A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform. The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. The…
Category: EN
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433). The flaw, which carries a maximum CVSSv3.1 score of 10.0,…
Threat Actors Turn More Sophisticated & Exploiting Zero-Day Vulnerabilities – Google Warns
Cybersecurity defenders face increasingly sophisticated adversaries as threat actors continue evolving their methods to circumvent modern defense systems. According to the newly released M-Trends 2025 report, attackers are demonstrating enhanced capabilities to create custom malware ecosystems, identify and exploit zero-day…
GitGuardian Joins Health-ISAC: Strengthening Cybersecurity in Healthcare Through Secrets Detection
As cyber threats in healthcare continue to evolve, GitGuardian strengthens its commitment to the sector by joining Health-ISAC and offering members enhanced secrets detection capabilities to protect sensitive data. The post GitGuardian Joins Health-ISAC: Strengthening Cybersecurity in Healthcare Through Secrets…
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. “We continue to see vulnerabilities being exploited at a fast pace with 28.3% of…
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a “major blind spot in Linux runtime security tools,” ARMO said. “This mechanism…
The Illusion of Truth: The Risks and Responses to Deepfake Technology
Abstract In the age of information, where the line between reality and fiction is increasingly blurred, deepfake technology has emerged as a powerful tool with both immense potential and significant… The post The Illusion of Truth: The Risks and Responses…
New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins
SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: New SessionShark…
Commvault RCE Vulnerability Exploited—PoC Released
Enterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in Commvault’s on-premise backup and recovery software. The issue, tracked as CVE-2025-34028, has rocked the cybersecurity…
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
Cisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP’s SSH server. The flaw, tracked as CVE-2025-32433, allows unauthenticated attackers to execute arbitrary code on vulnerable devices, posing systemic risks to…
Crooks exploit the death of Pope Francis
Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. On April 24, 2025, after Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public…
Push Security Raises $30 Million in Series B Funding
Push Security has raised $30 million in Series B funding to scale its browser-based identity security platform. The post Push Security Raises $30 Million in Series B Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes
A high-severity vulnerability in Redis, the popular open-source in-memory data structure store, that could allow unauthenticated attackers to cause denial-of-service conditions by exhausting server memory. Tracked as CVE-2025-21605 with a CVSS score of 7.5, this vulnerability affects all Redis versions…
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code…
AVX ONE PQC Tool delivers crypto inventory, risk insights, and readiness scoring
AppViewX has announced the launch of the AVX ONE Post-Quantum Cryptography (PQC) Assessment Tool that generates a Cryptographic Bill of Materials and PQC readiness score. By scanning code, dependencies, configurations and certificates in enterprise environments, the PQC Assessment Tool provides…
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. “This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized…
Data breach exposes 21 Million employee screenshots from a workplace surveillance tool
In a staggering privacy breach, over 21 million images documenting employee activity from a workplace surveillance tool have been leaked. The affected app is called WorkComposer, which is used by IT teams […] Thank you for being a Ghacks reader.…
Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
Security researcher Alessandro Sgreccia (aka “rainpwn”) has revealed a set of critical vulnerabilities in Zyxel’s USG FLEX-H firewall series that enable remote code execution (RCE) and privilege escalation—without authentication. The findings, affecting models including the FLEX 100H and FLEX 700H,…
SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding
AI-powered threat prevention company Augur (rebranded from SecLytics) has raised $7 million in seed funding. The post SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
DirectDefense launches Security Essentials to protect growing SMBs
DirectDefense has launched DirectDefense Security Essentials, a fully managed, subscription-based security program purpose-built for small to mid-sized businesses (SMBs). With Security Essentials, DirectDefense is addressing the critical security needs of the underserved SMB market by combining virtual CISO (vCISO) services,…