Cyber trends overview

LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
1 year ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Vidar Infostealer - Vidar is an infostealer malware that was first discovered in the wild in late 2018. It operates as malware-as-a-service and runs on Windows. Vidar can collect a wide range of sensitive data from browsers and digital wallets. Additionally, it is used ...
1 year ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
1 year ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
1 year ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
1 year ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Western Alliance Bank says nearly 22,000 impacted by file transfer software breach | The Record from Recorded Future News - The Clop gang — which has conducted global data theft campaigns targeting file sharing tools MOVEit, GoAnywhere and Accellion over the last five years — initially named 66 companies in the fall of 2024 but has slowly been releasing the names of ...
5 days ago Therecord.media CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Half a million people impacted by Pennsylvania State Education Association data breach | The Record from Recorded Future News - The organization published breach notices in several states and on its website, warning its current and former members as well as their dependants that hackers broke into their systems last year and stole state IDs, Social Security numbers, financial ...
5 days ago Therecord.media CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Municipalities in four states are struggling with cyberattacks limiting services | The Record from Recorded Future News - The attack on Cleveland Municipal Court was claimed on Tuesday by the Qilin ransomware gang — a group responsible for other recent attacks on local governments, as well as critical healthcare entities in the U.K. The court did not respond to ...
5 days ago Therecord.media CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Increases by 130% - These sophisticated attacks leverage unpatched security flaws in popular browsers to deploy malicious payloads before security teams can implement countermeasures, leaving users and organizations extremely vulnerable in the critical first hours of an ...
4 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

New BitM Attack Lets Hackers Steal User Sessions Within Seconds - BitM signifies a major shift in cyber threats, using browser functionalities to evade traditional security measures. This method exploits web browser functionalities to hijack authenticated sessions, posing a significant threat to organizations ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Western Alliance Bank notifies 21,899 customers of data breach - The bank first revealed in a February SEC filing that the attackers exploited a zero-day vulnerability in the third-party software (disclosed by the vendor on October 27, 2024) to hack a limited number of Western Alliance systems and exfiltrate files ...
5 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

GitHub restores code following malicious changes to tj-actions tool | The Record from Recorded Future News - On Friday, cybersecurity firm StepSecurity warned of a security incident impacting the tj-actions/changed-files GitHub Action, a popular tool used to track file changes and trigger other actions depending on those alterations. Mureinik told Recorded ...
6 days ago Therecord.media CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

New Clearfake Variant Leverages Fake reCAPTCHA To Trick Users Deliver Malicious PowerShell Code - The infection flow begins with injected JavaScript on compromised websites, which retrieves malicious code from blockchain smart contracts, ultimately leading to the display of fake security challenges. The latest variant, discovered in December ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Sperm donation giant California Cryobank warns of a data breach - The investigation has determined that the attack exposed varying personal data for customers, including names, bank accounts and routing numbers, Social Security numbers, driver's license numbers, payment card numbers, and/or health insurance ...
5 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Hackers Leveraging Azure App Proxy Pre-authentication to Access Orgs Private Network Resources - However, security researchers at TrustedSec have discovered that when administrators configure the pre-authentication option to “Passthrough” instead of the default “Microsoft Entra ID” setting, they effectively remove the ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users - What makes this attack particularly dangerous is that traditional email authentication mechanisms cannot detect it since emails originate from legitimate Microsoft domains and pass all standard email security checks, directing victims to voice-based ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data - Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. Microsoft recommends organizations implement ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Blockchain gaming platform WEMIX hacked to steal $6.1 million - During a press conference held yesterday, WEMIX's CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn't an attempt to cover it up, but rather a conscious choice to ...
6 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

DocSwap Malware as Security Document Viewer Attacking Android Users Worldwide - A sophisticated malware campaign dubbed “DocSwap” has emerged targeting Android users globally by disguising itself as a legitimate document security and viewing application. S2W Security analysts noted that once installed, the malware ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

vUS Sperm Donor Giant California Cryobank Hacked - Customers' Personal Data Exposed - The cyber intrusion, which occurred on April 20, 2024, but remained undetected until October 4, 2024, has triggered mandatory breach notifications to affected individuals across multiple states, with formal notices sent to customers on March 14, ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

