cybersecurity Archives • Page 64 of 86 • Daily CyberSecurity

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution WinRAR RCE, Directory Traversal

CVE-2025-6218: WinRAR Directory Traversal Bug Opens the Door to Remote Code Execution

Ddos June 24, 2025

A newly disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of...

Critical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Available pbkdf2 npm, Cryptographic Flaws

Critical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Available

Ddos June 24, 2025

Two high-impact security advisories have been released for the pbkdf2 npm package—an essential utility in the JavaScript...

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers! Convoy RCE, Unauthenticated

Critical Convoy Flaw (CVE-2025-52562, CVSS 10.0): Unauthenticated Remote Code Execution on KVM Servers!

Ddos June 24, 2025

A newly disclosed vulnerability in Convoy, a modern KVM server management panel built for hosting providers, has...

EvilConwi: Hackers Abuse Signed ConnectWise Installers to Launch Stealth Remote Access Attacks

Ddos June 24, 2025

Threat actors have begun weaponizing legitimately signed ConnectWise ScreenConnect installers, hijacking the trust of signed software to...

SHOE RACK Malware: NCSC Uncovers Stealthy Reverse SSH & DoH Post-Exploitation Tool Targeting FortiGate Firewalls SHOE RACK Malware, Reverse SSH

SHOE RACK Malware: NCSC Uncovers Stealthy Reverse SSH & DoH Post-Exploitation Tool Targeting FortiGate Firewalls

Ddos June 24, 2025

A new malware tool dubbed SHOE RACK has come under the microscope of the UK’s National Cyber...

Spyware Reloaded: SparkKitty Stalks Crypto Wallets via TikTok Mods and Fake Apps

Ddos June 24, 2025

Kaspersky Labs has uncovered a stealthy evolution of mobile spyware connected to the infamous SparkCat campaign. Dubbed...

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials Android Spyware, SpyMax RAT CVE-2024-0039 Android Auto-Reboot Google Play Services

Android Spyware, SpyMax RAT CVE-2024-0039 Android Auto-Reboot Google Play Services

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

Ddos June 24, 2025

Researchers at K7 Labs have uncovered a highly targeted Android spyware campaign aimed at Indian mobile users,...

Cloudflare Mitigates Record 7.3 Tbps DDoS Attack: 37.4 TB in 45 Seconds Cloudflare DDoS, Record Attack

Cloudflare Mitigates Record 7.3 Tbps DDoS Attack: 37.4 TB in 45 Seconds

Ddos June 23, 2025

According to an announcement from internet services provider Cloudflare, the company successfully mitigated a massive DDoS (Distributed...

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available Python Tarfile, Path Traversal

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available

Ddos June 23, 2025

A newly disclosed vulnerability in Python’s tarfile module—CVE-2025-4517—has exposed a critical security risk that allows attackers to...

Confucius Group Evolves: Researcher Uncovers New Modular Backdoor “Anondoor” in Latest Espionage Campaign Confucius APT, Anondoor Backdoor

Confucius Group Evolves: Researcher Uncovers New Modular Backdoor “Anondoor” in Latest Espionage Campaign

Ddos June 23, 2025

The Confucius APT group—long associated with cyber-espionage operations targeting government and military organizations in South and East...

Prometei Botnet Evolves: Linux Variant Returns With Stealthier Payloads and Monero Mining Focus Prometei Botnet, Linux Malware

Prometei Botnet Evolves: Linux Variant Returns With Stealthier Payloads and Monero Mining Focus

Ddos June 23, 2025

In March 2025, researchers at Palo Alto Networks’ Unit 42 uncovered a resurgence of the Prometei botnet,...

Mocha Manakin: New Threat Group Uses “Paste and Run” to Deploy Custom NodeJS RAT! Mocha Manakin, NodeInitRAT

Mocha Manakin: New Threat Group Uses “Paste and Run” to Deploy Custom NodeJS RAT!

Ddos June 23, 2025

Red Canary has unveiled a new adversary cluster it’s been tracking since early 2025: Mocha Manakin. Named...

Critical Meshtastic Flaw: Key Duplication Allows Message Decryption & Node Hijacking Meshtastic, Cryptographic Flaw

Critical Meshtastic Flaw: Key Duplication Allows Message Decryption & Node Hijacking

Ddos June 23, 2025

The developers behind Meshtastic, the popular open-source LoRa mesh networking project, have issued a critical security advisory...

NCSC Uncovers “UMBRELLA STAND” Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls Fortinet Malware, Cyber-Espionage

NCSC Uncovers “UMBRELLA STAND” Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls

Ddos June 23, 2025

A new malware campaign dubbed UMBRELLA STAND has been uncovered by the UK’s National Cyber Security Centre...

RapperBot Resurfaces: 50,000+ Bots Demand Monero Extortion in New DDoS Campaigns RapperBot Botnet, DDoS Extortion

RapperBot Resurfaces: 50,000+ Bots Demand Monero Extortion in New DDoS Campaigns

Ddos June 23, 2025

A botnet called RapperBot blends technical evolution with internet-era bravado to launch attacks on over 50,000 devices...

Shadow Vector: Malicious SVGs Deliver AsyncRAT & RemcosRAT in Colombian Phishing Campaign! Shadow Vector, RAT Malware

Shadow Vector: Malicious SVGs Deliver AsyncRAT & RemcosRAT in Colombian Phishing Campaign!

Ddos June 23, 2025

The Acronis Threat Research Unit (TRU) has uncovered a stealthy and technically mature malware campaign dubbed Shadow...

EKS Security Alert: Overprivileged Containers Exposing AWS Credentials via Unencrypted API

Ddos June 23, 2025

In the complex world of cloud-native applications, Kubernetes and Amazon Elastic Kubernetes Service (EKS) have become the...

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response ANPR Camera, Path Traversal

Critical ANPR Camera Flaw (CVE-2025-34022, CVSS 9.3) Exposes Selea TARGA Devices, PoC Available, No Vendor Response

Ddos June 22, 2025

Gjoko Krstic of Zero Science Lab has uncovered a critical path traversal vulnerability in Selea’s TARGA series...

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Mattermost Vulnerability, Remote Code Execution CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

Ddos June 21, 2025

Open-source collaboration platform Mattermost is exposed to a severe vulnerability that threatens the integrity of its deployments...

Search Hijacking: Cybercriminals Turn Google Ads into Tech Support Scam Portals Crypto Drain Conspiracy, Malicious MobileConfig phone phishing Cryptocurrency Phishing

Search Hijacking: Cybercriminals Turn Google Ads into Tech Support Scam Portals

Ddos June 21, 2025

Malwarebytes has revealed how cybercriminals are leveraging fake Google search results to impersonate popular brands and trick...

Critical Alert 1 Active Exploit Detected Today