-
SpyCloud Labs analysts have successfully reverse-engineered Asgard Protector, a sophisticated crypter tool prominently used to hide malicious payloads from antivirus detection systems. This crypter has gained particular notoriety for being the preferre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
QNAP Systems has disclosed a critical security vulnerability in its NetBak Replicator software that could enable local attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-57714, stems from an unquoted search …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available. CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects […] The post PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Red team researchers have unveiled XRayC2, a sophisticated command-and-control framework that weaponizes Amazon Web Services’ X-Ray distributed application tracing service to establish covert communication channels. This innovative technique demo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape continues to evolve as threat actors behind the WARMCOOKIE backdoor malware have significantly enhanced their capabilities, introducing new features and maintaining active development despite law enforcement disruptions. The…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle has issued an urgent security alert for a critical zero-day vulnerability affecting Oracle E-Business Suite that allows remote code execution without authentication. The vulnerability, tracked as CVE-2025-61882, has now received public proof-of-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit has been released for CVE-2025-32463, a critical local privilege escalation vulnerability affecting the Sudo binary that allows attackers to gain root access on Linux systems. The flaw was discovered by security researcher Ri…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to steal sensitive data from victims’ email accounts. The attacks were first identified by StrikeReady, which […] The post Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, […] The post New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […] The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
