-
Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated exploitation effort. On 28 September, security researchers at GreyNoise detected a sudden spike in attempts to exploit CVE-2021-43798, a path traversal flaw that permits arbitrary file reads on unpatched instances. Over the course of a single day, […] The post Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical security flaws have been discovered in the TOTOLINK X6000R wireless router, exposing users to severe risks of remote code execution and unauthorized system access. These vulnerabilities affect the router’s web interface and various administrative functions, creating multiple attack vectors that malicious actors can exploit to gain complete control over affected devices. The discovery highlights […] The post TOTOLINK X6000R Router Vulnerabilities Let Remote Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently. The vulnerability, detailed in security advisory DSA-2025-005 released on October 2, 2025, is classified as […] The post DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn comprom…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Chinese-speaking cybercrime group UAT-8099 has been stealthily breaching valuable Internet Information Services (IIS) servers in India, Thailand, Vietnam, Canada, and Brazil to carry out extensive search engine optimization (SEO) fraud. This campaign, which began surfacing in early 2025, leverages web shells, open-source hacking utilities, Cobalt Strike, and bespoke BadIIS malware to manipulate search rankings […] The post Chinese Hackers Compromising High-Value IIS Servers to Manipulate Search Rankings appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed a dramatic evolution in attack methodologies, with fileless malware emerging as one of the most sophisticated and dangerous threats facing organizations today. Unlike traditional malware that relies on executable files stored on disk, fileless attacks operate exclusively in memory, leveraging legitimate system tools to achieve their malicious objectives while remaining […] The post How Fileless Malware Differs From Traditional Malware Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical infrastructure organizations through fake webmail portal…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at GreyNoise observed a sudden spike in attempts to exploit a well-known Grafana flaw. This vulnerability, tracked as CVE-2021-43798, allows attackers to traverse paths on a server and read any file they choose. Over the course of a single …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as Netlify, pages.dev, and workers.dev to serve fake login pages tailored to government and military targets […] The post SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the malware not only establishes a foothold on the host system but also hijacks active WhatsApp […] The post Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
