Cybersecurity News
-
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as…
Read More » -
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation
Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and enable privilege escalation within cloud environments. The vulnerabilities, rooted in…
Read More » -
Mattermost Vulnerabilities Let Attackers Execute Remote Code Via Path Traversal
Mattermost, a widely-used open-source collaboration platform, has recently disclosed critical vulnerabilities in its software that could allow attackers to execute remote code through path traversal exploits. As detailed on the…
Read More » -
Israeli Social Media Users Targeted in Covert Iranian Influence Campaign
A covert Iranian social media operation has been uncovered, targeting Israeli users on platform X with a psychological campaign designed to sow discord and despair. Researchers at the Foundation for…
Read More » -
OpenVPN Driver Vulnerability Let Attackers Crash Windows Systems
Network administrators and cybersecurity experts will be pleased to learn that OpenVPN 2.7_alpha2 will be released on June 19, 2025, according to the OpenVPN community project team. While this early…
Read More » -
DuckDuckGo Browser’s Scam Blocker to Guard Against phishing and Malware Sites
DuckDuckGo has rolled out an advanced update to its browser’s built-in Scam Blocker, a robust security feature designed to shield users from a wide array of online threats, including phishing…
Read More » -
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July…
Read More » -
Cyberattack Disrupts Russian Dairy Supply Chain by Targeting Animal Certification System
In a Russia’s dairy supply chain, a suspected cyberattack has targeted the Mercury component of the national veterinary certification system, forcing it into emergency operation mode. This critical system, integral…
Read More » -
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware
China’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework for large AI models. These flaws, already under active exploitation…
Read More » -
Massive DDoS Attack Hits 7.3 Tbps Delivering 37.4 Terabytes in 45 Seconds
The internet witnessed a new record in cyberattacks last month as Cloudflare, blocked the largest distributed denial-of-service (DDoS) attack ever recorded. The attack peaked at an astonishing 7.3 terabits per…
Read More » -
Tesla Wall Connector Hacked Through Charging Port in Just 18 Minutes
Security researchers from Synacktiv successfully hacked the Tesla Wall Connector through its charging port in just 18 minutes, exposing critical vulnerabilities in the device’s firmware and communication protocols. The Tesla…
Read More » -
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites. This vulnerability, classified as an…
Read More » -
Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any Host
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the @opennextjs/cloudflare package, posing a significant security threat to websites deployed using the Cloudflare adapter for Open Next. The…
Read More » -
Chollima Hackers Target Windows and MacOS with New GolangGhost RAT Malware
A North Korean-affiliated threat actor called Famous Chollima (also known as Wagemole) has launched a sophisticated remote access trojan (RAT) campaign against Windows and MacOS devices, a concerning development discovered…
Read More » -
SuperCard Malware Hijacks Android Devices to Steal Payment Card Data and Relay it to Attackers
F6, a leading developer of technologies to combat cybercrime, has reported the emergence of SuperCard, a malicious modification of the legitimate NFCGate program, now targeting Android users globally, with recent…
Read More » -
Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software. These flaws—assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287—could allow attackers to execute…
Read More » -
New Sorillus RAT Targets European Organizations Through Tunneling Services
An important development discovered in March 2025 by Orange Cyberdefense’s Managed Threat Detection teams in Belgium was that a European client was the subject of a malicious infection chain that…
Read More »