Category: CyberSecurityNews

VS Code Extension Weaponized With Two Lines of Code Leads to Supply Chain Attack
09
Jul
2025

VS Code Extension Weaponized With Two Lines of Code Leads to Supply Chain Attack

A sophisticated supply chain attack has compromised ETHcode, a popular Visual Studio Code extension for Ethereum development, through a malicious…

Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data
09
Jul
2025

Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data

A sophisticated cyberattack orchestrated by Chinese state-sponsored hackers has exposed vulnerabilities in the global cybersecurity infrastructure, targeting critical COVID-19 research…

Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions
09
Jul
2025

Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions

Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3,…

SparkKitty Malware Attacking iOS and Android Users to Steal Gallery Images
09
Jul
2025

SparkKitty Malware Attacking iOS and Android Users to Steal Gallery Images

A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating both…

Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges
09
Jul
2025

Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges…

Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
09
Jul
2025

Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks

Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services. …

Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network
09
Jul
2025

Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network

A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over…

Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
09
Jul
2025

Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems.  The…

CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks
09
Jul
2025

CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks

CISA has issued a critical warning regarding a path traversal vulnerability in the Ruby on Rails framework that poses significant…

DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass
09
Jul
2025

DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass

A critical vulnerability in DNN (formerly DotNetNuke) that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass…

How To Defend Against These Phishing Kit Attacks 
08
Jul
2025

How To Defend Against These Phishing Kit Attacks 

Phishing kits are evolving fast. Threat actors behind toolkits like Tycoon2FA, EvilProxy, and Sneaky2FA are getting smarter, setting up infrastructure…

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets
08
Jul
2025

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, affecting devices from smartphones…