cybersecurity Archives • Page 62 of 88 • Daily CyberSecurity

Qwizzserial: Telegram-Driven Android SMS Stealer Infects 100,000 Devices Android Malware, Qwizzserial

Qwizzserial: Telegram-Driven Android SMS Stealer Infects 100,000 Devices

Do Son July 3, 2025

A newly uncovered Android malware family named Qwizzserial is wreaking havoc across Uzbekistan, stealing sensitive financial data...

Linux Servers Hijacked: Attackers Install Legitimate Proxy Software for Covert Operations Linux Proxy Malware, Legitimate Tool Abuse

Linux Servers Hijacked: Attackers Install Legitimate Proxy Software for Covert Operations

Do Son July 3, 2025

The AhnLab SEcurity intelligence Center (ASEC) has uncovered a series of attacks on poorly secured Linux servers,...

DCRat: Sophisticated RAT Delivered via Phishing Campaign Impersonating Government Entity axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

DCRat: Sophisticated RAT Delivered via Phishing Campaign Impersonating Government Entity

Do Son July 3, 2025

In a recent threat intelligence report, the FortiMail Incident Response (IR) team exposed a new email campaign...

New macOS Crypto Stealer Targets Ledger Live Users, Mimics AMOS with Stealthy Tactics macOS Stealer, Crypto Malware

New macOS Crypto Stealer Targets Ledger Live Users, Mimics AMOS with Stealthy Tactics

Do Son July 3, 2025

macOS users—particularly cryptocurrency holders—are being warned about a new information stealer making the rounds in early 2025....

Qantas Data Breach: Millions Affected by Third-Party Contact Centre Cyber Incident Qantas Data Breach, Cyberattack

Qantas Data Breach: Millions Affected by Third-Party Contact Centre Cyber Incident

Do Son July 2, 2025

Qantas Airways, Australia’s flagship carrier, has confirmed a cybersecurity breach impacting customer data through a third-party contact...

Apple Sues Ex-Vision Pro Engineer Di Liu: Accused of Stealing Secrets & Joining Competitor Snap Apple Background Security CVE-2026-20643 Apple Background Security Improvement Apple Backdoor Apple Lawsuit, Data Exfiltration CVE-2024-44131 - CVE-2025-24118 PoC

Apple Background Security CVE-2026-20643 Apple Background Security Improvement Apple Backdoor Apple Lawsuit, Data Exfiltration CVE-2024-44131 - CVE-2025-24118 PoC

Apple Sues Ex-Vision Pro Engineer Di Liu: Accused of Stealing Secrets & Joining Competitor Snap

Do Son July 2, 2025

As development on the successor to the Vision Pro continues apace, Apple has recently filed a lawsuit...

10 CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases Wing FTP Server, Remote Code Execution

10 CVSS 10 RCE in Wing FTP Server (CVE-2025-47812) Allows Full Server Takeover, PoC Releases

Do Son July 2, 2025

A critical remote code execution (RCE) vulnerability has been discovered in Wing FTP Server, a popular cross-platform...

8.8 CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover WordPress Plugin, Arbitrary File Deletion

WordPress Plugin, Arbitrary File Deletion

8.8 CVE-2025-6463: Unauthenticated Arbitrary File Deletion in Forminator Plugin Exposes Over 600,000 WordPress Sites to Remote Takeover

Do Son July 2, 2025

A newly disclosed high-severity vulnerability in the popular Forminator plugin threatens the security of hundreds of thousands...

ANSSI Exposes “Houken”: China-Linked Threat Actor Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits Houken, Ivanti CSA Zero-Day

ANSSI Exposes “Houken”: China-Linked Threat Actor Exploiting Ivanti CSA Zero-Days & Deploying Linux Rootkits

Do Son July 2, 2025

The French cybersecurity agency ANSSI has exposed a sophisticated threat actor dubbed Houken. First observed exploiting zero-day...

OFAC Sanctions Russian “Bulletproof Host” Aeza Group: Linked to Ransomware, Infostealers & Darknet OFAC Sanctions, Aeza Group

OFAC Sanctions Russian “Bulletproof Host” Aeza Group: Linked to Ransomware, Infostealers & Darknet

Do Son July 2, 2025

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has officially sanctioned Aeza Group,...

DataEase Vulnerabilities, Remote Code Execution

Multi DataEase Flaws: RCE & Bypass Vulnerabilities Threaten BI Platform via JDBC

Do Son July 2, 2025

DataEase, an open-source business intelligence (BI) platform known for its ease of use and data visualization capabilities,...

8.8 Graylog Flaw (CVE-2025-53106, CVSS 8.8): Privilege Escalation Via API Token Abuse Graylog Vulnerability, Privilege Escalation

8.8 Graylog Flaw (CVE-2025-53106, CVSS 8.8): Privilege Escalation Via API Token Abuse

Do Son July 2, 2025

A vulnerability was found in Graylog—a popular Security Information and Event Management (SIEM) solution. Tracked as CVE-2025-53106...

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection Frappe Framework, Critical Vulnerabilities

Frappe Framework, Critical Vulnerabilities

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Do Son July 2, 2025

The Frappe Framework, a widely used full-stack application platform that powers ERPNext, has been found vulnerable to...

10.0 Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs Pilz IndustrialPI, Critical Vulnerabilities

Pilz IndustrialPI, Critical Vulnerabilities

10.0 Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

Do Son July 2, 2025

Two critical vulnerabilities recently disclosed by CERT@VDE, in coordination with industrial automation company Pilz, highlight a sobering...

Electron Flaws: ASAR Bypass & Buffer Overflow Threaten Desktop Apps Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Electron Security Sandbox Escape Electron Vulnerabilities, Desktop App Security

Electron Flaws: ASAR Bypass & Buffer Overflow Threaten Desktop Apps

Do Son July 1, 2025

The Electron team has published a new security advisory addressing two significant vulnerabilities that could impact a...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

Critical Critical Sunshine Flaw: Remote Command Execution via App-Wide CSRF

Do Son July 1, 2025

In the golden age of remote gaming and self-hosted services, Sunshine has emerged as a popular and...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

9.2 Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances

Do Son July 1, 2025

A critical security flaw tracked as CVE-2025-6543 is being actively exploited in the wild, prompting urgent warnings...

Critical Iranian Cyber Actors May Target U.S. Networks and Critical Infrastructure, Warn U.S. Agencies Iran Cyber Threat, US Critical Infrastructure

Iran Cyber Threat, US Critical Infrastructure

Critical Iranian Cyber Actors May Target U.S. Networks and Critical Infrastructure, Warn U.S. Agencies

Do Son July 1, 2025

A joint alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

9.4 Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)

Do Son July 1, 2025

A critical vulnerability—CVE-2025-49596—affected the AI developer ecosystem in June 2025, when Oligo Security Research disclosed a severe...

North Korea’s AI-Powered Cybercrime: Deepfakes & Fake Personas Infiltrate 300+ US Companies via Remote IT Jobs The North Korean IT worker ecosystem

North Korea’s AI-Powered Cybercrime: Deepfakes & Fake Personas Infiltrate 300+ US Companies via Remote IT Jobs

Do Son July 1, 2025

Microsoft Threat Intelligence reveals how North Korea’s remote IT worker program has evolved into a highly organized,...