cybersecurity Archives • Page 47 of 88 • Daily CyberSecurity

9.8 Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Connect EV Stations Allows Remote Code Execution

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

9.8 Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Connect EV Stations Allows Remote Code Execution

Do Son August 7, 2025

Ubiquiti has issued a comprehensive security advisory addressing multiple vulnerabilities in its UniFi Connect product line, affecting...

Google Admits Salesforce Breach, Joins Chanel & Allianz on ShinyHunters Victim List

Do Son August 7, 2025

A recent surge of persistent attacks targeting Salesforce CRM customer management systems has emerged—not due to vulnerabilities...

8.0 CVE-2025-53786: Microsoft Exchange Hybrid Deployments Expose Cloud Privilege Escalation Risk CVE-2025-53786) Exchange Hybrid Vulnerability, Privilege Escalation

CVE-2025-53786) Exchange Hybrid Vulnerability, Privilege Escalation

8.0 CVE-2025-53786: Microsoft Exchange Hybrid Deployments Expose Cloud Privilege Escalation Risk

Do Son August 7, 2025

Yesterday, Microsoft issued a critical security advisory addressing a newly identified vulnerability—CVE-2025-53786—in hybrid Microsoft Exchange environments. The...

9.8 Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover SATO Printers, Industrial Vulnerabilities

SATO Printers, Industrial Vulnerabilities

9.8 Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover

Do Son August 7, 2025

JPCERT/CC has issued a vulnerability note detailing two critical security flaws in SATO Corporation’s widely deployed industrial...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Critical CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication

Do Son August 7, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a...

Critical CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

WordPress Privilege Escalation CVE-2026-1492 Sneeit Framework RCE, Unauthenticated Code Execution Post SMTP, Account Takeover WordPress Vulnerability, Unpatched XSS WordPress Vulnerability, PHP Object Injection WordPress AI Engine, Privilege Escalation CVE-2024-43153 & CVE-2024-43234

Critical CVE-2025-52709: Critical PHP Object Injection Flaw in Everest Forms Plugin Affects 100,000+ Sites

Do Son August 7, 2025

A critical security vulnerability has been discovered in the Everest Forms plugin, a widely used WordPress plugin...

NVIDIA: “No Backdoors, No Kill Switches,” Rejecting Calls for Government Hardware Controls NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA GPU Security CUDA-Q Vulnerability NVIDIA Apex Vulnerability AI Infrastructure Security NVIDIA Cumulus Linux CVE-2025-33179 NVIDIA Arm divestment NVIDIA DGX Spark, CVE-2025-33187 NVIDIA Isaac-GROOT, Code Injection Megatron-LM Vulnerability, AI Code Injection NVIDIA China NVIDIA GPUs, Hardware Kill Switches NVIDIA Megatron-LM, LLM Vulnerabilities NVIDIA Base Command Manager - CVE-2024-0138

NVIDIA: “No Backdoors, No Kill Switches,” Rejecting Calls for Government Hardware Controls

Do Son August 7, 2025

As the global reliance on high-performance computing deepens, NVIDIA GPUs have become the invisible engines powering everything...

BYOVD Attack: A New AV Killer Exploits a Legitimate Driver to Neutralize Defenses for MedusaLocker Ransomware

Do Son August 7, 2025

A recent incident response operation in Brazil has revealed a stealthy and destructive threat abusing the trusted...

WhatsApp antitrust API probe India SIM-Binding Mandate Messaging App KYC WhatsApp DMA Interoperability BirdyChat Haiket Denmark Social Media Ban CVE-2025-55177 WhatsApp vulnerability, zero-click flaw npm Malware, System Wipe WhatsApp Windows App, WebView2 Downgrade WhatsApp Ban, US House NSO WhatsApp, Pegasus Spyware WhatsApp iPad iPadOS app

The WhatsApp Kill Switch: New npm Packages Use Developer’s Phone Number to Wipe Systems

Do Son August 7, 2025

Socket’s Threat Research Team has uncovered two malicious npm packages—naya-flore and nvlore-hsc—designed to target developers building WhatsApp...

Critical CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems Tigo Energy, CISA Alert

Critical CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems

Do Son August 7, 2025

In a critical advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), newly discovered vulnerabilities in...

Cryptocurrency Scams: How Fake Binance Ads Steal Your Data Malware, Cryptocurrency

Cryptocurrency Scams: How Fake Binance Ads Steal Your Data

Do Son August 7, 2025

AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated multi-stage malware campaign that targets cryptocurrency users through...

The AK47 Project: New Report Ties Storm-2603 to LockBit and Warlock Ransomware, SharePoint Exploits

Do Son August 7, 2025

In a revelation, Unit 42 has exposed a financially motivated cyber threat actor cluster, dubbed CL-CRI-1040, with...

VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published VirtualBox Escape, Integer Overflow

VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published

Do Son August 6, 2025

Security researcher Juan Jose Lopez Jaimez published the technical details and proof-of-concept exploit code for a vulnerability...

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation CISA KEV, D-Link Vulnerabilities

CISA Adds Three D-Link Flaws to KEV Catalog: EOL IP Cameras Under Active Exploitation

Do Son August 6, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning for organizations and government entities:...

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military

Do Son August 6, 2025

A new threat analysis by Kyaw Pyiyt Htet, a CREST-certified Threat Intelligence Analyst, has revealed the inner...

10.0 Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available

Do Son August 6, 2025

Adobe has released urgent patches for two critical vulnerabilities affecting Adobe Experience Manager (AEM) Forms on JEE,...

The Fake Crypto Bot Scam: How Smart Contracts & AI Videos Are Stealing Millions on YouTube Crypto Scam, Executive Fraud business email compromise scam

Crypto Scam, Executive Fraud business email compromise scam

The Fake Crypto Bot Scam: How Smart Contracts & AI Videos Are Stealing Millions on YouTube

Do Son August 6, 2025

SentinelLABS has detailed a coordinated wave of cryptocurrency scams weaponizing malicious smart contracts promoted as arbitrage trading...

9.8 Critical HFS 2.x Flaw (CVE-2024-23692) Actively Exploited: Legacy File Server Becomes a Ransomware Backdoor Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538