-
Motex has disclosed a severe remote code execution vulnerability in its LANSCOPE Endpoint Manager On-Premise Edition. Assigned CVE-2025-61932, the flaw carries a CVSS 3.0 score of 9.8, classifying it as an emergency-level threat. This vulnerability could allow attackers to execute arbitrary code on affected systems, potentially leading to full compromise of endpoint devices. The issue […] The post LANSCOPE Endpoint Manager Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent surge in underground cybercrime chatter has shone a spotlight on Monolock Ransomware V1.0, as multiple posts on dark web forums claim that the malicious software is now available for purchase. Cybersecurity researchers monitoring illicit marke…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the past several months, cybersecurity researchers have observed a surge of fraudulent Chrome extensions masquerading as legitimate WhatsApp Web automation tools. These 131 rebranded clones, each presenting as distinct offerings, share an identical codebase designed to automate bulk messaging and scheduling without user consent. By injecting custom scripts directly into the WhatsApp Web interface, […] The post 131 Malicious Extensions Targeting WhatsApp Used Found in Chrome Web Store appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GlassWorm is the world’s first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle. First …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Web Services experienced a significant service disruption in its US-EAST-1 region that lasted nearly 24 hours, affecting over 140 services and causing widespread issues for customers worldwide. The outage began late on October 19, 2025, and was …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading of configs even during the two-factor authentication (2FA) process. Disclosed on August 14, 2025, the […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf—also tracked as YoroTrooper and Silent Lynx—executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP request/response smuggling. Released on October 14, 2025, this flaw affects developers relying on the popular […] The post Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting the npm ecosystem, where threat actors distributed the AdaptixC2 post-exploitation framework through a malicious package disguised as a legitimate proxy…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
