cybersecurity

9.8 Critical macOS Flaw (CVSS 9.8) Bypasses TCC Without Root Access: PoC Published

• Vulnerability

9.8 Critical macOS Flaw (CVSS 9.8) Bypasses TCC Without Root Access: PoC Published

Do Son August 11, 2025 0

Security researcher Zhongquan Li has uncovered a critical flaw in macOS InstallAssistant, tracked as CVE-2025-24103 with a...

Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.8</span> Critical macOS Flaw (CVSS 9.8) Bypasses TCC Without Root Access: PoC Published

Dashlane Ends Free Plan, Forcing Users to Pay or Switch

• Technology

Dashlane Ends Free Plan, Forcing Users to Pay or Switch

Do Son August 11, 2025 0

Dashlane, the password manager previously offering a free tier, has announced that it will discontinue its free...

Read More Read more about Dashlane Ends Free Plan, Forcing Users to Pay or Switch

9.3 CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover

• Vulnerability Report

9.3 CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover

Do Son August 11, 2025 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-severity alert for a missing authentication...

Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.3</span> CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover

3.6 CVE-2025-55188: 7-Zip Arbitrary File Write Flaw Could Lead to Code Execution

• Vulnerability Report

3.6 CVE-2025-55188: 7-Zip Arbitrary File Write Flaw Could Lead to Code Execution

Do Son August 11, 2025 0

A newly disclosed vulnerability in 7-Zip, tracked as CVE-2025-55188, has been identified by security researcher Landon. The...

Read More Read more about <span class="dcs-sev-badge" style="background:#22c55e;">3.6</span> CVE-2025-55188: 7-Zip Arbitrary File Write Flaw Could Lead to Code Execution

9.8 Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF

• Vulnerability Report

9.8 Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF

Do Son August 11, 2025 0

Xerox has released a security update for FreeFlow Core, addressing two high-impact vulnerabilities that could allow attackers...

Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.8</span> Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF

9.8 CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover

• Vulnerability Report

9.8 CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover

Do Son August 11, 2025 0

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about a critical authentication...

Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.8</span> CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover

Efimer Trojan: New Crypto-Stealer Hijacks Wallets via Fake Legal Threats & Malicious Torrents

• Malware

Efimer Trojan: New Crypto-Stealer Hijacks Wallets via Fake Legal Threats & Malicious Torrents

Do Son August 11, 2025 0

Kaspersky Labs has uncovered a sophisticated, multi-pronged malware operation leveraging fake legal threats, compromised WordPress sites, and...

Read More Read more about Efimer Trojan: New Crypto-Stealer Hijacks Wallets via Fake Legal Threats & Malicious Torrents

CastleBot: The New MaaS Framework Fueling Info-Stealer & Ransomware Attacks

• Malware

CastleBot: The New MaaS Framework Fueling Info-Stealer & Ransomware Attacks

Do Son August 11, 2025 0

IBM X-Force has unveiled an in-depth analysis of CastleBot, a newly emerging Malware-as-a-Service (MaaS) framework that is...

Read More Read more about CastleBot: The New MaaS Framework Fueling Info-Stealer & Ransomware Attacks

7.8 Linux Kernel Flaw (CVE-2025-38236): Privilege Escalation Risk, PoC Code Available

• Vulnerability Report

7.8 Linux Kernel Flaw (CVE-2025-38236): Privilege Escalation Risk, PoC Code Available

Do Son August 11, 2025 0

Security researcher Jann Horn from Google Project Zero disclosed the technical details and proof-of-concept exploit code for...

Read More Read more about <span class="dcs-sev-badge" style="background:#f97316;">7.8</span> Linux Kernel Flaw (CVE-2025-38236): Privilege Escalation Risk, PoC Code Available

GreedyBear Unmasked: How Stealthy Firefox Extensions and Fake Sites Stole $1M in Crypto

• Cybercriminals

GreedyBear Unmasked: How Stealthy Firefox Extensions and Fake Sites Stole $1M in Crypto

Do Son August 11, 2025 0

Koi Security’s research team has unveiled GreedyBear, a threat group orchestrating industrial-scale cryptocurrency theft through a seamless...

