Category: CyberSecurityNews

Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands
18
Jul
2025

Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands

A critical security vulnerability affecting multiple Ubiquiti UniFi Access devices could allow attackers to execute malicious commands remotely.  The vulnerability,…

Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins
18
Jul
2025

Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins

A sophisticated Malware-as-a-Service operation has emerged that exploits the trusted GitHub platform to distribute malicious payloads, representing a significant evolution…

New "Daemon Ex Plist" Vulnerability Gives Attackers Root Access on macOS
18
Jul
2025

New “Daemon Ex Plist” Vulnerability Gives Attackers Root Access on macOS

A critical vulnerability in macOS allows attackers to escalate privileges to root access through misconfigured daemon services.  The vulnerability, dubbed…

Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains
18
Jul
2025

Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains

In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest,…

CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits
18
Jul
2025

CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits

CISA issued three significant Industrial Control Systems (ICS) advisories on July 17, 2025, addressing critical vulnerabilities affecting energy monitoring, healthcare…

Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It
18
Jul
2025

Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It

A critical security vulnerability in TeleMessageTM SGNL, an enterprise messaging system modeled after Signal, has been actively exploited by cybercriminals…

New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs
18
Jul
2025

New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs

WAFFLED is a recently disclosed technique that evades leading Web Application Firewalls (WAFs) by targeting subtle parsing inconsistencies rather than…

BIND 9 Vulnerabilities Expose Organizations to Cache Poisoning and DoS Attacks
18
Jul
2025

BIND 9 Vulnerabilities Expose Organizations to Cache Poisoning and DoS Attacks

Two critical vulnerabilities in the BIND 9 DNS resolver software are affecting organizations worldwide, with potential cache poisoning and denial-of-service…

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges
18
Jul
2025

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges

A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation…

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier
17
Jul
2025

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier

Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The…

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike
17
Jul
2025

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike

A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and…

Hackers Exploiting Blind Spots in DNS Records to Store and Deliver Malware
17
Jul
2025

Hackers Exploiting Blind Spots in DNS Records to Store and Deliver Malware

A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in…