-
SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve remote code execution (RCE). The flaw, tracked as CVE-2025-26399, carries a critical severity rating of 9.8 out of 10, highlighting the severe risk it poses to affected systems. The vulnerability […] The post SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released comprehensive guidance for implementing certificate-based authentication in Windows Admin Center (WAC), providing administrators with enhanced security through smart card integration and Active Directory Certificate Services. Thi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors were manipulating the Instance Metadata Service (IMDS), a core component designed to securely furnish compute instances with temporary credentials to infiltrate and navigate cloud infrastructures. By compelling unsuspecting applications to query IMDS endpoints, attackers harvest short-lived tokens, enabling credential theft, lateral movement, and privilege escalation within victim environments. Exploit IMDS Service Wiz reports […] The post Hackers Exploits IMDS Service to Gain Initial Access to a Cloud Environment appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel npm package named fezbox has been uncovered by the Socket Threat Research Team as a sophisticated malware delivery mechanism that exfiltrates username and password credentials from browser cookies via an embedded QR code. Published under the np…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant transformation from its original banking-focused purpose to become a dangerous tool for initial access and ransomware deployment in corporate env…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the npm ecosystem. “GitHub Enhances npm’s security with strict authentication, granular tokens, and trusted publishing” marks the latest milestone in defending open source against account takeovers and malicious post-install payloads. Account […] The post GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and Trusted Publishing appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
These fake online speedtest applications prey on users seeking to measure their internet performance, yet they harbor hidden payloads that compromise system integrity and privacy. Much like the previously analyzed Fake Manual Reader and Finder software…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in SolarWinds Web Help Desk (WHD) could allow attackers to escalate privileges and execute arbitrary code on affected systems. SolarWinds has released Web Help Desk 12.8.7 Hotfix 1 to address CVE-2025-26399, a deserialization f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Digital Charging Solutions GmbH (DCS), a leading provider of white-label charging services for automotive OEMs and fleet operators, has confirmed a data breach affecting a limited number of its customers. DCS disclosed that unauthorized access to personal data occurred in the course of its customer-support processes. The incident was detected through irregularities in log data and […] The post EV Charging Provider Confirm Data Breach – Customers Personal Data Exposed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known as search engine optimization (SEO) poisoning. Palo Alto Networks uncovered the operation in March 2025, attributing it with high confidence to a Chinese-speaking threat actor who uses a malicious IIS […] The post Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
