-
With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI). This new open-source package integrates Google’s powerful Gemini AI directly into the terminal, offering penetration testers and security professionals an intelligent assistant designed to streamline and automate complex security workflows. […] The post Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations. Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating […] The post PoC Exploit Released for Sudo Vulnerability that Enables Attackers to Gain Root Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical use-after-free vulnerability, identified as CVE-2025-49844, has been discovered in Redis servers, enabling authenticated attackers to achieve remote code execution. This high-severity flaw affects all versions of Redis that utilize the Lua scripting engine, presenting a significant threat to a wide range of deployments that rely on the popular in-memory data store. The core […] The post Redis Server Vulnerability use-after-free Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Modern ransomware operations have evolved far beyond simple opportunistic attacks into sophisticated, multi-stage campaigns that exploit legitimate Remote Access Tools (RATs) to maintain stealth and persistence while systematically dismantling organiza…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated technique uncovered where threat actors abuse Amazon Web Services‘ X-Ray distributed tracing service to establish covert command and control (C2) communications, demonstrating how legitimate cloud infrastructure can be weaponized for malicious purposes. AWS X-Ray, designed to help developers analyze application performance through distributed tracing, has been repurposed by red team researchers into a […] The post Hackers Weaponize AWS X-Ray Service to Work as Covert Command & Control Server appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Redis Server that could allow authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine. The vulnerability, tracked as CVE-2025-49844, aff…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively […] The post How Windows Command-line Utility PsExec Can Be Abused To Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SpyCloud Labs analysts have successfully reverse-engineered Asgard Protector, a sophisticated crypter tool prominently used to hide malicious payloads from antivirus detection systems. This crypter has gained particular notoriety for being the preferre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
QNAP Systems has disclosed a critical security vulnerability in its NetBak Replicator software that could enable local attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-57714, stems from an unquoted search …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available. CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects […] The post PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
