Category: CyberSecurityNews

Zimbra Classic Web Client Vulnerability Let Attackers Execute Arbitrary JavaScript
24
Jun
2025

Zimbra Classic Web Client Vulnerability Let Attackers Execute Arbitrary JavaScript

A critical security vulnerability has been discovered in Zimbra Classic Web Client that enables attackers to execute arbitrary JavaScript code…

New FileFix Attack Abuses Windows File Explorer to Execute Malicious Commands
24
Jun
2025

New FileFix Attack Abuses Windows File Explorer to Execute Malicious Commands

A novel social engineering technique called “FileFix” that exploits Windows File Explorer’s address bar functionality to execute malicious commands, presenting…

Gonjeshke Darande Threat Actors Pose as Hacktivist Infiltrated Iranian Crypto Exchange
24
Jun
2025

Gonjeshke Darande Threat Actors Pose as Hacktivist Infiltrated Iranian Crypto Exchange

In a significant escalation of cyber warfare in the Middle East, suspected Israeli state-sponsored threat actors operating under the name…

Facebook, Netflix, Microsoft Hijacked to Insert Fake Phone Number
24
Jun
2025

Facebook, Netflix, Microsoft Hijacked to Insert Fake Phone Number

Summary 1. Scammers inject fake phone numbers into legitimate company websites (Netflix, Microsoft, Bank of America) using malicious URL parameters….

2,000+ Devices Hacked Using Weaponized Social Security Statement Themes
24
Jun
2025

2,000+ Devices Hacked Using Weaponized Social Security Statement Themes

A sophisticated phishing campaign masquerading as official Social Security Administration (SSA) communications has successfully compromised more than 2,000 devices, according…

Threat Actors Abuse ConnectWise Configuration to Build a Signed Malware
24
Jun
2025

Threat Actors Abuse ConnectWise Configuration to Build a Signed Malware

A sophisticated malware campaign has emerged that exploits legitimate ConnectWise remote access software to create validly signed malicious applications, representing…

Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers
24
Jun
2025

Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers

A critical security vulnerability has been discovered in Performave Convoy that allows unauthenticated remote attackers to execute arbitrary code on…

OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data
24
Jun
2025

OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data

A critical security vulnerability has been discovered in OPPO’s Clone Phone feature that could expose sensitive user data through inadequately…

Pro-Iranian Hacktivists Targeting US Networks Department of Homeland Security Warns
24
Jun
2025

Pro-Iranian Hacktivists Targeting US Networks Department of Homeland Security Warns

The Department of Homeland Security has issued a critical advisory warning of escalating cyber threats from pro-Iranian hacktivist groups targeting…

Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data
24
Jun
2025

Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data

A sophisticated phishing campaign emerged in May 2025, targeting U.S. citizens through a coordinated impersonation of state Department of Motor…

Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
24
Jun
2025

Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers

A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft…

Aviatrix Cloud Controller Authentication Vulnerability Let Attackers Execute Remote Code
24
Jun
2025

Aviatrix Cloud Controller Authentication Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities in Aviatrix Controller, a Software-Defined Networking (SDN) utility that enables cloud connectivity across different vendors and regions. …