CyberSecurityNews

Underground Ransomware Gang With New Tactics Against Organizations Worldwide

Over the past year, the Underground ransomware gang has emerged as a formidable threat to organizations across diverse industries and geographies. First identified in July…

August 28, 2025 Cybernoz 3 min read

CyberSecurityNews

Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents

A widespread service issue is impacting Microsoft Teams users globally this Thursday, preventing many from opening embedded Microsoft Office documents within the collaboration platform. Reports…

August 28, 2025 Cybernoz 2 min read

CyberSecurityNews

New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands

A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a significant threat to organizations worldwide, leveraging fake Google and Cloudflare CAPTCHA pages to trick…

August 28, 2025 Cybernoz 2 min read

CyberSecurityNews

Attacker Context and Historical iOS Zero-Click Similarities

Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day vulnerability in the ImageIO framework that has been actively exploited in…

August 28, 2025 Cybernoz 5 min read

CyberSecurityNews

NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation

NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow attackers to execute malicious code and…

August 27, 2025 Cybernoz 2 min read

CyberSecurityNews

How ClickFix and Multi-Stage Frameworks Are Breaking Enterprise Defenses

August 2025 has marked a significant evolution in cybercrime tactics, with threat actors deploying increasingly sophisticated phishing frameworks and social engineering techniques that are successfully…

August 27, 2025 Cybernoz 5 min read

CyberSecurityNews

28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild

A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in…

August 27, 2025 Cybernoz 2 min read

CyberSecurityNews

PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309)

A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability affecting CrushFTP file transfer servers. The flaw enables remote attackers…

August 27, 2025 Cybernoz 2 min read

CyberSecurityNews

IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript

A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as CVE-2025-50975, the vulnerability allows any authenticated administrator to inject…

August 27, 2025 Cybernoz 2 min read

CyberSecurityNews

CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits

CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. These advisories highlight…

August 27, 2025 Cybernoz 3 min read

CyberSecurityNews

New BruteForceAI Tool Automatically Detects Login Pages and Executes Smart Brute-Force Attacks

BruteForceAI, an innovative penetration testing framework developed by Mor David, integrates large language models (LLMs) with browser automation to autonomously identify login forms and conduct…

August 27, 2025 Cybernoz 2 min read

CyberSecurityNews

New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression

A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits…

August 27, 2025 Cybernoz 2 min read