Cyber Security News – Page 8

BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records

A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termi…

·

CVE/vulnerability, Cyber Security News

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments

A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential…

·

cyber security, Cyber Security News, Phishing

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages

Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from…

·

cyber security, Cyber Security News, Linux

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure

JA3 fingerprinting, long dismissed as outdated technology, is experiencing a resurgence as security teams discover its practical value in identifying and tracking malicious infrastructure with surprising precision. Despite widespread skepticism about J…

·

cyber security, Cyber Security News

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning

CISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV) catalog. Added on January 21, 2026, this flaw affects multip…

·

Cyber Security News, Zero-Day

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments

Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. …

·

CVE/vulnerability, cyber security, Cyber Security News

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Node.js binary-parser Library Flaw Enables Malicious Code Injection

A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affect…

·

CVE/vulnerability, Cyber Security News

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover

Threat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining a…

·

Cyber security Course, Cyber Security News, vulnerability

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access

Cisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM…

·

Cisco, Cyber Security News, Zero-Day

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New ClickFix Campaign Exploits Fake Verification Pages to Hijack Facebook Sessions

A sophisticated ClickFix campaign targeting Facebook users has been identified, leveraging social engineering to extract live session credentials directly from victims’ browsers. Unlike traditional phishing exploits that rely on software vulnerab…

·

cyber security, Cyber Security News, FACEBOOK

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

1010.cx

1010.cx

Category: Cyber Security News

BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records

PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments

Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages

JA3 Fingerprinting Tool Exposes Attackers’ Infrastructure

Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning

Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments

Node.js binary-parser Library Flaw Enables Malicious Code Injection

Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover

Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access

New ClickFix Campaign Exploits Fake Verification Pages to Hijack Facebook Sessions