cybersecurity Archives • Page 77 of 88 • Daily CyberSecurity

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately! Roundcube, RCE Vulnerability CVE-2025-49113

Critical RCE Flaw Patched in Roundcube Webmail: Update Immediately!

Do Son June 2, 2025

Roundcube Webmail, a widely-used browser-based IMAP client, has patched a critical security vulnerability, tracked as CVE-2025-49113 (CVSS...

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks Esri ArcGIS, SSRF Vulnerability

Critical SSRF Flaw in Esri Portal for ArcGIS Exposes Internal Networks

Do Son June 2, 2025

Esri has issued a critical security patch for its widely used Portal for ArcGIS software, addressing a...

Critical Flaw in Fabio Load Balancer Allows HTTP Header Tampering & Access Bypass Fabio Load Balancer, Header Manipulation

Critical Flaw in Fabio Load Balancer Allows HTTP Header Tampering & Access Bypass

Do Son June 2, 2025

A newly disclosed vulnerability in the Fabio load balancer, tracked as CVE-2025-48865, allows malicious clients to manipulate...

Aviation Industry Alert: 50,000+ Azure AD Records Exposed via Misconfigured API Azure AD, Data Exposure

Aviation Industry Alert: 50,000+ Azure AD Records Exposed via Misconfigured API

Do Son June 2, 2025

A serious data exposure incident in the aviation industry has been uncovered by CloudSEK’s BeVigil platform, revealing...

CISA Alert: Critical Flaws in Consilium Safety CS5000 Fire Panel Could Enable Remote Takeover, No Patch Consilium Safety, Fire Panel Vulnerabilities

Consilium Safety, Fire Panel Vulnerabilities

CISA Alert: Critical Flaws in Consilium Safety CS5000 Fire Panel Could Enable Remote Takeover, No Patch

Do Son June 2, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning of two critical security...

Critical Flaws in Veritas DLO Expose Systems to Remote Code Execution Veritas DLO, Critical Vulnerabilities

Critical Flaws in Veritas DLO Expose Systems to Remote Code Execution

Do Son June 2, 2025

Veritas has issued a security advisory warning users of its Desktop Laptop Option (DLO) platform about two...

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix NetFax Vulnerabilities, RCE

Critical RCE Flaws in MICI NetFax Server Unpatched, Vendor Refuses Fix

Do Son June 2, 2025

Security researchers at Rapid7 have uncovered a troubling trio of vulnerabilities in MICI Network Co., Ltd.’s NetFax...

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching PyPI Supply Chain, Solana Theft

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

Do Son June 2, 2025

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack on the Python Package Index (PyPI)...

NetSPI Details Multiple Local Privilege Escalation Vulnerabilities in SonicWall NetExtender SonicWall NetExtender, Privilege Escalation

SonicWall NetExtender, Privilege Escalation

NetSPI Details Multiple Local Privilege Escalation Vulnerabilities in SonicWall NetExtender

Do Son June 2, 2025

In a detailed investigation, NetSPI security researchers have uncovered multiple high-risk local privilege escalation (LPE) vulnerabilities in...

PumaBot: New Stealthy Linux Botnet Evades Detection, Targets IoT Devices PumaBot, Linux Botnet

PumaBot: New Stealthy Linux Botnet Evades Detection, Targets IoT Devices

Do Son June 1, 2025

Cybersecurity researchers at Darktrace have exposed a stealthy and persistent Linux-based botnet dubbed PumaBot, which leverages Go...

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities Hitachi Energy, Asset Suite Vulnerabilities

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities

Do Son June 1, 2025

Hitachi Energy has issued a cybersecurity advisory warning of multiple vulnerabilities impacting its Asset Suite product—a widely...

CVE-2025-40909: Perl Threads Vulnerability Exposes File Operation Race Condition Perl Vulnerability, Race Condition

CVE-2025-40909: Perl Threads Vulnerability Exposes File Operation Race Condition

Do Son May 31, 2025

A newly disclosed vulnerability in Perl’s threading mechanism, tracked as CVE-2025-40909, exposes systems to race conditions involving...

CVE-2025-48912: Apache Superset Flaw Allows Row-Level Security Bypass via SQL Injection Apache Superset, Data Security

CVE-2025-48912: Apache Superset Flaw Allows Row-Level Security Bypass via SQL Injection

Do Son May 31, 2025

A serious security vulnerability has been discovered in Apache Superset, a widely used open-source data exploration and...

Critical 10.0 CVSS Flaws Found in Netwrix Directory Manager v11 – Patch Immediately! Netwrix, Directory Manager Vulnerabilities

Critical 10.0 CVSS Flaws Found in Netwrix Directory Manager v11 – Patch Immediately!

Do Son May 31, 2025

Netwrix, a provider of identity governance and access management solutions, has issued a critical security advisory warning...

New Phishing-as-a-Service Kits Bypass MFA & Target Microsoft 365 Users Globally! Phishing-as-a-Service, AiTM

New Phishing-as-a-Service Kits Bypass MFA & Target Microsoft 365 Users Globally!

Do Son May 31, 2025

Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a sophisticated phishing ecosystem operated by Storm-1575,...

Bitter APT Targets Pakistan Telecom Amidst Border Tensions with New Cyberattack! Bitter APT, Pakistan Cyberattack

Bitter APT Targets Pakistan Telecom Amidst Border Tensions with New Cyberattack!

Do Son May 31, 2025

As tensions flared between India and Pakistan during Operation Sindoor on May 7, 2025, a covert cyber...

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10) Cisco IOS XE vulnerability Remote code execution

Cisco IOS XE vulnerability Remote code execution

Horizon3 Details Critical File Upload Vulnerability in Cisco IOS XE WLC (CVE-2025-20188, CVSS 10)

Do Son May 30, 2025

A critical vulnerability—CVE-2025-20188—has been disclosed in Cisco IOS XE Wireless LAN Controller (WLC) software, allowing unauthenticated attackers...

ConnectWise ScreenConnect Targeted by Nation-State Actor TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

ConnectWise ScreenConnect Targeted by Nation-State Actor

Do Son May 30, 2025

ConnectWise, a prominent provider of IT management solutions, has issued a brief but concerning security advisory disclosing...

Spring Cloud Gateway vulnerability Header spoofing

Spring Cloud Gateway Vulnerability Exposes Applications to Header Injection Risks

Do Son May 30, 2025

A newly disclosed vulnerability in Spring Cloud Gateway Server could expose applications to header spoofing and potential...

Critical (CVSS 9.8): IBM Tivoli Monitoring Flaw Risks Remote Code Execution IBM Tivoli vulnerability CVE-2025-3357

Critical (CVSS 9.8): IBM Tivoli Monitoring Flaw Risks Remote Code Execution

Do Son May 30, 2025

IBM has issued a critical security update for its Tivoli Monitoring suite, addressing a high-severity vulnerability that...