Read More Read more about GreedyBear Unmasked: How Stealthy Firefox Extensions and Fake Sites Stole $1M in Crypto

8.4 WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware

• Vulnerability Report

8.4 WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware

Do Son August 11, 2025 0

Security researchers at ESET have uncovered a zero-day path traversal vulnerability in the Windows version of WinRAR...

Read More Read more about <span class="dcs-sev-badge" style="background:#f97316;">8.4</span> WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware

DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection

• Malware

DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection

Do Son August 11, 2025 0

Researchers from Fortinet’s FortiGuard Labs detected a new DarkCloud campaign deploying a stealthy, fileless payload through a...

Read More Read more about DarkCloud Rises: New Fileless Stealer Uses PowerShell & Process Hollowing to Evade Detection

Raksha Bandhan Scams Surge in India: Phishing, Fake Stores, and Virtual Sibling Cons Target Festival Shoppers

• Cybercriminals

Raksha Bandhan Scams Surge in India: Phishing, Fake Stores, and Virtual Sibling Cons Target Festival Shoppers

Do Son August 9, 2025 0

As families across India prepare to celebrate Raksha Bandhan, cybercriminals are also gearing up — not with...

Read More Read more about Raksha Bandhan Scams Surge in India: Phishing, Fake Stores, and Virtual Sibling Cons Target Festival Shoppers

Critical CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover

• Vulnerability Report

Critical CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover

Do Son August 9, 2025 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk evaluation warning about multiple high-severity...

Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">Critical</span> CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover

RubyGems Under Attack: 60 Malicious Packages Found Stealing Credentials from Grey-Hat Marketers

• Malware

RubyGems Under Attack: 60 Malicious Packages Found Stealing Credentials from Grey-Hat Marketers

Do Son August 8, 2025 0

Socket’s Threat Research Team has revealed a long-running supply chain attack in the RubyGems ecosystem, where a...

Read More Read more about RubyGems Under Attack: 60 Malicious Packages Found Stealing Credentials from Grey-Hat Marketers

DarkCloud Stealer: New Evasive Tactics Use Obfuscated Scripts & VB6 Payloads to Evade Detection

• Malware

DarkCloud Stealer: New Evasive Tactics Use Obfuscated Scripts & VB6 Payloads to Evade Detection

Do Son August 8, 2025 0

Unit 42 researchers have uncovered a significant shift in the distribution tactics of the DarkCloud Stealer malware,...

Read More Read more about DarkCloud Stealer: New Evasive Tactics Use Obfuscated Scripts & VB6 Payloads to Evade Detection

9.1 Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data

• Vulnerability Report

9.1 Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data

Do Son August 8, 2025 0

A severe security vulnerability has been uncovered in the Ruby implementation of JSON Web Encryption (JWE), tracked...

Read More Read more about <span class="dcs-sev-badge" style="background:#ef4444;">9.1</span> Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data

Android 16’s New Security Feature Could Slow Down Your Fast Charging

• Android

Android 16’s New Security Feature Could Slow Down Your Fast Charging

Do Son August 8, 2025 0

Google is continuing to strengthen the security of Android 16, introducing a new Advanced Protection Mode that...

Read More Read more about Android 16’s New Security Feature Could Slow Down Your Fast Charging

The Malicious Go Modules: 11 Malicious Go Packages Found on GitHub Deploying Stealthy Malware

• Malware

The Malicious Go Modules: 11 Malicious Go Packages Found on GitHub Deploying Stealthy Malware

Do Son August 8, 2025 0

Socket’s Threat Research Team has uncovered an alarming wave of malicious Go packages—some still live on GitHub—designed...

Read More Read more about The Malicious Go Modules: 11 Malicious Go Packages Found on GitHub Deploying Stealthy Malware

The SocGholish Malware Economy: Stealthy “Fake Updates” Fuel a Global Cybercrime Ecosystem

• Malware

The SocGholish Malware Economy: Stealthy “Fake Updates” Fuel a Global Cybercrime Ecosystem

Do Son August 8, 2025 0

Silent Push Threat Analysts have detailed one of today’s most pervasive cyber threats—SocGholish—exposing its deep ties to...

Read More Read more about The SocGholish Malware Economy: Stealthy “Fake Updates” Fuel a Global Cybercrime Ecosystem