Tag: Cyber Security News

Oracle has announced the release of VirtualBox 7.2, a major update to the popular open-source virtualization platform that introduces significant enhancements for Windows 11/Arm virtualization, comprehensive GUI improvements, and numerous bug fixes.  Released on August 14, 2025, this version marks…

Read more →

Over 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are vulnerable to two newly disclosed zero-day vulnerabilities – CVE-2025-8875 and CVE-2025-8876.  As of August 15, 2025, exactly 1,077 unique IPs have been identified as running outdated…

Read more →

The PostgreSQL Global Development Group has issued emergency security updates across all supported versions to address three critical vulnerabilities that could allow attackers to execute arbitrary code during database restoration processes.  The vulnerabilities affect PostgreSQL versions 13 through 17, with…

Read more →

Use-after-free (UAF) vulnerabilities represent one of the most critical and prevalent security threats in modern software systems, particularly affecting applications written in memory-unsafe languages like C and C++. These vulnerabilities occur when a program continues to use a memory location…

Read more →

A critical security vulnerability has been discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, potentially allowing remote attackers to execute arbitrary code on industrial control systems.  The vulnerability, tracked as CVE-2025-7353, affects multiple ControlLogix Ethernet modules and carries a maximum…

Read more →

A cybersecurity researcher has discovered that hundreds of publicly accessible TeslaMate installations are exposing sensitive Tesla vehicle data without authentication, revealing GPS coordinates, charging patterns, and personal driving habits to anyone on the internet.  The vulnerability stems from misconfigured deployments…

Read more →

Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform. The…

Read more →

A threat actor operating under the alias “Chucky_BF” has posted a concerning advertisement on a well-known cybercrime forum, claiming to possess and sell a “Global PayPal Credential Dump 2025” containing over 15.8 million email and plaintext password pairs.  The dataset,…

Read more →

In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article…

Read more →

A significant security update rolled out by Microsoft with the Windows 11 24H2 (KB5063878) release is causing widespread issues for users, with reports surfacing that the update can render SSDs and HDDs inaccessible and may potentially corrupt user data. Last…

Read more →

As families across the country prepare for the return to school, cybercriminals are exploiting the seasonal rush with a fresh wave of sophisticated shopping scams. Leveraging peaks in online spending, scammers are deploying malicious campaigns that prey on unsuspecting users…

Read more →

In the week of August 11-17, 2025, the cybersecurity landscape was marked by critical updates from major vendors and a surge in sophisticated threats, underscoring the ongoing battle against digital vulnerabilities. Microsoft rolled out its Patch Tuesday updates on August…

Read more →

CISA in collaboration with international partners, has released comprehensive guidance, titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators,” to strengthen cybersecurity defenses across critical infrastructure sectors. The document emphasizes the critical importance of maintaining accurate operational…

Read more →

A newly discovered zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) solution allows attackers to bypass security measures, execute malicious code, and trigger a BSOD system crash, according to the Ashes Cybersecurity research. The vulnerability resides in a core…

Read more →

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from…

Read more →

A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems.  The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high…

Read more →

Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture.  The vulnerability allowed malicious websites to escape Chrome’s sandbox protection and execute arbitrary code on victim systems. …

Read more →

Security researchers have uncovered four serious vulnerabilities in ImageMagick, one of the world’s most widely used open-source image processing software suites, potentially exposing millions of users to security risks. The vulnerabilities, discovered by researcher “urban-warrior” and published three days ago,…

Read more →

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from…

Read more →

Researchers at Hunt.io have made a significant discovery in the cybersecurity field by obtaining and analyzing the complete source code of ERMAC V3.0. This advanced Android banking trojan targets over 700 financial applications worldwide. This unique insight into an active malware-as-a-service platform…

Read more →