Cisco IOS RCE Vulnerability CVE-2025-20352 Exploited
Cisco has publicly disclosed a critical remote code execution (RCE) vulnerability, tracked as CVE-2025-20352, affecting its widely deployed Cisco IOS and IOS XE software platforms.…
Author: Cybernoz
NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges
A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in…
SetupHijack Tool Abuses Race Conditions in Windows Installer to Hijack Setups
Security researchers at Hacker House have released SetupHijack, a proof-of-concept tool that exploits race conditions and insecure file handling in Windows installers and updaters. The…
North Korean IT workers use fake profiles to steal crypto
ESET Research has published new findings on DeceptiveDevelopment, also called Contagious Interview. This North Korea-aligned group has become more active in recent years and focuses…
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Sep 25, 2025Ravie LakshmananSoftware Security / Malware Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and…
Zoom includes AI at no extra cost to crack enterprise adoption puzzle
Zoom has thrown down the gauntlet in the enterprise artificial intelligence (AI) race, with the announcement that AI Companion 3.0 will be available at no…
Cisco Patches Zero-Day Flaw Affecting Routers and Switches
Cisco on Wednesday announced patches for 14 vulnerabilities in IOS and IOS XE, including a bug that has been exploited in the wild. The exploited…
Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data
Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections,…
Malware Deployment via Copyright Takedown Claims by Threat Actors
Threat actors from the Lone None group are exploiting copyright takedown notices to distribute sophisticated malware, including Pure Logs Stealer and a newly identified information…
GenAI is exposing sensitive data at scale
Sensitive data is everywhere and growing fast. A new report from Concentric AI highlights how unstructured data, duplicate files, and risky sharing practices are creating…
Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software
Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software Pierluigi Paganini September 25, 2025 Cisco addressed a high-severity zero-day in Cisco IOS…
New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic
Organizations commonly allow traffic to core services like Google Meet, YouTube, Chrome update servers, and Google Cloud Platform (GCP) to ensure uninterrupted operations. A newly…