WinZip Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A newly discovered vulnerability in WinZip, a popular file compression and archiving utility, has raised alarms among cybersecurity experts. Identified...
Read more →Author: Cybernoz
AI-Powered Social Engineering: Ancillary Tools and Techniques
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and...
Read more →
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise...
Read more →
Hackers Exploiting Newly Discovered PAN-OS Authentication Bypass Vulnerability
Threat actors actively exploit a new high-severity vulnerability, CVE-2025-0108, in Palo Alto Networks’ PAN-OS. This exploit allows attackers to bypass...
Read more →
WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems...
Read more →
Device Code Phishing Attack Exploits Authentication Flow to Hijack Tokens
A sophisticated phishing campaign leveraging the device code authentication flow has been identified by Microsoft Threat Intelligence, targeting a wide...
Read more →
Government renames AI Safety Institute and teams up with Anthropic
Peter Kyle, secretary of state for Science, Innovation and Technology will use the Munich Security Conference as a platform to...
Read more →
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks Pierluigi Paganini February 14, 2025 Threat actors are exploiting...
Read more →
New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to...
Read more →
CISA Publishes 20 Advisories on ICS Security Flaws and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has issued 20 security advisories on February 13, 2025, warning about critical vulnerabilities...
Read more →
PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. This flaw was identified during...
Read more →
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins
A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication...
Read more →