CVE-2025-32896: Apache SeaTunnel Flaw Enables Unauthenticated File Read & RCE
A newly disclosed vulnerability, CVE-2025-32896, in Apache SeaTunnel—a widely used distributed data integration platform—could allow unauthenticated attackers to The post CVE-2025-32896: Apache...
View ArticleDslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day...
A newly published report by Yuma Masubuchi from the JPCERT Coordination Center (JPCERT/CC) has uncovered the deployment of The post DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282...
View ArticleConnectWise Patches Critical ViewState RCE Vulnerability in ScreenConnect
ConnectWise has issued an important security bulletin addressing a critical code injection vulnerability in ScreenConnect versions 25.2.3 and The post ConnectWise Patches Critical ViewState RCE...
View ArticleCVE-2025-43859: Request Smuggling Vulnerability in Python’s h11 HTTP Library
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written The post CVE-2025-43859: Request Smuggling Vulnerability in...
View ArticleLazarus Group’s “Operation SyncHole” Targets South Korean Industries
Kaspersky Labs has recently revealed a major cyber-espionage campaign conducted by the Lazarus group, dubbed “Operation SyncHole.” Targeting The post Lazarus Group’s “Operation SyncHole” Targets South...
View ArticleDarcula-Suite: AI Revolutionizes Phishing-as-a-Service Operations
Netcraft researchers have uncovered a major development in the world of phishing-as-a-service (PhaaS): an update to the darcula-suite The post Darcula-Suite: AI Revolutionizes Phishing-as-a-Service...
View ArticleSessionShark: New Phishing Kit Bypasses Office 365 MFA
Security researchers at SlashNext have uncovered a disturbing new tool emerging in cybercrime networks: SessionShark O365 2FA/MFA. Despite The post SessionShark: New Phishing Kit Bypasses Office 365...
View ArticleMultiple Vulnerabilities in NETSCOUT nGeniusONE Threaten Infrastructure...
NETSCOUT has issued a advisory addressing a series of security vulnerabilities in its flagship infrastructure monitoring platform, nGeniusONE. The post Multiple Vulnerabilities in NETSCOUT nGeniusONE...
View ArticleNorth Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to...
Threat analysts at Silent Push have uncovered a new campaign orchestrated by the North Korean state-sponsored APT group, The post North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies...
View ArticleCVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices,...
Security researcher Baptiste Mayaud from Synacktiv has detailed a critical vulnerability in the FastCGI library, tracked as CVE-2025-23016 The post CVE-2025-23016: Critical FastCGI Heap Overflow...
View ArticleDeviceCodePhishing: How a New Attack Bypasses FIDO and MFA Protections
Security researcher Dennis Kniep has introduced a novel phishing technique known as DeviceCodePhishing, which takes traditional device code The post DeviceCodePhishing: How a New Attack Bypasses FIDO...
View ArticleSocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate...
The eSentire’s Threat Response Unit (TRU) discovered a sophisticated cyberattack campaign linking SocGholish (also known as FakeUpdates) malware The post SocGholish and RansomHub: Sophisticated Attack...
View ArticleReact Router Vulnerabilities CVE-2025-43864 and CVE-2025-43865 Expose Web...
The React Router team has issued the advisory addressing two vulnerabilities affecting applications running in Framework mode: CVE-2025-43864 The post React Router Vulnerabilities CVE-2025-43864 and...
View ArticleCritical Flaw Exposes Linux Security Blind Spot: io_uring Bypasses Detection
ARMO researchers have uncovered a critical weakness in Linux runtime security tools, revealing how the io_uring interface enables The post Critical Flaw Exposes Linux Security Blind Spot: io_uring...
View ArticleCISA Warns of Critical Vulnerabilities in Planet Technology Products
CISA has issued a new security advisory highlighting critical vulnerabilities impacting several Planet Technology products, including UNI-NMS-Lite, NMS-500, The post CISA Warns of Critical...
View ArticleCraft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public
Security researcher Chocapikk has published a Metasploit module for a critical zero-day vulnerability impacting Craft CMS, tracked as The post Craft CMS Zero-Day CVE-2025-32432 Exploited with...
View ArticleEarth Kurma APT Targets Southeast Asia with Stealthy Cyberespionage
In a newly released report, Trend Research has unveiled the operations of an advanced persistent threat (APT) group, The post Earth Kurma APT Targets Southeast Asia with Stealthy Cyberespionage...
View ArticleCritical Vulnerabilities in Quick Agent Software Expose Ricoh MFPs to Remote...
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has issued an alert regarding multiple critical vulnerabilities found The post Critical Vulnerabilities in Quick Agent...
View ArticleTriada Trojan Evolves: Pre-Installed Android Malware Now Embedded in Device...
In a newly released report, Kaspersky Labs warns of an alarming evolution in the Triada Trojan, a notorious The post Triada Trojan Evolves: Pre-Installed Android Malware Now Embedded in Device Firmware...
View ArticleFake GIF and Reverse Proxy Used in Sophisticated Card Skimming Attack on Magento
In a deep-dive analysis released by Ben Martin, a security analyst at Sucuri, researchers revealed a remarkably sophisticated The post Fake GIF and Reverse Proxy Used in Sophisticated Card Skimming...
View Article