servers
-
In a recent cybersecurity incident, the Akira ransomware group demonstrated its evolving tactics by exploiting an unsecured webcam to bypass Endpoint Detection and Response (EDR) tools. This novel approach highlights the group’s ability to adapt and evade traditional security measures, making it a formidable threat in the cybersecurity landscape. Background and Modus Operandi Akira, a…
-
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. […]
-
Government email systems provide attackers with a perfect entry point for state-sponsored espionage attacks
-
Secure your DNS servers to enhance speed and protect against cyber threats. Learn how DNS works, its role in security, and best practices for protection.
-
A series of critical security vulnerabilities in the widely-used Rsync file synchronization tool have been uncovered, exposing millions of servers to potential takeover by anonymous attackers. The flaws, discovered in Rsync version 3.2.7 and earlier, enable remote code execution, sensitive data leaks, and file system manipulation through five distinct attack vectors, as per a report…
-
Investigation into Zservers/XHost by Dutch law enforcement that commenced last year revealed that the hosting provider’s servers have also been leveraged by the Conti ransomware gang, as well as used to facilitate the distribution of botnets and other malware, said the Dutch police.
-
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. “It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit,” Trend Micro researchers Ted…
-
A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2 library, specifically related to XML entities, to deceive the verification process. The vulnerability, designated as CVE-2025-23369 and this security flaw highlights the importance of robust…
-
A widespread campaign targeting Microsoft Internet Information Services (IIS) servers to deploy the BadIIS malware, a tool used for search engine optimization (SEO) fraud and malicious content injection. The campaign, attributed to the Chinese-speaking hacking group DragonRank, has affected over 35 IIS servers across Asia, Europe, and beyond, spanning industries such as government, technology, telecommunications,…
-
The CISA has issued a warning regarding a critical remote code execution (RCE) vulnerability affecting Trimble Cityworks, a popular software solution for local government and public works asset management. The vulnerability, identified as CVE-2025-0994, allows an external actor to exploit a deserialization flaw and execute arbitrary code on a customer’s Microsoft Internet Information Services (IIS)…
-
A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such…
-
DeepSeek iOS app—a highly popular AI assistant recently crowned as the top iOS app since its January 25 release—has been discovered to transmit sensitive user data to ByteDance servers without encryption. The security flaws, uncovered by mobile app security firm NowSecure, have prompted swift reactions from governments, enterprises, and cybersecurity experts worldwide. The findings paint…
-
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new set of guidelines to fortify firewalls, routers, internet-facing servers, and other edge devices against cyber threats. This collaborative guidance, supported by leading international cybersecurity organizations, aims to address vulnerabilities in hardware that form the backbone of critical infrastructure and operational networks worldwide. Edge devices—like…
-
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored cyberespionage operation, tracked as CL-STA-0048. The campaign targeted high-value organizations in South Asia, particularly a telecommunications company. Employing rare tactics and tools, the attackers leveraged unique payload delivery methods and exploited vulnerabilities in widely used services such as IIS, Apache…
-
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. “When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published…
-
“A new certificate has already been deployed in OCS, and any server that is updated to any Exchange Server Cumulative Update or Security Update newer than March 2023 will continue to be able to check for new EEMS mitigations,” the Exchange Team said.
-
Akira, a Ransomware-as-a-Service (RaaS) group, has quickly become one of the most active ransomware operators in recent years. The post Akira Ransomware Adapts to Target Linux and VMware ESXi Servers appeared first on Cybersecurity News.