Category: CyberSecurityNews

Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
25
Sep
2025

Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts

A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by this widely-used…

Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
24
Sep
2025

Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild

Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being…

How to Detect Hidden Redirects and Payloads
24
Sep
2025

How to Detect Hidden Redirects and Payloads

Phishing campaigns are getting harder to spot, sometimes hiding in files you’d never suspect. ANY.RUN’s cybersecurity analysts recently uncovered one…

RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
24
Sep
2025

RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders

Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing…

Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access
24
Sep
2025

Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access

A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level…

Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware
24
Sep
2025

Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware

In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software….

New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network
24
Sep
2025

New North Korean IT Worker With Innocent Job Application Get Access to Organization’s Network

In recent months, a sophisticated threat actor leveraging North Korean IT worker employment fraud has surfaced, demonstrating how social engineering…

Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions
24
Sep
2025

Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions

Chromium-based browsers, including Chrome, Edge, and Brave, manage installed extensions via JSON preference files stored under %AppData%GoogleUser DataDefaultPreferences (for domain-joined machines)…

UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports
24
Sep
2025

UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports

A man in his forties has been arrested in West Sussex, England, in connection with a cyber-attack that has caused…

Hackers Can Bypass EDR by Downloading Malicious File as In-Memory PE Loader
24
Sep
2025

Hackers Can Bypass EDR by Downloading Malicious File as In-Memory PE Loader

A sophisticated technique that allows attackers to execute malicious code directly in memory is gaining traction, posing a significant challenge…

OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission
24
Sep
2025

OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission

A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS…

Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands
24
Sep
2025

Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands

Libraesva has issued an emergency patch for a significant command injection vulnerability in its Email Security Gateway (ESG) after confirming…