cybersecurity Archives • Page 48 of 86 • Daily CyberSecurity

FunkSec Ransomware Decryptor Released Free: Victims Can Now Recover Files After Group Goes Dormant FunkSec Decryptor, Ransomware Recovery

FunkSec Ransomware Decryptor Released Free: Victims Can Now Recover Files After Group Goes Dormant

Ddos August 1, 2025

The cybersecurity firm Gen Digital—formerly known as Symantec and Norton—has recently submitted the decryption key and tool...

Critical Rtpengine Flaws (CVE-2025-53399) Allow Audio Interception and Injection in VoIP Calls, PoC Publishes Rtpengine Vulnerabilities, VoIP Security

Rtpengine Vulnerabilities, VoIP Security

Critical Rtpengine Flaws (CVE-2025-53399) Allow Audio Interception and Injection in VoIP Calls, PoC Publishes

Ddos July 31, 2025

Enable Security has disclosed critical vulnerabilities in Rtpengine, a popular media relay component used in Voice over...

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available! SUSE Manager, Remote Code Execution

Critical SUSE Manager Flaw (CVSS 9.8) Allows Unauthenticated Root RCE on All Clients – PoC Available!

Ddos July 31, 2025

SUSE has issued a high-severity security advisory for CVE-2025-46811, a critical vulnerability in SUSE Manager that allows...

Critical OAuth2-Proxy Flaw (CVE-2025-54576, CVSS 9.1) Allows Authentication Bypass via Query Parameters OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

OAuth2 Proxy Auth Bypass CVE-2026-34457 OAuth2-Proxy, Authentication Bypass

Critical OAuth2-Proxy Flaw (CVE-2025-54576, CVSS 9.1) Allows Authentication Bypass via Query Parameters

Ddos July 31, 2025

A critical vulnerability in the popular OAuth2-Proxy open-source authentication tool has been discovered, allowing attackers to bypass...

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection RedLoader, DLL Sideloading

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection

Ddos July 31, 2025

Sophos analysts have uncovered a newly combined infection technique used by the GOLD BLADE cybercriminal group to...

JSCEAL Malware Unmasked: Check Point Reveals Massive Campaign Targeting Crypto Users via Malvertising & Node.js Crypto Malware, JSCEAL Campaign

JSCEAL Malware Unmasked: Check Point Reveals Massive Campaign Targeting Crypto Users via Malvertising & Node.js

Ddos July 31, 2025

In a major cybersecurity revelation, Check Point Research (CPR) has disclosed the full scale of a stealthy...

NOVABLIGHT: New NodeJS Infostealer-as-a-Service Unmasked, Fueled by Fake Games & Disguised as “Educational” NOVABLIGHT, Infostealer MaaS

NOVABLIGHT: New NodeJS Infostealer-as-a-Service Unmasked, Fueled by Fake Games & Disguised as “Educational”

Ddos July 31, 2025

Elastic Security Labs has exposed the inner workings of NOVABLIGHT, a highly modular, NodeJS-based Malware-as-a-Service (MaaS) information...

Elastic APM Server & Beats Have Local Privilege Escalation Flaws Elastic Security Update CVE-2026-0532 Elastic Defend Arbitrary Delete, SYSTEM Privilege Escalation ECE Readonly EoP, Improper Authorization Elastic XSS, Kibana Vulnerabilities Elastic LPE, Observability Tools Vulnerabilities

Elastic APM Server & Beats Have Local Privilege Escalation Flaws

Ddos July 30, 2025

Elastic has issued patches for two local privilege escalation (LPE) vulnerabilities affecting its popular observability tools—APM Server...

Dropbox Passwords Is Shutting Down: Export Your Data by October 28, 2025, or Lose Everything Dropbox security incident Dropbox Passwords, Discontinuation

Dropbox Passwords Is Shutting Down: Export Your Data by October 28, 2025, or Lose Everything

Ddos July 30, 2025

The well-known cloud storage provider Dropbox, once leveraging its expertise in data storage to introduce the password...

