CitrixBleed 2 Vulnerability PoC Published
A newly published proof-of-concept (PoC) for the critical CitrixBleed 2 vulnerability (CVE-2025-5777) has sent shockwaves through the cybersecurity community, with experts warning of imminent mass…
Author: Cybernoz
NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware
A sophisticated APT group dubbed “NightEagle” (APT-Q-95) has been conducting targeted attacks against China’s critical technology sectors since 2023. The group has demonstrated exceptional capabilities…
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections
A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of…
Adware, Trojans and Crypto Theft Lead Q2 Threats
A series of malicious apps and stealthy spyware is targeting Android users worldwide, with new data showing how cybercriminals keep finding ways to slip threats…
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini July 07, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
New Linux EDR Evasion Tool Exploits io_uring Kernel Feature
A new tool named RingReaper is raising eyebrows among defenders and red teamers alike. By leveraging the legitimate, high-performance Linux kernel feature known as io_uring,…
New technique detects tampering or forgery of a PDF document
Researchers from the University of Pretoria presented a new technique for detecting tampering in PDF documents by analyzing the file’s page objects. The technique employs…
APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data
Pakistan-based threat actor APT36, also known as Transparent Tribe, has significantly evolved its cyber-espionage capabilities by launching a sophisticated campaign specifically targeting Indian defense personnel…
ScriptCase Vulnerabilities Allow Remote Code Execution and Full Server Compromise
Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code…
July 2025 Patch Tuesday forecast: Take a break from the grind
There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others.…
PoC Released for Linux Privilege Escalation Flaw in udisksd and libblockdev
Security researchers disclosed a critical local privilege escalation (LPE) vulnerability affecting Fedora, SUSE, and other major Linux distributions. The flaw, tracked as CVE-2025-6019, resides in the…
AI built it, but can you trust it?
In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly.…