Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of ” the…
Author: Cybernoz
Beware of Phishing Email from Kimusky Hackers With Subject Spetember Tax Return Due Date Notice
A new wave of phishing attacks purporting to originate from South Korea’s National Tax Service has emerged, leveraging familiar electronic document notifications to trick recipients…
Innovator Spotlight: Corelight – Cyber Defense Magazine
The Network’s Hidden Battlefield: Rethinking Cybersecurity Defense Modern cyber threats are no longer knocking at the perimeter – they’re already inside. The traditional security paradigm…
Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers
Ivanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high‐severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient…
Plex tells users to change passwords due to data breach, pushes server owners to upgrade
Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third…
Mitsubishi Electric agrees to buy Nozomi Networks in deal valued at about $1B
Mitsubishi Electric Corp. on Tuesday said it agreed to buy industrial cybersecurity specialist Nozomi Networks. The deal is valued at about $1 billion, making it…
US charges admin of LockerGoga, MegaCortex, Nefilim ransomware
The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware…
FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands
Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute unauthorized commands. Tracked as CVE-2024-45325, the…
FortiDDoS Vulnerability Lets Hackers Execute Unauthorized OS Commands
Fortinet has disclosed a significant OS command injection vulnerability in its FortiDDoS-F appliances that could allow privileged attackers to execute unauthorized code or commands through…
New Salty2FA Phishing Kit Bypasses MFA and Clones Login Pages
A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read expert analysis on how these “Phishing 2.0”…
National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries
The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,”…
Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure
Salat Stealer has emerged as a pervasive threat targeting Windows endpoints with a focus on harvesting browser-stored credentials and cryptocurrency wallet data. First detected in…