-
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. Aft…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity community has raised a serious alarm following the recent daily reporting of vulnerable WatchGuard devices impacted by a major security flaw. According to new data published on October 18, 2025, security researchers at Shadowserver ob…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Microsoft Windows Cloud Minifilter has been patched, addressing a race condition that allowed attackers to escalate privileges and create files anywhere on the system. The vulnerability, tracked as CVE-2025-55680, w…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on October 20, 2025, highlighting a severe vulnerability CVE-2025-33073 in Microsoft’s Windows SMB Client. Dubbed an improper access control flaw, this vulnerability tracked under CVE details yet to be fully specified poses a significant risk of privilege escalation for attackers worldwide. As cyber threats […] The post CISA Warns of Windows SMB Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS. The flaw, tracked as CVE-2025-9242, stems from an out-of-bounds write vulnerability in the IKEv2 implementation, potentially allowing remote attackers to execute arbitrary code without authentication. Disclosed earlier this year, the issue highlights the dangers of unpatched firewalls in […] The post 71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A catastrophic Amazon Web Services (AWS) outage struck on October 20, 2025, bringing down major platforms like Snapchat, Amazon Prime Video, and Canva, and revealing the internet’s dangerous dependence on a single cloud provider. Starting at 12:11 a.m….
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of spamware targeting WhatsApp Web users has emerged, as the Socket Threat Research Team revealed the discovery of 131 malicious Chrome extensions actively flooding the Chrome Web Store. These extensions are not conventional malware, but fun…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware. The threat actors impersonate government departments to trick users into opening malicious documents that infect Micr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-click vulnerability in Dolby Digital Plus (DDP) audio decoding software has been disclosed, allowing attackers to execute malicious code remotely via seemingly innocuous audio messages. Google Project Zero’s Ivan Fratric and Natalie Silvanovich have identified an out-of-bounds write flaw in the DDPlus Unified Decoder, which processes evolution data in audio files. This bug […] The post Dolby Digital Plus 0-Click Vulnerability Enables RCE Attack via Malicious Audio on Android appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions. The flaw, rated 7.8 (High) on the CVSS scale, allows local attack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