OKX suspends DEX aggregator after Lazarus hackers try to launder funds - OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. OKX is a leading global ...
6 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

New AI Jailbreak Technique Bypasses Security Measures to Write Malware for Google Chrome - The 2025 Cato CTRL™ Threat Report, published on March 18, details how a threat intelligence researcher with zero malware coding experience successfully manipulated leading generative AI platforms including OpenAI’s ChatGPT, Microsoft Copilot, ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

New Arcane infostealer infects YouTube, Discord users via game cheats - A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The campaign distributing Arcane Stealer relies ...
4 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Kali Linux 2025.1a released with 1 new tool, annual theme refresh - Kali Linux has released version 2025.1a, the first version of 2025, with one new tool, desktop changes, and a theme refresh. With the year's first version, the Kali Team introduces a theme update consisting of new wallpapers and changes to the boot ...
4 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code - CVE-2024-10445: An improper certificate validation vulnerability in the update functionality with a CVSS score of 4.3 that enables adjacent attackers to write limited files. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Beware of Fake GitHub "Security Alerts" Let Hackers Hijack Your Account Logins - The attackers have created GitHub accounts with deceptive names like “GitHub Notification” and proceed to open issues on well-known security repositories with the alarming title “Security Alert: Unusual Access Attempt”. ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

8-Year Old Windows Shortcut Zero-Day Exploited by 11 State-Sponsored Groups - Some North Korean threat actors, such as Earth Manticore (APT37) and Earth Imp (Konni), have been using extremely large .lnk files – with sizes up to 70.1 MB – containing excessive whitespace and junk content to further evade detection. ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

GitHub Action hack likely led to another in cascading supply chain attack - Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. A cascading supply chain attack that began with the compromise of the ...
5 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Former Michigan football coach indicted in hacks of athlete databases of more than 100 colleges | The Record from Recorded Future News - Prosecutors claimed Weiss "cracked the encryption" protecting passwords used by athletes themselves — a tactic he learned through "research that he did on the internet." He also searched through data breaches to find leaked ...
3 days ago Therecord.media CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning - Originally launched in December 2022, OSV-Scanner has become an essential tool for open-source security, providing developers with easy access to vulnerability information relevant to their projects. Developers across various programming languages ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

PoC Exploit Released for Use-after-free Linux Kernel Vulnerability - Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years. System administrators should prioritize ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

ChatGPT Vulnerability Actively Exploited to Attack Financial & Government Orgs in US - According to research by cybersecurity firm Veriti, this vulnerability has already been weaponized in numerous real-world attacks, demonstrating how threat actors can leverage even moderate security flaws to compromise sophisticated AI systems. Cyber ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Google Parent Alphabet in Talks to Acquire Cyber Security Group Wiz for $30bn - The company’s platform analyzes cloud infrastructure across major providers, including Amazon Web Services, Microsoft Azure, Google Cloud Platform, and others, to identify security vulnerabilities and risks. The acquisition would significantly ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Cloudflare to Implement Post-Quantum Cryptography to Defend Attacks from Quantum Computers - While not yet powerful enough to break conventional cryptography, experts warn of “harvest now, decrypt later” attacks where adversaries store encrypted data today to decrypt it once quantum technology matures. This approach provides ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Bybit Hack - Sophisticated Multi-Stage Attack Details Revealed - The malicious code contained an activation condition targeting specific contract addresses, along with transaction validation tampering designed to bypass security checks. Sygnia researchers identified that the earliest malicious activity began on ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability - “An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests,” states the Fortinet advisory. The ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Microsoft to End Support for Windows 10, No More Security Updates! - “After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10,” states the notification being distributed to users. After this date, the tech ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems - Security researchers at Bitdefender Labs have detected a significant surge in exploitation attempts targeting a critical PHP vulnerability that allows attackers to execute malicious code on Windows-based systems. The vulnerability, tracked as ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Arcane Stealer Via YouTube Videos Steal Data From Network Utilities Including VPN & FileZilla - Security experts advise users to be extremely cautious when downloading supposed game cheats or cracks from YouTube videos, particularly those that require extracting password-protected archives or running batch files. The malware, discovered in late ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Microsoft: Exchange Online bug mistakenly quarantines user emails - Customers have been reporting experiencing similar problems over the last two days, including having issues accessing the Quarantine Review page when using Microsoft Defender for 365 for email protection and ...
3 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

23,000 GitHub Repositories Targeted In Supply Chain Attack - In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. Organizations should review their software supply ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Oracle denies breach after hacker claims theft of 6 million data records - As further proof that they had access to Oracle Cloud servers, the threat actor shared this URL with BleepingComputer, showing an Internet Archive URL that indicates they uploaded a .txt file containing their ProtonMail email address to the ...
2 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

CVE-2025-30138 - An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once ...
5 days ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

GIMP 3.0 Image Editor Released For Linux, macOS, Unix, and Windows - At long last, the first release of GIMP 3.0 is here! This is the end result of seven years of rigorous development by volunteer developers, designers, artists, and community members (for reference, GIMP 2.10 was first published in 2018). Color ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Squid Werewolf Mimic as Recruiters Attacking Job Seekers To Exfiltrate Personal Data - To protect against such threats, security experts recommend implementing email security solutions, avoiding opening attachments from unknown senders, and deploying endpoint detection and response tools capable of identifying suspicious PowerShell ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

New Windows zero-day exploited by 11 state hacking groups since 2017 - The Windows zero-day, tracked as ZDI-CAN-25373, is caused by a User Interface (UI) Misrepresentation of Critical Information (CWE-451) weakness, which allows attackers to exploit how Windows displays shortcut (.lnk) files to evade detection and ...
6 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing - PoC Released - Security researchers have released a proof-of-concept exploit demonstrating this high-severity flaw, which Microsoft patched in its March 2025 updates. Security experts recommend keeping all Microsoft products updated and implementing additional ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Threat Actors Exploiting DLL Side-Loading Vulnerability in Google Chrome to Execute Malicious Payloads - Cybersecurity researchers have identified a concerning new attack vector where threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 through DLL side-loading techniques. This sophisticated attack allows ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Cloudflare Launches Cloudforce One Threat Platform to Analyze IoCs, IP, Hashes, & Domains - By providing contextual information about cyber threats instead of isolated indicators, Cloudflare’s Cloudforce One threat events platform represents a significant advancement in operational threat intelligence, enabling security teams to ...
5 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Russian Seller Offering Record Breaking $4,000,000 for Telegram 0-Day Exploits - A Russian exploit brokerage firm, Operation Zero, has publicly announced bounties of up to $4 million for zero-day vulnerabilities in Telegram, signaling heightened state-sponsored interest in compromising the popular messaging app. The same ...
3 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Microsoft: New RAT malware used for crypto theft, reconnaissance - Last but not least, Microsoft says StilachiRAT allows command execution and potential SOCKS-like proxying using commands from a command-and-control (C2) server to the infected devices, which can let the threat actors reboot the compromised system, ...
6 days ago Bleepingcomputer.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

CVE-2025-30139 - An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's ...
5 days ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

CVE-2025-30141 - An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who ...
5 days ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

CVE-2025-30142 - An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC ...
5 days ago CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120

Crypto Exchange OKX Suspends Tool Used by North Korean Hackers to Steal Funds - Cryptocurrency exchange OKX has temporarily suspended its decentralized exchange (DEX) aggregator service following allegations that North Korea’s state-sponsored Lazarus Group exploited it to launder funds stolen from the recent Bybit hack. The ...
6 days ago Cybersecuritynews.com CVE-2023-34362 CVE-2025-0289 CVE-2025-0286 CVE-2025-0288 CVE-2025-22225 CVE-2025-22226 CVE-2025-22224 CVE-2024-56325 CVE-2025-24085 CVE-2025-24472 CVE-2025-2229 CVE-2024-41055 CVE-2024-50629 CVE-2024-10441 CVE-2025-23120