gain
-
A disturbing trend of sophisticated attacks recently detected by researchers specifically designed to evade multi-factor authentication (MFA) protections. These advanced techniques, which exploit vulnerabilities in authentication workflows rather than the authentication factors themselves, have enabled attackers to gain unauthorized access to protected accounts despite MFA being enabled. The attacks represent a significant evolution in threat…
-
Researchers at Palo Alto Networks have identified a new Linux malware, dubbed “Auto-Color,” that has emerged as a significant threat due to its advanced evasion techniques and ability to grant attackers full remote access to compromised systems. Discovered between November and December 2024, the malware targets Linux-based systems, primarily those in universities and government offices…
-
A highly advanced threat actor, dubbed “Salt Typhoon,” has been implicated in a series of cyberattacks targeting major U.S. telecommunications networks, according to a report by Cisco Talos. The campaign, which began in late 2024 and was confirmed by the U.S. government, involves exploiting vulnerabilities in Cisco devices and leveraging stolen credentials to infiltrate critical…
-
A vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) has been patched by Microsoft as part of its The post CVE-2025-21420: Windows Disk Cleanup Tool Flaw Exploited to Gain SYSTEM Privileges, PoC Released appeared first on Cybersecurity News.
-
Google has urgently patched two high-severity heap buffer overflow vulnerabilities in its Chrome browser, CVE-2025-0999, and CVE-2025-1426, that could allow attackers to execute arbitrary code and seize control of affected systems. The vulnerabilities, fixed in Chrome 133.0.6943.126/.127 for Windows/Mac and 133.0.6943.126 for Linux, target the V8 JavaScript engine and GPU components, respectively. Multiple High-Severity Vulnerabilities…
-
Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as “Salt Typhoon,” also referred to as “RedMike.” Between December 2024 and January 2025, the group exploited over 1,000 unpatched Cisco network devices globally, targeting telecommunications providers and universities. The campaign highlights the ongoing vulnerability of critical infrastructure and the strategic intelligence…
-
A critical zero-day vulnerability has been discovered in a Windows driver, allowing attackers to gain remote access to systems. This vulnerability, identified as CVE-2025-21418, was disclosed on February 11, 2025, and is classified as “Important” with a CVSS score of 7.8. The vulnerability is a heap-based buffer overflow, categorized under CWE-122. The vulnerability exploits a…
-
Fortinet has issued an urgent warning about actively exploiting an already patched authentication bypass zero-day vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw allows remote attackers to gain super-admin privileges by sending maliciously crafted CSF proxy requests. The vulnerability impacts FortiOS versions 7.0.0 through 7.0.16, FortiProxy versions 7.0.0 through 7.0.19, and 7.2.0…
-
A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns. Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this flaw allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their privileges to administrative levels. Researchers warn that this vulnerability poses a significant risk to sensitive…
-
Several critical vulnerabilities affecting Mali Graphics Processing Units (GPUs) have surfaced, allowing hackers to exploit flaws in GPU drivers to gain full control of devices. The vulnerabilities tracked as CVE-2022-22706 and CVE-2021-39793, expose millions of devices to privilege escalation attacks, enabling attackers to bypass security mechanisms, manipulate memory permissions, and execute arbitrary code as a root user. Technical…
-
In a concerning revelation, cybersecurity firm eSentire’s Threat Response Unit (TRU) has detected active exploitation of a six-year-old vulnerability, CVE-2019-18935, in Progress Telerik UI for ASP.NET AJAX. This flaw, which affects Internet Information Services (IIS) servers, enables malicious actors to gain unauthorized remote access and execute commands, posing a significant threat to unpatched systems. The…
-
In a recent security advisory, a moderate-severity vulnerability has been identified in Apache Cassandra, potentially allowing unauthorized users to access restricted data centers or IP/CIDR groups. This flaw, designated CVE-2025-24860, affects multiple versions of the database management system, specifically those that utilize the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer for managing network access permissions. Technical Details The vulnerability…
-
A recent investigation conducted by STRIKE, a division of SecurityScorecard, has unveiled the intricate and far-reaching operation of the Lazarus Group, a North Korean advanced persistent threat (APT) group. Dubbed “Operation Phantom Circuit,” the campaign highlights a deliberate and sophisticated effort to infiltrate global systems through compromised software supply chains and advanced Command-and-Control (C2) infrastructure.…
-
A recent security vulnerability in a widely used airline integration service has exposed millions of users to account takeovers, raising concerns over the safety of online travel services. Security researchers from Salt Labs discovered the flaw, which enabled hackers to access user accounts without authorization, potentially compromising sensitive information and airline loyalty points. The Exploit…
-
Broadcom disclosed a critical vulnerability affecting its Avi Load Balancer product. The vulnerability, identified as CVE-2025-22217, is an unauthenticated blind SQL injection vulnerability that could allow attackers with network access to execute specially crafted SQL queries to gain unauthorized access to the underlying database. The issue was privately reported to VMware and has been classified…
-
Cybersecurity researchers have exposed critical vulnerabilities in a telecom network that allowed unauthorized access to sensitive data and control over 3,000 companies. The research revealed obvious vulnerabilities in the network’s backend APIs, authentication systems, and Know Your Customer (KYC) processes, raising serious concerns about the state of cybersecurity in telecommunications. How did the Exploit begin?…
-
This year’s 26% AI-driven rally in shares of South Korea’s SK Hynix Inc. faces threats as political issues and valuations push local investors toward domestic-focused companies.