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft BentoML SSRF, AI Application Security

Critical BentoML SSRF (CVSS 9.9) Exposes AI Applications to Unauthenticated Network Recon & Cloud Credential Theft

Ddos July 30, 2025

A severe server-side request forgery (SSRF) vulnerability has been disclosed in BentoML, a widely used Python framework...

Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps Wix Base44, AI Platform Vulnerability

Critical Flaw in Wix’s New AI Platform Base44 Allowed Unauthorized Access to Private Enterprise Apps

Ddos July 30, 2025

In a significant finding that highlights the risks associated with emerging AI development platforms, Wiz Research has...

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE Flaw (CVE-2025-5394) in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover

Ddos July 30, 2025

A critical-severity vulnerability in the popular Alone – Charity Multipurpose Non-profit WordPress Theme has left thousands of...

Gunra Ransomware Expands to Linux: New Variant Unleashes 100-Thread Encryption & Stealthy Tactics Gunra Ransomware, Linux Ransomware

Gunra Ransomware Expands to Linux: New Variant Unleashes 100-Thread Encryption & Stealthy Tactics

Ddos July 30, 2025

Trend Micro has issued a spotlight on the evolving Gunra ransomware, which has extended its reach to...

TP-Link Archer C50 (EOL) Exposed: Hardcoded DES Key Allows Sensitive Config Decryption (CVE-2025-6982)

Ddos July 30, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note concerning a flaw in the TP-Link Archer...

0bj3ctivityStealer: Stealthy Info-Stealer Uses Steganography & PowerShell to Evade Detection

Ddos July 30, 2025

A recent analysis from the Trellix Advanced Research Center (ARC) has unveiled a sophisticated and stealthy info-stealer...

BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation BeyondTrust Vulnerability CVE-2026-1731 CVE-2024-12356 - CVE-2025-0889 BeyondTrust Privilege Escalation, Windows Security

BeyondTrust Privilege Management for Windows: Two High-Severity Flaws Allow Local Privilege Escalation

Ddos July 30, 2025

BeyondTrust, a global leader in intelligent identity and access security, has issued two advisories addressing two local...

Raven Stealer: New MaaS Infostealer Plunders Data via Reflective Process Hollowing & Telegram Exfil Raven Stealer, MaaS Infostealer

Raven Stealer: New MaaS Infostealer Plunders Data via Reflective Process Hollowing & Telegram Exfil

Ddos July 30, 2025

A recent in-depth analysis from Cyfirma has shed light on the alarming capabilities of Raven Stealer, a...

ChatGPT Agent Bypasses Cloudflare Turnstile: AI Outsmarts “Human Verification” Systems AI CAPTCHA Bypass, Cloudflare Turnstile

ChatGPT Agent Bypasses Cloudflare Turnstile: AI Outsmarts “Human Verification” Systems

Ddos July 30, 2025

Cloudflare’s Turnstile CAPTCHA feature is designed to automate verification and reduce friction caused by traditional image selection...

SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls CVE-2024-40766 exploited SonicOS Vulnerability, DoS Attack

CVE-2024-40766 exploited SonicOS Vulnerability, DoS Attack

SonicWall Alert: Critical SSL VPN Flaw (CVE-2025-40600) Allows Remote DoS Attack on Firewalls

Ddos July 30, 2025

SonicWall, a prominent provider of cybersecurity solutions, has disclosed a critical vulnerability—CVE-2025-40600—affecting the SSL VPN interface of...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Update: Google Patches High-Severity Use-After-Free in Media Stream (CVE-2025-8292)

Ddos July 30, 2025

Google has announced a Stable Channel update for Chrome Desktop, pushing version 138.0.7204.183/.184 to users on Windows...

Critical Alert 1 Active Exploit Detected Today