A critical vulnerability in the Linux kernel’s netfilter ipset subsystem has been discovered that allows local attackers to escalate privileges to root-level access. The flaw, identified in the bitmap:ip implementation within the ipset framework, stems from insufficient range validation when…
Category: Cyber Security News
New Ghost-tapping Attacks Steal Customers’ Cards Linked to Services Like Apple Pay and Google Pay
A sophisticated new cybercriminal technique known as “ghost-tapping” has emerged as a significant threat to contactless payment systems, enabling Chinese-speaking threat actors to exploit stolen payment card details linked to mobile wallet services such as Apple Pay and Google Pay.…
Bragg Confirms Cyber Attack – Hackers Accessed Internal IT Systems
Bragg Gaming Group has confirmed a significant cybersecurity incident that compromised the company’s internal IT infrastructure early Saturday morning, August 16, 2025. The online gaming technology provider discovered unauthorized network intrusion attempts that successfully breached their security perimeter, prompting immediate…
VirtualBox 7.2 Released With Support for Windows 11/Arm VMs and 50 Bug Fixes
Oracle has announced the release of VirtualBox 7.2, a major update to the popular open-source virtualization platform that introduces significant enhancements for Windows 11/Arm virtualization, comprehensive GUI improvements, and numerous bug fixes. Released on August 14, 2025, this version marks…
1000+ Exposed N-able N-central RMM Servers Unpatched for 0-Day Vulnerabilities
Over 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are vulnerable to two newly disclosed zero-day vulnerabilities – CVE-2025-8875 and CVE-2025-8876. As of August 15, 2025, exactly 1,077 unique IPs have been identified as running outdated…
Critical PostgreSQL Vulnerabilities Allow Arbitrary Code Injection During Restoration
The PostgreSQL Global Development Group has issued emergency security updates across all supported versions to address three critical vulnerabilities that could allow attackers to execute arbitrary code during database restoration processes. The vulnerabilities affect PostgreSQL versions 13 through 17, with…
What is Use-After-Free Vulnerability? – Impact and Mitigation
Use-after-free (UAF) vulnerabilities represent one of the most critical and prevalent security threats in modern software systems, particularly affecting applications written in memory-unsafe languages like C and C++. These vulnerabilities occur when a program continues to use a memory location…
Rockwell ControlLogix Ethernet Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, potentially allowing remote attackers to execute arbitrary code on industrial control systems. The vulnerability, tracked as CVE-2025-7353, affects multiple ControlLogix Ethernet modules and carries a maximum…
Hundreds of TeslaMate Installations Leaking Sensitive Vehicle Data in Real Time
A cybersecurity researcher has discovered that hundreds of publicly accessible TeslaMate installations are exposing sensitive Tesla vehicle data without authentication, revealing GPS coordinates, charging patterns, and personal driving habits to anyone on the internet. The vulnerability stems from misconfigured deployments…
HR Giant Workday Discloses Data Breach After Hackers Compromise Third-Party CRM
Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform. The…
Threat Actor Allegedly Claiming Access to 15.8 Million PayPal Email and Passwords in Plaintext
A threat actor operating under the alias “Chucky_BF” has posted a concerning advertisement on a well-known cybercrime forum, claiming to possess and sell a “Global PayPal Credential Dump 2025” containing over 15.8 million email and plaintext password pairs. The dataset,…
North Korean Hackers Stealthy Linux Malware Leaked Online
In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article…
Windows 11 24H2 Security Update Causes SSD/HDD Failures and Potential Data Corruption
A significant security update rolled out by Microsoft with the Windows 11 24H2 (KB5063878) release is causing widespread issues for users, with reports surfacing that the update can render SSDs and HDDs inaccessible and may potentially corrupt user data. Last…
Beware of New back-to-school Shopping Scams That Tricks Drives Users to Fake Shopping Sites
As families across the country prepare for the return to school, cybercriminals are exploiting the seasonal rush with a fresh wave of sophisticated shopping scams. Leveraging peaks in online spending, scammers are deploying malicious campaigns that prey on unsuspecting users…
Weekly Cybersecurity News Recap : Microsoft, Cisco, Fortinet Security Updates and Cyber Attacks
In the week of August 11-17, 2025, the cybersecurity landscape was marked by critical updates from major vendors and a surge in sophisticated threats, underscoring the ongoing battle against digital vulnerabilities. Microsoft rolled out its Patch Tuesday updates on August…
CISA Releases Operational Technology Guide for Owners and Operators Across all Critical Infrastructure
CISA in collaboration with international partners, has released comprehensive guidance, titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators,” to strengthen cybersecurity defenses across critical infrastructure sectors. The document emphasizes the critical importance of maintaining accurate operational…
New Elastic EDR 0-Day Vulnerability Allows Attackers to Bypass Detection, Execute Malware, and Cause BSOD
A newly discovered zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) solution allows attackers to bypass security measures, execute malicious code, and trigger a BSOD system crash, according to the Ashes Cybersecurity research. The vulnerability resides in a core…
New Gmail Phishing Attack With Weaponized Login Flow Steals Credentials
A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from…
Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code
A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems. The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high…
Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery
Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture. The vulnerability allowed malicious websites to escape Chrome’s sandbox protection and execute arbitrary code on victim systems. …