• The Hacker News

Jul 18, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks expl ... Read more

• The Hacker News

Jul 18, 2025Ravie LakshmananCloud Security / AI Security Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe t ... Read more

• The Hacker News

Jul 17, 2025Ravie LakshmananCryptocurrency / Vulnerability Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryp ... Read more

• The Hacker News

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. "Targets of these campaigns ranged from organizations ... Read more

• The Hacker News

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVER ... Read more

• BleepingComputer

Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection. The vulnerability is i ... Read more

• The Hacker News

Jul 16, 2025Ravie LakshmananBrowser Security / Zero-Day Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wil ... Read more

• The Hacker News

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach ... Read more

• The Hacker News

Jul 16, 2025Ravie LakshmananAI Security / Vulnerability Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQ ... Read more

• The Hacker News

Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel ... Read more

• The Hacker News

Jul 11, 2025Ravie LakshmananCyber Attack / Vulnerability A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according t ... Read more

• The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more

• The Hacker News

Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerabili ... Read more

• The Hacker News

Jul 10, 2025Ravie LakshmananVulnerability / Hardware Security Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information ... Read more

• Help Net Security

For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE ... Read more

• The Hacker News

A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations a ... Read more

• The Register

For the first time this year, Microsoft has released a Patch Tuesday bundle with no exploited security problems, although one has been made public already, and there are ten critical flaws to fix. Jul ... Read more

• The Hacker News

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet ... Read more

• The Hacker News

Jul 08, 2025Ravie LakshmananCyber Attacks / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities ... Read more

• Help Net Security

There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been ‘calm’ the past couple o ... Read more

• The Register

Infosec In Brief A security researcher looking at samples of stalkerware discovered an SQL vulnerability that allowed him to steal a database of 62,000 user accounts. Eric Daigle published a blog post ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t ... Read more

• Daily CyberSecurity

A cache poisoning vulnerability (CVE-2025-49826) with a CVSS score of 7.5 has been disclosed in Next.js, the popular React-based web development framework. The flaw, found in versions >=15.1.0 <15.1.8 ... Read more

• BleepingComputer

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. Although the issues impact Chromium and were ... Read more

• Cyber Security News

Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited. The latest Microsoft Edge Stab ... Read more

• Cyber Security News

CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild. The vulnerability, designated CVE-2025-6554, affects the ... Read more

• TheCyberThrone

Skip to content🔎 Vulnerability OverviewCVE ID: CVE-2025-20309Severity: Critical (CVSS v3.1 Score: 10.0)Discovered in: Cisco Unified Communications Manager (Unified CM) and Session Management Edition ( ... Read more

• Daily CyberSecurity

🔐 Access to This Vulnerability Report Requires Support This article is available to verified supporters only - contribute to read the full report Contribute with Google Or choose another support optio ... Read more

• Daily CyberSecurity

Grafana Labs has issued an urgent security advisory addressing four critical vulnerabilities affecting two of its key components: the Grafana Image Renderer plugin and the Synthetic Monitoring Agent. ... Read more

• TheCyberThrone

Skip to contentCVE-2025-48927 — Insecure Spring Boot Heap Dump Exposure📌 Description:This vulnerability exists in TeleMessage TM SGNL due to an exposed Spring Boot Actuator /heapdump endpoint, accessi ... Read more

• TheCyberThrone

Skip to content🧾 OverviewCVE-2025-6554 is a high-severity zero-day vulnerability discovered in Google Chrome’s V8 JavaScript engine, which is responsible for processing JavaScript in the browser. The ... Read more

• Help Net Security

If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been di ... Read more

• BleepingComputer

Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. "Google is aware that an expl ... Read more

• Help Net Security

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an ex ... Read more

• The Hacker News

Vulnerability / Browser Security Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as C ... Read more

• security.nl

Aanvallers maken actief misbruik van een kwetsbaarheid in de V8-engine van Google Chrome voor het aanvallen van gebruikers van de browser, zo heeft het techbedrijf aangekondigd. Er zijn updates uitgeb ... Read more

• Cyber Security News

Google has issued an urgent security update for Chrome browser users worldwide, addressing a critical zero-day vulnerability that is actively being exploited by cybercriminals. The high-severity flaw, ... Read more

• Daily CyberSecurity

Google has urgently released an update to its Stable channel for Chrome following the discovery of a high-severity zero-day vulnerability—CVE-2025-6554—that is already being exploited in the wild. The ... Read more