cyber security
PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)
Security researchers have disclosed a new macOS sandbox escape vulnerability tracked as CVE-2025-31258, accompanied by a proof-of-concept (PoC) exploit demonstrating partial sandbox bypass via Apple’s RemoteViewServices framework.
The flaw,...
cyber security
New Advanced Phishing Attack Exploits Discord to Target Crypto Users
Check Point Research has uncovered a sophisticated phishing campaign that leverages Discord to target cryptocurrency users.
The attack redirects victims from legitimate Web3 websites...
cyber security
Researcher Exploits Regex Filter Flaw ...
Target application included a username field restricted by a frontend regex filter (/^{1,20}$/), designed to accept only alphanumeric characters.
While this initially appeared robust,...
Cyber Security News
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide.
The flaw,...
Cyber Security News
Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library
A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications.
This issue...
Cyber Security News
Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages
Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript,...
CVE/vulnerability
PoC Exploit Released For Critical Windows LDAP RCE Vulnerability
The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP...
CVE/vulnerability
DrayTek Devices Vulnerability Let Attackers Arbitrary Commands Remotely
The DrayTek Gateway devices, more specifically the Vigor2960 and Vigor300B models, are susceptible to a critical command injection vulnerability.
Exploitable via the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint, attackers...
Cyber Security News
New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’
A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an...
CVE/vulnerability
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely
GFI Software's Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through...
Cyber Crime
Researchers Detailed Credential Abuse Cycle
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them to gain unauthorized access. This can lead to data...