-
In a recently uncovered campaign, the Mysterious Elephant advanced persistent threat (APT) group has executed a sophisticated series of intrusions against government and foreign policy agencies across the Asia-Pacific region. The latest operations, act…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Since its public debut in October 2025, nightmare has quickly become a vital tool for malware analysts seeking to streamline static and dynamic analysis workflows. Developed by Elastic Security Labs, nightmare brings together mature open-source reverse engineering components under a unified Python API. Rather than forcing users to juggle disparate dependencies, nightmare leverages Rizin via […] The post New nightMARE Python Library to Analyze Malware and Extract Intelligence Indicators appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has disclosed a critical vulnerability in its ActiveMQ NMS AMQP Client that could allow attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2025-54539, this deserialization flaw poses a serious risk to applications relying on the client for messaging over AMQP protocols. The issue was publicly detailed in an advisory […] The post Critical Apache ActiveMQ Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An important security flaw in Apache ActiveMQ’s .NET client library has put developers at risk of remote code execution. The vulnerability, tracked as CVE-2025-54539, exists in the Apache ActiveMQ NMS AMQP Client and can be triggered when the client co…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Netcraft recently uncovered a suspicious URL targeting GMO Aozora Bank, a Japanese financial institution. The URL leveraged a legacy web technique—Basic Authentication URL formatting—to visually impersonate the bank and deceive customers. This discover…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two newly disclosed vulnerabilities in Microsoft’s BitLocker drive encryption feature could allow attackers to bypass encryption safeguards on Windows systems. Tracked as CVE-2025-55333 and CVE-2025-55338, these flaws involve incomplete comparison logi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager Forms vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The secur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Samba has disclosed a severe remote code execution (RCE) flaw that could allow attackers to hijack Active Directory domain controllers. Tracked as CVE-2025-10230, the vulnerability stems from improper validation in the Windows Internet Name Service (WINS) hook mechanism, earning a perfect CVSS 3.1 score of 10.0 for its ease of exploitation and devastating potential impact. […] The post Critical Samba RCE Vulnerability Enables Arbitrary Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified as Katz Stealer Loader for its role in dep…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in Adobe Experience Manager Forms, urging organizations to patch immediately. Tracked as CVE-2025-54253, this flaw affects the Java Enterprise Edition (JEE) version of the software and enables attackers to execute arbitrary code on vulnerable systems. First disclosed […] The post CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
