cybersecurity Archives • Page 56 of 88 • Daily CyberSecurity

Stealthy SquidLoader Malware Targets Hong Kong Financial Firms with Evasive Cobalt Strike Attacks hong

Stealthy SquidLoader Malware Targets Hong Kong Financial Firms with Evasive Cobalt Strike Attacks

Do Son July 17, 2025

Trellix’s threat intelligence team has uncovered a stealthy malware campaign aimed squarely at financial services institutions in...

Critical Critical Flaws in Alcatel-Lucent OmniAccess Stellar WLAN APs Allow Full Remote Takeover, PoC Releases WLAN AP Vulnerabilities, Remote Code Execution

WLAN AP Vulnerabilities, Remote Code Execution

Critical Critical Flaws in Alcatel-Lucent OmniAccess Stellar WLAN APs Allow Full Remote Takeover, PoC Releases

Do Son July 17, 2025

In a recently disclosure, ALE (Alcatel-Lucent Enterprise) has published a security advisory (SA-N0150) addressing multiple critical vulnerabilities...

Microsoft Unveils RedirectionGuard: A New Windows 11 Defense Against Privilege Escalation Attacks

Do Son July 17, 2025

As attackers continue to evolve their tactics, Microsoft is taking bold strides to neutralize entire classes of...

9.0 NVIDIA Plugs Critical Flaws in Container Toolkit and GPU Operator: CVE-2025-23266 & CVE-2025-23267 NVIDIA Security, Container Vulnerabilities

9.0 NVIDIA Plugs Critical Flaws in Container Toolkit and GPU Operator: CVE-2025-23266 & CVE-2025-23267

Do Son July 17, 2025

NVIDIA has released a critical security update for its Container Toolkit and GPU Operator, patching two high-impact...

Hidden Protestware Found in 28+ npm Packages: Silently Targeting Russian Users npm Protestware, Supply Chain Attack

Hidden Protestware Found in 28+ npm Packages: Silently Targeting Russian Users

Do Son July 17, 2025

In a revelation for the JavaScript ecosystem, Socket’s Threat Research Team has uncovered the widespread proliferation of...

7.2 Google’s Big Sleep AI Foils Live Zero-Day Exploit in SQLite (CVE-2025-6965) AI Cybersecurity, Vulnerability Hunting

7.2 Google’s Big Sleep AI Foils Live Zero-Day Exploit in SQLite (CVE-2025-6965)

Do Son July 17, 2025

In a demonstration of artificial intelligence applied to cybersecurity, Google has revealed that its AI agent, Big...

AI Spam Threatens cURL’s Bug Bounty Program: Developer Considers Shutting It Down

Do Son July 16, 2025

Daniel, the developer behind the widely used open-source utility cURL, recently revealed in a blog post that...

Critical Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now! Samsung RCE, WLAN AP Exploit

Critical Critical Pre-Auth Root RCE Found in Samsung WLAN APs, PoC Published – Patch Now!

Do Son July 16, 2025

A critical vulnerability—CVE-2025-34068—has been discovered in Samsung’s WLAN AP WEA453e access points, allowing unauthenticated remote command execution...

7.5 High-Severity Node.js Flaws Expose Windows Apps to Path Traversal (CVE-2025-27210) & HashDoS (CVE-2025-27209) Attacks CVE-2022-32212 Node.js Vulnerabilities, Path Traversal

CVE-2022-32212 Node.js Vulnerabilities, Path Traversal

7.5 High-Severity Node.js Flaws Expose Windows Apps to Path Traversal (CVE-2025-27210) & HashDoS (CVE-2025-27209) Attacks

Do Son July 16, 2025

The OpenJS Foundation has released important updates to Node.js 24.x, 22.x, and 20.x release lines, addressing two...

Warning: Fake Remittance Apps Target Bangladeshi Expats, Stealing IDs & Financial Data Android Malware, Phishing Campaign

Warning: Fake Remittance Apps Target Bangladeshi Expats, Stealing IDs & Financial Data

Do Son July 16, 2025

McAfee’s Mobile Research Team has uncovered a highly active Android malware campaign targeting Bengali-speaking users, particularly Bangladeshi...

Warning: “Educational” Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer Credential Stealer, Octalyn Toolkit

Warning: “Educational” Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer

Do Son July 16, 2025

Researchers at Cyfirma have uncovered a disturbing example of how a so-called “educational” tool can cross the...

GLOBAL GROUP: New Ransomware Giant Emerges with AI Negotiators, Affiliate Incentives, and Industrial-Scale Attacks

Do Son July 16, 2025

A newly branded ransomware outfit, GLOBAL GROUP, has exploded onto the scene with an aggressive campaign that...

Critical Broadcom Addresses Critical Vulnerabilities in VMware ESXi, Workstation, and Fusion VMware Vulnerabilities, Virtualization Security

VMware Vulnerabilities, Virtualization Security

Critical Broadcom Addresses Critical Vulnerabilities in VMware ESXi, Workstation, and Fusion

Do Son July 15, 2025

Broadcom has issued an urgent advisory addressing four critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Tools,...

8.8 Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome security update exploit in the wild Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

8.8 Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack

Do Son July 15, 2025

Google has released a critical Stable Channel update for Chrome Desktop (version 138.0.7204.157/.158), addressing six security vulnerabilities,...

10 CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps LaRecipe, Remote Code Execution

10 CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps

Do Son July 15, 2025

A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned...

10 CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10 Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

10 CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10

Do Son July 15, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog...

7.4 ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution ImageMagick, Stack Buffer Overflow

7.4 ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution

Do Son July 15, 2025

A flaw has been discovered in ImageMagick, the widely used open-source image manipulation suite, that could lead...

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again NPM Supply Chain, North Korea Malware

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again

Do Son July 15, 2025

A new chapter in the ongoing Contagious Interview campaign has emerged, as the Socket Threat Research Team...

HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts

Do Son July 15, 2025

Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster...

7.3 CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform Immich, Account Hijacking

7.3 CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform

Do Son July 15, 2025

A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and...