Cyber Security News
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide.
The flaw, which enables NTLM hash disclosure...
Cyber Security News
Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library
A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications.
This issue...
Cyber Security News
Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages
Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript,...
CVE/vulnerability
PoC Exploit Released For Critical Windows LDAP RCE Vulnerability
The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP...
CVE/vulnerability
DrayTek Devices Vulnerability Let Attackers Arbitrary Commands Remotely
The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability.
Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers...
Cyber Security News
New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’
A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an...
CVE/vulnerability
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely
GFI Software's Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through...
Cyber Crime
Researchers Detailed Credential Abuse Cycle
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them to gain unauthorized access. This can lead to data...
cyber security
Hackers Abuse EDRSilencer Red Team Tool To Evade Detection
EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for associated processes using the WFP, which makes it harder to...
cyber security
Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks
A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.
With a CVSS base score of 9.8,...
CVE/vulnerability
Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code
Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative...