-
SonicWall, a global cybersecurity company, confirmed that state-sponsored hackers were behind a recent incident involving unauthorized access to firewall backup files. The breach began in early September, when the company detected suspicious activity involving the download of backup firewall configuration files stored in a cloud environment. Upon discovery, SonicWall quickly activated its incident response plan, […] The post SonicWall Confirms State-Sponsored Hackers Behind the Massive Firewall Backup Breach appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution (RCE) flaw in three official extensions for Anthropic’s Claude Desktop. These vulnerabilities, affecting the Chrome, iMessage, and Apple Notes connectors, stem from unsanitized command injection and carry a high severity score of CVSS 8.9. Published and promoted directly by Anthropic at the top of their extension marketplace, the flaws could […] The post Critical RCE Vulnerabilities in Claude Desktop Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has issued a critical warning about ongoing attacks targeting a severe remote code execution vulnerability affecting its Secure Firewall, Adaptive Security Appliance, and Threat Defense Software. The company updated its security advisory on Novem…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In the early hours of November 3, 2025, Check Point Research’s blockchain threat monitoring systems flagged a suspicious pattern on the Ethereum mainnet. The alert stemmed from Balancer V2’s Vault contract, which soon revealed one of the most devastati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On November 3, 2025, blockchain security monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. An attacker executed a precision loss vulnerability to drain $128.64 million across six blockchain networks in under 30 minutes. The attack leveraged a rounding error in the _upscaleArray function combined with carefully crafted batchSwap operations, allowing the attacker […] The post Checkpoint Details on How Attackers Drained $128M from Balancer Pools Within 30 Minutes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has issued a critical security advisory addressing two severe vulnerabilities in its Unified Contact Center Express (CCX) platform that could enable remote attackers to execute arbitrary commands and gain unauthorized system access. The vulnerabi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a sophisticated new malware family, Airstalk, that exploits VMware’s AirWatch API—now known as Workspace ONE Unified Endpoint Management—to establish covert command-and-control channels. The discovery represen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges. The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments. RCE and Authentication Bypass Vulnerability The primary vulnerability, CVE-2025-20354, has a critical […] The post Cisco Unified Contact Center Express Vulnerabilities Let Remote Attacker Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
