cybersecurity Archives • Page 51 of 86 • Daily CyberSecurity

Critical Flaw (CVE-2025-8070) in ASUSTOR Backup & EZSync Allows Local SYSTEM Privilege Escalation ASUSTOR Privilege Escalation, Unquoted Service Paths

ASUSTOR Privilege Escalation, Unquoted Service Paths

Critical Flaw (CVE-2025-8070) in ASUSTOR Backup & EZSync Allows Local SYSTEM Privilege Escalation

Ddos July 24, 2025

A newly disclosed vulnerability in ASUSTOR’s Windows-based applications—ASUSTOR Backup Plan (ABP) and ASUSTOR EZSync (AES)—could allow local...

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE Dahua IP Camera, Buffer Overflow Dahua IP cameras vulnerability

Dahua IP Camera, Buffer Overflow Dahua IP cameras vulnerability

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

Ddos July 24, 2025

Dahua Technology has issued a security advisory addressing two high-severity vulnerabilities in its IP camera product line,...

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise Samsung MagicINFO, Digital Signage Vulnerabilities

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Ddos July 24, 2025

Samsung’s widely used MagicINFO 9 Server, a digital signage management platform, was found multi security vulnerabilities. Security...

GitLab Update: High-Severity XSS & Data Exposure Flaws Patched GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Security Update CVE-2025-7659 CVE-2024-5655 GitLab Vulnerabilities, XSS & Data Exposure

GitLab Update: High-Severity XSS & Data Exposure Flaws Patched

Ddos July 23, 2025

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing multiple vulnerabilities—including high-severity...

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770 SharePoint RCE, Metasploit Exploit

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Ddos July 23, 2025

A newly released Metasploit module highlights the critical threat posed by an actively exploited remote code execution...

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Ddos July 23, 2025

SonicWall has issued a critical security advisory for a newly identified vulnerability—CVE-2025-40599—affecting its SMA 100 series appliances,...

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Ddos July 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Schneider Electric, has issued a security advisory...

Brave Browser Blocks Microsoft Recall by Default, Citing Persistent Privacy Concerns Brave Browser, Microsoft Recall

Brave Browser Blocks Microsoft Recall by Default, Citing Persistent Privacy Concerns

Ddos July 23, 2025

The widely recognized Brave Browser has recently announced that it will, by default, block Microsoft’s AI-powered Recall...

Arch Linux Alert: Malicious Firefox, LibreWolf, & Zen Web AUR Packages Spread CHAOS RAT Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Arch Linux Alert: Malicious Firefox, LibreWolf, & Zen Web AUR Packages Spread CHAOS RAT

Ddos July 23, 2025

If you are an Arch Linux user and have installed Mozilla Firefox, LibreWolf, or Zen Web from...

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog CISA KEV, Zero-Day Exploitation

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

Ddos July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE Form-Data Vulnerability, Multipart Injection

Form-Data Vulnerability, Multipart Injection

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

Ddos July 23, 2025

A critical vulnerability has been uncovered in the widely used JavaScript library Form-Data, impacting millions of applications...

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706) Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

Ddos July 23, 2025

Last week, the Microsoft Security Response Center (MSRC) issued an urgent advisory regarding active exploitation of critical...

CISA, FBI Warn of Interlock Ransomware, Actively Targeting Businesses & Critical Infrastructure Interlock Ransomware, CISA Advisory

CISA, FBI Warn of Interlock Ransomware, Actively Targeting Businesses & Critical Infrastructure

Ddos July 23, 2025

In a new joint cybersecurity advisory issued on July 22, 2025, the Cybersecurity and Infrastructure Security Agency...

New RFQ Scams Hit Businesses: Fraudsters Steal Goods via Net Financing & Fake Procurement FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud

FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud

New RFQ Scams Hit Businesses: Fraudsters Steal Goods via Net Financing & Fake Procurement

Ddos July 23, 2025

Cybercriminals are evolving beyond phishing emails and malware-laced links. According to a new report by Proofpoint Threat...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Google Patches Two High-Severity V8 Vulnerabilities (CVE-2025-8010, CVE-2025-8011) in Chrome

Ddos July 23, 2025

Google has released a new Stable Channel Update for Chrome Desktop, bringing the browser to version 138.0.7204.168/.169...

Lumma Stealer Resurfaces After Takedown: New Stealth Tactics Target Users via Fake Cracks, CAPTCHAs & GitHub Lumma Stealer, Malware Resurgence

Lumma Stealer Resurfaces After Takedown: New Stealth Tactics Target Users via Fake Cracks, CAPTCHAs & GitHub

Ddos July 23, 2025

The Lumma Stealer malware suffered a massive takedown in May 2025, with over 2,300 malicious domains seized....

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover Manager.io SSRF, Accounting Software Vulnerability

Manager.io SSRF, Accounting Software Vulnerability

Critical Manager.io Flaw (CVE-2025-54122, CVSS 10.0) Allows Unauthenticated SSRF & Cloud Takeover

Ddos July 23, 2025

A newly disclosed critical vulnerability in Manager.io, a free accounting software used by businesses across Australia and...

AmateraStealer (ACRStealer) Evolves: New Version Uses Low-Level NTAPIs & Heaven’s Gate for Evasion AmateraStealer, Infostealer Evolution

AmateraStealer (ACRStealer) Evolves: New Version Uses Low-Level NTAPIs & Heaven’s Gate for Evasion

Ddos July 23, 2025

ACRStealer—recently rebranded as AmateraStealer—has emerged as one of the most sophisticated infostealers in the wild, marked by...

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately! Cisco ISE Exploitation

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

Ddos July 22, 2025

Cisco has issued an urgent update to its security advisory, revealing that three critical remote code execution...

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Ingress-Nginx Vulnerability Kubernetes RCE Vulnerability CVE-2025-9708 Kubernetes Security, Image Builder Vulnerability CVE-2024-10220 - OPA Gatekeeper Bypass

Critical Kubernetes Image Builder Flaw: Default Credentials Grant Root Access to Windows Nodes

Ddos July 22, 2025

The Kubernetes project has issued an important advisory addressing a critical vulnerability—CVE-2025-7342 (CVSS 8.1)—in the Kubernetes Image...

Critical Alert 1 Active Exploit Detected Today