cybersecurity Archives • Page 85 of 88 • Daily CyberSecurity

Unprotected APIs Expose Data of 33,000 Employees API Security, Data Leak

Unprotected APIs Expose Data of 33,000 Employees

Do Son April 17, 2025

A recent discovery by CloudSEK’s BeVigil platform has highlighted the significant risks posed by unprotected Application Programming...

CrazyHunter Ransomware Targets Taiwan’s Critical Infrastructure CrazyHunter, Ransomware

CrazyHunter Ransomware Targets Taiwan’s Critical Infrastructure

Do Son April 17, 2025

Trend Micro has uncovered a targeted ransomware campaign conducted by a newly identified threat group dubbed CrazyHunter....

CVE Foundation Launched to Secure Vulnerability Tracking CVE Foundation, CVE Program

CVE Foundation Launched to Secure Vulnerability Tracking

Do Son April 16, 2025

In a major shift for the cybersecurity world, the CVE Foundation has officially been launched to ensure...

Oracle April 2025 CPU: 378 Security Patches Released Oracle CPU Oracle Patch Update

Oracle April 2025 CPU: 378 Security Patches Released

Do Son April 16, 2025

On April 15, 2025, Oracle released its latest Critical Patch Update (CPU), delivering a sweeping set of...

Top Cybersecurity Tools for 2025 Cybersecurity Tools Penetration Testing

Top Cybersecurity Tools for 2025

Do Son April 16, 2025

As cyber threats grow more sophisticated, so do the tools defenders use to counter them. In 2025,...

Chrome 148 lazy loading Chrome for Linux ARM64 Chrome 145 Update Chrome Security Fixes Chrome Security Update CVE-2026-1220 Chrome 144 Security Update CVE-2026-0899 Chrome Memory Safety, WebGPU UAF Chrome V8 Type Confusion, Google Updater Flaw Chrome V8 Flaw, CVE-2025-13042 Chrome V8, Type Confusion, Chrome 142 Update Chrome V8 Flaw, CVE-2025-12036 Chrome 141, WebGPU Overflow Google Chrome preloading Chrome, V8 vulnerability CVE-2025-9132 Chrome Security Update, Use-After-Free Chrome V8, Type Confusion Chrome Telemetry, Windows 10 EOL Microsoft Family Safety, Chrome Blocking Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Critical Chrome Security Update: Patch CVE-2025-3619 & CVE-2025-3620 Now!

Do Son April 16, 2025

Google has released a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable...

Waiting Thread Hijacking: A Stealthier Code Injection Technique Thread Hijacking Process Injection

Waiting Thread Hijacking: A Stealthier Code Injection Technique

Do Son April 16, 2025

Process injection is a technique frequently employed by attackers, with its variations appearing in numerous malware. This...

Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994 DLL Hijacking, CVE-2025-24076

Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994

Do Son April 16, 2025

In a revealing security analysis, Compass Security researcher John Ostrowski has disclosed two privilege escalation vulnerabilities in...

UNC5174: Chinese Threat Actor Deploys New VShell RAT in Campaign Operation IconCat, UNG0801 AFP cyberattack -NetWalker Ransomware VShell RAT

UNC5174: Chinese Threat Actor Deploys New VShell RAT in Campaign

Do Son April 16, 2025

The Sysdig Threat Research Team (TRT) has uncovered a new campaign by the Chinese state-sponsored threat actor...

PasivRobber: In-Depth Analysis of Sophisticated macOS Malware GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

PasivRobber: In-Depth Analysis of Sophisticated macOS Malware

Do Son April 16, 2025

A recent discovery by Kandji’s research team has brought to light a sophisticated threat targeting macOS systems:...

Malicious npm Package Installs Reverse Shell via Payment Success Magento Credit Card Stealer npm package reverse shell

Malicious npm Package Installs Reverse Shell via Payment Success

Do Son April 16, 2025

A malicious npm package, disguised as a merchant integration for the Advcash payment platform, has been discovered...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Beware Fake PDF Converters: A Social Engineering Threat

Do Son April 16, 2025

In today’s digital age, online file converters have become indispensable tools for streamlining daily workflows. However, a...

BRICKSTORM Backdoor Targets European Industries BRICKSTORM, Cyber Espionage

BRICKSTORM Backdoor Targets European Industries

Do Son April 16, 2025

In a recent technical expose, NVISO sheds light on BRICKSTORM, a stealthy espionage backdoor attributed to the...

ResolverRAT: New RAT Employs Advanced Evasion Techniques Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

ResolverRAT: New RAT Employs Advanced Evasion Techniques

Do Son April 15, 2025

A new remote access trojan (RAT) has emerged, and it’s armed with advanced techniques to evade detection....

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature Project Quarantine PyPI Security Privilege Escalation

PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature

Do Son April 15, 2025

On April 14, 2025, the Python Package Index (PyPI) team swiftly addressed a security concern involving persisting...

Vulnerabilities in Solar Power Systems Threaten Power Grids Solar power systems, cybersecurity vulnerabilities

Vulnerabilities in Solar Power Systems Threaten Power Grids

Do Son April 15, 2025

A new report by Forescout reveals critical vulnerabilities in solar power systems that could be exploited to...

China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign

Do Son April 15, 2025

A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN...

Subdomain Takeovers: A Growing Supply Chain Threat Subdomain takeover, supply chain attack

Subdomain Takeovers: A Growing Supply Chain Threat

Do Son April 15, 2025

Subdomain takeovers, a type of attack where an attacker gains control of an organization’s improperly configured or...

DAMASCENED PEACOCK: NCSC Uncovers Sophisticated Malware Targeting UK MOD Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

Winos 4.0 Malware Silver Fox APT RapperBot BVIEC cyberattack - CNC group DAMASCENED PEACOCK, malware analysis

DAMASCENED PEACOCK: NCSC Uncovers Sophisticated Malware Targeting UK MOD

Do Son April 15, 2025

In a covert campaign targeting the UK Ministry of Defence, a sophisticated malware dubbed DAMASCENED PEACOCK has...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Fortinet Uncovers Threat Actor Persistence via Symbolic Link Exploit in FortiGate Devices

Do Son April 14, 2025

In an urgent alert to the cybersecurity community, Fortinet has detailed an active threat campaign exploiting known...