Tag: Cyber Security News

Attackers are actively exploiting a serious vulnerability in Array Networks’ ArrayOS AG series to gain unauthorized access to enterprise networks. The flaw exists in the DesktopDirect function, a feature designed to provide remote desktop access to administrators. Security researchers have…

Read more →

Critical security updates have been released to fix two high-severity flaws in the Triton Inference Server that let attackers crash systems remotely from NVIDIA. Both flaws received a CVSS score of 7.5, indicating they are high-priority threats requiring immediate patching.…

Read more →

A new sophisticated threat actor has emerged in the cybersecurity landscape, targeting critical infrastructure across the United States. The adversary, operating under the name WARP PANDA, has demonstrated remarkable technical capabilities in infiltrating VMware vCenter environments at legal, technology, and…

Read more →

A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow…

Read more →

Cloudflare has confirmed that it is currently experiencing a significant outage that is affecting the Cloudflare Dashboard and several Cloudflare API services. The issue began earlier today and has caused widespread disruptions for users who rely on Cloudflare’s management tools…

Read more →

SeedSnatcher represents a significant threat to cryptocurrency users worldwide. Packaged under the seemingly innocent name “Coin” and distributed through Telegram, this Android malware has emerged as a sophisticated tool designed specifically to steal digital wallet recovery codes and execute remote…

Read more →

A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows…

Read more →

A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from…

Read more →

A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked…

Read more →

Security researchers have uncovered a sophisticated Linux malware campaign that merges Mirai-derived DDoS botnet capabilities with a stealthy fileless cryptominer, representing a significant evolution in IoT and cloud-targeted threats. The malware, dubbed V3G4 by Cyble Research Intelligence Labs, employs a…

Read more →

A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers worldwide. Dubbed “React2Shell” by some researchers, the vulnerability carries a CVSS score of 10.0 and…

Read more →

China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React Server Components and lets an attacker run code on the server without logging in. Early…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated new malware campaign orchestrated by People’s Republic of China (PRC)…

Read more →

A new class of prompt injection vulnerabilities, dubbed “PromptPwnd,” has been uncovered by cybersecurity firm Aikido Security. The flaws affect GitHub Actions and GitLab CI/CD pipelines that are integrated with AI agents, including Google’s Gemini CLI, Claude Code, and OpenAI…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Canadian Centre for Cyber Security (Cyber Centre) issued a joint advisory today, warning of a sophisticated new malware campaign orchestrated by People’s Republic of China (PRC)…

Read more →

Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remote authenticated users to upload and execute arbitrary JSP files through the view_edit.shtm interface, creating…

Read more →

Clickjacking has long been considered a “dumb” attack in the cybersecurity world. Traditionally, it involves placing an invisible frame over a legitimate website to trick a user into clicking a button they didn’t intend to, like masking a “Delete Account”…

Read more →

Arizona Attorney General Kris Mayes has announced a lawsuit against the popular Chinese e-commerce retailer Temu, accusing the company of stealing vast amounts of customer data. The lawsuit, filed Tuesday, positions Arizona alongside several other states taking legal action against…

Read more →

Multiple critical zero‑day vulnerabilities in PickleScan, a popular open‑source tool used to scan machine learning models for malicious code. PickleScan is widely used in the AI world, including by Hugging Face, to check PyTorch models saved with Python’s pickle format. Pickle is flexible…

Read more →

A comprehensive phishing operation began targeting Indian companies in November 2025 by impersonating the Income Tax Department of India. The campaign employed remarkably authentic government communication templates, bilingual messaging in Hindi and English, and legal references to sections of the…

Read more →