cybersecurity Archives • Page 53 of 86 • Daily CyberSecurity

Lenovo Vantage Flaws Allow Local Privilege Escalation on PCs Lenovo Vantage, Privilege Escalation

Lenovo Vantage Flaws Allow Local Privilege Escalation on PCs

Ddos July 21, 2025

Lenovo has issued a security advisory disclosing three newly discovered vulnerabilities in Lenovo Vantage, a widely pre-installed...

Fake Receipts, Real Damage: Group-IB Uncovers Fraud-as-a-Service Empire Behind MaisonReceipts Fraud-as-a-Service, Fake Receipts

Fake Receipts, Real Damage: Group-IB Uncovers Fraud-as-a-Service Empire Behind MaisonReceipts

Ddos July 21, 2025

In an age where deception is just a few clicks away, Group-IB’s latest report reveals a rise...

SilentRoute: Trojanized SonicWall VPN Client Used to Steal Enterprise Credentials SonicWall Malware, Supply Chain Attack

SilentRoute: Trojanized SonicWall VPN Client Used to Steal Enterprise Credentials

Ddos July 21, 2025

In a newly uncovered software supply chain attack, threat actors have successfully deployed a backdoored version of...

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet! SharePoint RCE, Zero-Day Exploitation CVE-2025-53770

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!

Ddos July 20, 2025

Microsoft has issued an urgent security advisory for on-premises SharePoint Server customers in response to active exploitation...

PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library PyPI Supply Chain, Credit Card Theft

PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library

Ddos July 20, 2025

Imperva researchers have uncovered a supply chain attack masquerading as a popular Python utility. The package in...

Major npm Supply Chain Attack: Phishing Campaign Steals Maintainer Credentials, Injects Malware into Popular Packages npm Phishing, Supply Chain Attack

Major npm Supply Chain Attack: Phishing Campaign Steals Maintainer Credentials, Injects Malware into Popular Packages

Ddos July 19, 2025

A deceptive and highly targeted phishing campaign has successfully compromised several popular npm packages, including eslint-config-prettier, eslint-plugin-prettier,...

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!

Ddos July 19, 2025

A critical SQL injection vulnerability in Fortinet FortiWeb, tracked as CVE-2025-25257, has been added to the CISA...

CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability CrushFTP Zero-Day, File Transfer Security

CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability

Ddos July 19, 2025

CrushFTP, a widely used secure file transfer server, has issued an urgent advisory regarding a critical zero-day...

CVE-2025-4660 (CVSS 8.7) in Forescout SecureConnector Allows Remote Endpoint Hijack, PoC Publishes Forescout Vulnerability Endpoint Hijack

CVE-2025-4660 (CVSS 8.7) in Forescout SecureConnector Allows Remote Endpoint Hijack, PoC Publishes

Ddos July 19, 2025

NetSPI has uncovered a critical vulnerability in Forescout SecureConnector, a security agent meant to enforce endpoint compliance....

KAWA4096: New Ransomware Blends Qilin & Akira Tactics, Hits US and Japan KAWA4096 Ransomware, Hybrid Ransomware

KAWA4096: New Ransomware Blends Qilin & Akira Tactics, Hits US and Japan

Ddos July 19, 2025

A new ransomware family known as KAWA4096 has surfaced, blending tactics from notorious groups like Qilin and...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

Nvidia Flaws Expose Jetson AI & Robotics Platforms to RCE and Data Theft

Ddos July 19, 2025

Nvidia has released a security update for its Jetson Linux and IGX platforms, addressing two vulnerabilities that...

Google Sues BadBox 2.0 Botnet Operators, Protecting 10 Million+ Infected Android Devices BadBox 2.0, Android Botnet Alien spyware - CVE-2024-43093

Google Sues BadBox 2.0 Botnet Operators, Protecting 10 Million+ Infected Android Devices

Ddos July 18, 2025

In response to the escalating wave of cybersecurity threats, Google has filed a lawsuit against the operators...

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release

Ddos July 18, 2025

Grafana Labs has released important security patches for multiple versions of its observability platform, addressing two significant...

GitHub Abused in Amadey MaaS Campaign: Talos Uncovers Malware-as-a-Service Network Leveraging Public Repositories GitHub MaaS, Emmenhtal Loader

GitHub Abused in Amadey MaaS Campaign: Talos Uncovers Malware-as-a-Service Network Leveraging Public Repositories

Ddos July 18, 2025

Cisco Talos has uncovered a multi-pronged Malware-as-a-Service (MaaS) operation exploiting public GitHub repositories to distribute a wide...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaw (CVSS 9.8) in Ubiquiti UniFi Access Devices Allows RCE

Ddos July 18, 2025

Ubiquiti has issued a security advisory for a critical vulnerability affecting multiple models in its UniFi Access...

GhostContainer: Kaspersky Uncovers Stealthy Backdoor Infiltrating Government & High-Tech Exchange Servers Exchange Backdoor, GhostContainer

GhostContainer: Kaspersky Uncovers Stealthy Backdoor Infiltrating Government & High-Tech Exchange Servers

Ddos July 18, 2025

In a recent incident response operation, Kaspersky Labs uncovered a highly sophisticated backdoor named GhostContainer, designed to...

CVE-2025-34300 (CVSS 10): Critical RCE Flaw in Lighthouse Studio’s CGI Scripts Threatens Survey Servers Worldwide Lighthouse Studio RCE, Survey Platform Vulnerability

Lighthouse Studio RCE, Survey Platform Vulnerability

CVE-2025-34300 (CVSS 10): Critical RCE Flaw in Lighthouse Studio’s CGI Scripts Threatens Survey Servers Worldwide

Ddos July 18, 2025

A severe remote code execution (RCE) vulnerability has been discovered in Lighthouse Studio, a popular web-based survey...

New macOS Infostealer Slips Past Apple’s Defenses with Code Signing and Notarization macOS Infostealer, Apple Notarization Bypass

New macOS Infostealer Slips Past Apple’s Defenses with Code Signing and Notarization

Ddos July 18, 2025

Jamf Threat Labs has uncovered a sophisticated new macOS infostealer variant that managed to bypass Apple’s security...

ISC Warns of Cache Poisoning and Crash Risks in BIND: What You Need to Know About CVE-2025-40776 and CVE-2025-40777 BIND 9 Vulnerability CVE-2025-13878 BIND Cache Poisoning, DNS RCE BIND Vulnerabilities, DNS Security BIND 9 vulnerabilities BIND vulnerability, DNS server crash