cybersecurity Archives • Page 73 of 88 • Daily CyberSecurity

Google Account Flaw Exposed Phone Numbers: Brute-Force Attack Possible, Now Patched

Google Self-Preferencing Fine Idealo Antitrust Damages Anthropic, Google TPUs Google DMA Compliance, Search Self-Preferencing Google Play Store Ruling, Epic Games Victory Google fine, ad tech Google lawsuit, privacy violation Gmail security, false alarm Google Play EU regulation Google Security, Phone Number Leak Google 2025 - Google China’s Anti-Monopoly Law Google monopoly, ad tech Pixel 7a battery, battery swelling

Google Account Flaw Exposed Phone Numbers: Brute-Force Attack Possible, Now Patched

Do Son June 10, 2025

In April, a researcher uncovered a security vulnerability within Google’s account system that allowed them to obtain...

CVSS 9.9: Critical XXE Flaw in GeoTools Exposes Geospatial Data Systems XXE Vulnerability

CVSS 9.9: Critical XXE Flaw in GeoTools Exposes Geospatial Data Systems

Do Son June 10, 2025

The GeoTools project, a popular open-source Java library used for geospatial data processing, has issued a critical...

CVE-2025-4601: Flaw Exposes 33,000+ RealHomes WordPress Sites to Admin Takeover WordPress Vulnerability

CVE-2025-4601: Flaw Exposes 33,000+ RealHomes WordPress Sites to Admin Takeover

Do Son June 10, 2025

A critical Privilege Escalation vulnerability has been disclosed in the RealHomes WordPress theme, a popular real estate...

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack

Do Son June 10, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited...

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns China-nexus, Cyber-espionage

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

Do Son June 10, 2025

SentinelLABS has unveiled an extensive report detailing a wave of cyber-espionage activity that directly targeted SentinelOne and...

CVE-2025-48757: Lovable’s Row-Level Security Breakdown Exposes Sensitive Data Across Hundreds of Projects CVE-2025-48757, Row-Level Security, Supabase, Lovable

CVE-2025-48757, Row-Level Security, Supabase, Lovable

CVE-2025-48757: Lovable’s Row-Level Security Breakdown Exposes Sensitive Data Across Hundreds of Projects

Do Son June 10, 2025

Security researcher Matt Palmer has uncovered a critical vulnerability in the Lovable low-code platform, now tracked as...

Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media

Do Son June 10, 2025

In its latest Advanced Persistent Threat (APT) campaign, Kimsuky, a North Korea-linked group, has returned with an...

Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack

Do Son June 10, 2025

Seqrite Labs APT-Team has uncovered a targeted campaign against China Mobile Tietong Co., Ltd., a prominent subsidiary...

CVE-2025-41646: Critical Authentication Bypass in RevPi Webstatus Threatens Industrial Systems RevPi Webstatus, Authentication Bypass

CVE-2025-41646: Critical Authentication Bypass in RevPi Webstatus Threatens Industrial Systems

Do Son June 10, 2025

KUNBUS has issued a critical security advisory for its RevPi Webstatus application following the discovery of an...

APT41 Unleashes Stealthy Malware Using Google Calendar for Covert C2!

Do Son June 10, 2025

APT41—also known as BARIUM, Wicked Panda, and Brass Typhoon—is a well-known Chinese state-sponsored APT group notorious for...

Behind the Followers: Malicious Python Package Harvests Instagram Credentials Instagram Malware, Credential Harvesting

Behind the Followers: Malicious Python Package Harvests Instagram Credentials

Do Son June 10, 2025

Socket’s Threat Research Team has uncovered ‘imad213’, a credential-harvesting tool masquerading as an Instagram booster. Behind its...

BladedFeline: Iran-Aligned APT Group Expands Arsenal With Whisper and PrimeCache BladedFeline, Cyberespionage

BladedFeline: Iran-Aligned APT Group Expands Arsenal With Whisper and PrimeCache

Do Son June 10, 2025

In a detailed expose released by ESET, researchers unveiled a sophisticated and persistent cyberespionage campaign by an...

SoraAI.lnk: Beware of This New Info-Stealer Hiding as OpenAI’s Sora

Do Son June 10, 2025

A new info-stealer malware named SoraAI.lnk is leveraging the popularity of OpenAI’s video model, Sora, to infect...

Apache Kafka Clients at Risk: File Reads, SSRF, and RCE Exploits Trigger Urgent Security Fixes Kafka RCE JAAS vulnerability

Apache Kafka Clients at Risk: File Reads, SSRF, and RCE Exploits Trigger Urgent Security Fixes

Do Son June 9, 2025

The Apache Kafka Project has released security advisories addressing three important vulnerabilities affecting various versions of the...

Critical 9.6 CVSS RCE: ManageEngine Exchange Reporter Plus Vulnerability Discovered! CVE-2025-3835, Exchange Reporter Plus

Critical 9.6 CVSS RCE: ManageEngine Exchange Reporter Plus Vulnerability Discovered!

Do Son June 9, 2025

ManageEngine’s Exchange Reporter Plus, a widely-used web-based monitoring and reporting tool for Microsoft Exchange, has been found...

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover! PayU CommercePro, Account Takeover

Critical 9.8 CVSS Flaw: Unpatched PayU CommercePro Plugin Allows Admin Account Takeover!

Do Son June 9, 2025

A severe vulnerability in the PayU CommercePro plugin for WordPress, which has over 5,000 active installations, allows...

Beyond the Recycle Bin: Is Stellar File Eraser the Ultimate Data Destruction Tool? Stellar File Eraser Review

Beyond the Recycle Bin: Is Stellar File Eraser the Ultimate Data Destruction Tool?

Do Son June 9, 2025

In today’s digital world, hitting ‘delete’ doesn’t mean your data is truly gone. Whether it’s sensitive personal...

Microsoft BFS Flaws Expose Windows to Privilege Escalation – PoC Code Released Race Condition Exploit

Microsoft BFS Flaws Expose Windows to Privilege Escalation – PoC Code Released

Do Son June 9, 2025

Security researchers at ht3labs published the technical details and proof-of-concept exploit code for a trio of critical...

From Cheats to Compromise: Blitz Malware Exploits Gamers via Backdoored Standoff 2 Cheats Blitz infection chain

From Cheats to Compromise: Blitz Malware Exploits Gamers via Backdoored Standoff 2 Cheats

Do Son June 9, 2025

Unit 42, the threat intelligence arm of Palo Alto Networks, has uncovered a malware campaign involving Blitz,...

QNAP Fixes SQL Injection and Certificate Validation Flaws in Qsync Central and File Station 5 QNAP Vulnerabilities CVE-2025-52856

QNAP Fixes SQL Injection and Certificate Validation Flaws in Qsync Central and File Station 5

Do Son June 9, 2025

QNAP Systems, Inc. has released patches addressing multiple high-severity vulnerabilities in its Qsync Central and File Station...