) Forms on JEE,...

The Fake Crypto Bot Scam: How Smart Contracts & AI Videos Are Stealing Millions on YouTube Crypto Scam, Executive Fraud business email compromise scam

Crypto Scam, Executive Fraud business email compromise scam

The Fake Crypto Bot Scam: How Smart Contracts & AI Videos Are Stealing Millions on YouTube

Ddos August 6, 2025

SentinelLABS has detailed a coordinated wave of cryptocurrency scams weaponizing malicious smart contracts promoted as arbitrage trading...

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor

Ddos August 6, 2025

The Imperva Threat Research team sounded the alarm on a coordinated exploitation campaign targeting outdated instances of...

The AI Phishing Trap: Zscaler Exposes Fake Brazilian Government Websites Generated by AI to Steal Payments

Ddos August 6, 2025

Zscaler’s ThreatLabz has uncovered a phishing campaign that leverages generative AI to construct high-fidelity replicas of Brazilian...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Critical Command Injection Flaws in Trend Micro Apex One Actively Exploited

Ddos August 5, 2025

Trend Micro has issued an urgent advisory for two critical command injection vulnerabilities affecting its Apex One...

iOS Update: Proton Authenticator Bug Leaked TOTP Secrets in Plaintext Logs Proton Authenticator, MFA Security Proton Authenticator, iOS Vulnerability

Proton Authenticator, MFA Security Proton Authenticator, iOS Vulnerability

iOS Update: Proton Authenticator Bug Leaked TOTP Secrets in Plaintext Logs

Ddos August 5, 2025

If you are using the iOS version of Proton Authenticator, it is imperative that you visit the...

Cloudflare Accuses Perplexity AI of Evading Blocks and Impersonating Chrome to Scrape Websites Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare layoffs 2026 AI bot traffic surge Content Signals Policy, AI Content Usage Cloudflare, Certificate Misissuance Salesforce, supply chain attack DDoS attack, Cloudflare Perplexity AI, Web Scraping Pay Per Crawl Cloudflare abuse R2 outage HTTP Cloudflare Blocking

Cloudflare Accuses Perplexity AI of Evading Blocks and Impersonating Chrome to Scrape Websites

Ddos August 5, 2025

The artificial intelligence search company Perplexity AI has previously been accused of engaging in unauthorized web scraping....

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection ADOdb SQL Injection, PHP Vulnerability

Critical ADOdb Flaw (CVE-2025-54119, CVSS 10.0) in SQLite3 Driver Allows SQL Injection

Ddos August 5, 2025

A critical SQL injection vulnerability has been discovered in ADOdb, a widely used PHP database abstraction library....

Android CLI Android Security Zero-Interaction DoS CVE-2026-21385 Android Security Update UK CMA Apple Google regulation Google Aluminum OS Android 16 leak, ALOS Android ChromeOS merger Android sideloading certification 2026, Google developer verification APK Android AOSP biannual release, AOSP source code latency 2026 Android Zero-Day, Critical DoS Flaw Android Universal Clipboard Cross-Device Sync Gemini Nano Block, Unlocked Bootloader Android, Calling Cards Android Security Bulletin, RCE Vulnerability Android Linux GUI, Debian VM Android System Services, Google Transparency Android 16, Pixel Update

Android Security Update: Critical RCE Flaw (CVE-2025-48530) in System Component Patched

Ddos August 5, 2025

Google has released the August 2025 Android Security Bulletin, addressing multiple critical and high-severity vulnerabilities affecting Android...

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now! NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now!

Ddos August 5, 2025

NVIDIA has released urgent software updates to address a set of critical vulnerabilities discovered in its popular...

PlayPraetor: New Android RAT Infects 11,000+ Devices with Real-Time On-Device Fraud Android RAT, PlayPraetor

PlayPraetor: New Android RAT Infects 11,000+ Devices with Real-Time On-Device Fraud

Ddos August 5, 2025

A large-scale cyber fraud campaign is sweeping across continents, exploiting Android devices. Security researchers at Cleafy have...

APT36 Targets Indian Government with Sophisticated Phishing, Bypassing MFA with Real-Time OTP Harvest APT36, Indian Government Phishing

APT36 Targets Indian Government with Sophisticated Phishing, Bypassing MFA with Real-Time OTP Harvest

Ddos August 5, 2025

A new report by CYFIRMA has uncovered a meticulously crafted phishing campaign attributed to APT36 (Transparent Tribe),...

New PXA Stealer Campaign Hits 62 Countries with Stealthy DLL Sideloading and Telegram Exfiltration PXA Stealer, Infostealer

New PXA Stealer Campaign Hits 62 Countries with Stealthy DLL Sideloading and Telegram Exfiltration

Ddos August 5, 2025

A new report by SentinelLABS and Beazley Security unveils an expansive and rapidly evolving infostealer operation powered...

Critical Dell DD OS Flaw (CVSS 9.8) Allows Unauthenticated Remote Access Dell DD OS Vulnerability, Authentication Bypass Dell SmartFabric OS10 Vulnerabilities

Critical Dell DD OS Flaw (CVSS 9.8) Allows Unauthenticated Remote Access

Ddos August 5, 2025

Dell Technologies has released an urgent security advisory addressing multiple vulnerabilities affecting its PowerProtect Data Domain Operating...

The Evolution of Evasion: Raspberry Robin Malware Upgrades with New Encryption & UAC Bypass Exploit Raspberry Robin, Malware Evasion

The Evolution of Evasion: Raspberry Robin Malware Upgrades with New Encryption & UAC Bypass Exploit

Ddos August 5, 2025

ThreatLabz has released a fresh technical update on Raspberry Robin, the elusive USB-propagated malware also known as...

Beavertail Malware Returns: North Korean Hackers Use NPM Packages to Steal Crypto & Secrets North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Beavertail Malware Returns: North Korean Hackers Use NPM Packages to Steal Crypto & Secrets

Ddos August 5, 2025

Veracode Threat Research has released an update on an ongoing North Korean cyber-espionage campaign that is actively...

Kimsuky APT Escalates Cyberespionage with Stealthy LNK Files & Reflective Malware Payloads Kimsuky APT, Cyberespionage

Kimsuky APT Escalates Cyberespionage with Stealthy LNK Files & Reflective Malware Payloads

Ddos August 5, 2025

A new report from Aryaka Threat Research Labs has disclosured one of the most technically sophisticated and...

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Urgent Zero-Day Warning: SonicWall VPNs Under Attack, Akira Ransomware Deployed Within Hours

Ddos August 4, 2025

Huntress has issued a critical alert about what appears to be a zero-day vulnerability in SonicWall Secure...

Critical Alert 1 Active Exploit Detected Today