-
The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliber…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as CVE-2025-59282, the vulnerability affects the Inbox COM Objects handling global memory, stemming from a race condition and use-after-free error. Announced on October 14, 2025, it carries […] The post Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The China-backed advanced persistent threat group Flax Typhoon maintained year-long access to an ArcGIS system by turning trusted software into a persistent backdoor—an attack so unique it prompted the vendor to update its documentation. The attackers …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Veeam Software has disclosed three serious security flaws in its Backup & Replication suite and Agent for Microsoft Windows, which enable remote code execution and privilege escalation, potentially compromising enterprise backup infrastructures. These vulnerabilities, patched in recent updates, primarily affect domain-joined systems in version 12 of the software. Organizations are urged to apply fixes immediately […] The post Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance, feature updates, and security patches for one of t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems. Disclosed on October 14, 2025, as CVE-2025-58718, the vulnerability stems from a use-after-free error, earning an “Important” severity rating. While not yet exploited in the wild, security experts warn that it poses a […] The post Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered critical vulnerabilities in signed UEFI shells that allow attackers to completely bypass Secure Boot protections on approximately 200,000 Framework laptops and desktops. These flaws expose a fundamental weakness in f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems. The patch is included in version 141.0.7390.107 for Linux and 141.0.7390.107/.108 for Windows and macOS, which began deploying to the Stable channel this week. Full release notes […] The post Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have unveiled a sophisticated new attack technique dubbed “Pixnapping” that can extract two-factor authentication codes from Google Authenticator and other sensitive mobile applications in under 30 seconds. Pixnapping l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited syste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
