Monsta web-based FTP Remote Code Execution Vulnerability Exploited
A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide. The flaw, now tracked…
Category: CyberSecurityNews
Critical runc Vulnerabilities Put Docker and Kubernetes Container Isolation at Risk
Three critical vulnerabilities in runc, the container runtime powering Docker, Kubernetes, and other containerization platforms. These flaws could allow attackers to escape container isolation and…
AI-Powered Penetration Testing Platform Includes GPT-4 and Other AI Engine’s
HackGPT Enterprise is a new tool made for security teams focuses on being scalable and compliant, meeting the growing need for effective vulnerability assessments. The…
New Whisper Leak Toolkit Exposes User Prompts to Popular AI Agents within Encrypted Traffic
A sophisticated side-channel attack that exposes the topics of conversations with AI chatbots, even when traffic is protected by end-to-end encryption. Dubbed “Whisper Leak,” this…
Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched
QNAP has addressed seven critical zero-day vulnerabilities in its network-attached storage (NAS) operating systems, following their successful exploitation by security researchers at Pwn2Own Ireland 2025.…
Google Maps Adds Feature for Businesses to Report Ransom Demands for Removing Bad Reviews
Scammers are targeting businesses with a new extortion scheme, and Google Maps is fighting back with a dedicated reporting tool. Google has introduced a feature…
Hackers Hijacking Samsung Galaxy Phones by Exploiting 0-Day Using a Single Image Via WhatsApp
A sophisticated spyware operation targeting Samsung Galaxy devices, dubbed LANDFALL, which exploited a zero-day vulnerability to infiltrate phones through seemingly innocuous images shared on WhatsApp.…
Threat Actors Leveraging RDP Credentials to Deploy Cephalus Ransomware
A newly identified ransomware group, Cephalus, has emerged as a significant threat to organizations worldwide, exploiting stolen Remote Desktop Protocol (RDP) credentials to gain access…
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
German hosting provider aurologic GmbH has emerged as a central facilitator within the global malicious infrastructure ecosystem, providing upstream transit and data center services to…
ClickFix Attacks Evolved With Weaponized Videos That Tricks Users via Self-infection Process
ClickFix attacks have experienced a dramatic surge over the past year, establishing themselves as a cornerstone of modern social engineering tactics. These sophisticated attacks manipulate…
Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus
A sophisticated banking trojan named Herodotus has emerged as a significant threat to Android users worldwide. Operating as Malware-as-a-Service, this malicious application disguises itself as…
Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain
Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers…