Gcore Radar Report Reveals 41% Surge in DDoS Attack Volumes
Luxembourg, Luxembourg, September 25th, 2025, CyberNewsWire Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1-Q2 2025…
Category: CyberSecurityNews
NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges
A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in…
Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data
Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections,…
New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic
Organizations commonly allow traffic to core services like Google Meet, YouTube, Chrome update servers, and Google Cloud Platform (GCP) to ensure uninterrupted operations. A newly…
Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A severe vulnerability in the Linux kernel’s ksmbd SMB server implementation has been disclosed, potentially allowing authenticated remote attackers to execute arbitrary code on affected…
Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information
A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited by hackers to gain unauthorized access to sensitive information. SANS…
BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features
Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated…
Banking Trojans Attacking Android Users Mimic as Government and Legitimate Payment Apps
A sophisticated cybercriminal campaign has emerged targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate government identity applications and payment services. The…
Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively exploited in the wild.…
How to Detect Hidden Redirects and Payloads
Phishing campaigns are getting harder to spot, sometimes hiding in files you’d never suspect. ANY.RUN’s cybersecurity analysts recently uncovered one such case: a malicious SVG…
RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits…
Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access
A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems. Tracked…