-
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts. Tracked as CVE-2024-58260, this vulnerability affects Rancher Manager versions 2.9.0 through 2.12.1, enabling both username takeover and full lockout of the admin account. Organizations running unsupported versions are urged to upgrade immediately or […] The post SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malvertising campaign has been targeting organizations through a weaponized Microsoft Teams installer that delivers the dangerous Oyster malware, according to a recent investigation by cybersecurity experts. The attack demonstrates an a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Forensic-Timeliner is a fast, open-source command-line tool designed to help digital forensics and incident response (DFIR) teams quickly build a unified timeline of Windows artifacts. By automatically collecting, filtering, and merging CSV output from…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Acreed emerged in early 2025 as a lean, stealthy infostealer that quickly gained favor among Russian-speaking cybercriminal forums. First spotted on February 14, 2025, bundled with log packages sold by the threat actor “Nuez,” Acreed distinguishes itself from bulkier rivals by producing minimalistic logs that avoid revealing infection vectors. In several incidents analyzed by Intrinsec […] The post Acreed Infostealer Used Widely by Cybercriminals With C2 Via Steam Platform appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Olymp Loader, a newly emerged Malware-as-a-Service (MaaS) offering, has rapidly gained traction across underground forums and Telegram since its debut on June 5, 2025. Developed by a trio of seasoned Assembly coders under the alias “OLYMPO,” the loader…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the open source Formbricks experience management toolbox allows attackers to reset any user’s password without authorization. Published three days ago as advisory GHSA-7229-q9pv-j6p4 by maintainer mattinannt, the f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals expand malvertising campaigns from Facebook to Google Ads and YouTube, hijacking accounts to distribute crypto-stealing malware targeting financial platform users worldwide. A sophisticated malvertising campaign that initially targeted F…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw discovered in Formbricks, an open-source experience management platform, demonstrates how missing JWT signature verification can lead to complete account takeovers. The vulnerability tracked as CVE-2025-59934 affects all versions prior to 4.0.1 and stems from improper token validation that uses jwt.decode() instead of jwt.verify(), allowing attackers to bypass authentication controls entirely. The […] The post Formbricks Signature Verification Vulnerability Let Attackers Reset User Passwords Without Authorization appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Windows heap management demonstrates how improper handling of record-size fields enables arbitrary memory read and write operations. Suraj Malhotra shared a detailed exploitation technique leveraging the Low Fragmentation Heap (LFH) mechanism to achieve code execution on Windows systems. Windows Heap Exploitation Vulnerability The Windows NT Heap operates through FrontEnd and BackEnd […] The post Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, a sophisticated phishing campaign has emerged, targeting organizations in Ukraine with malicious Scalable Vector Graphics (SVG) files designed to propagate the PureMiner cryptominer and a data-stealing payload dubbed Amatera Stealer. Attackers masquerade as the Ukrainian police, sending emails that claim recipients have pending appeals. When victims open the attached SVG, it triggers […] The post Hackers Weaponizing SVG Files to Deliver PureMiner Malware and Steal Sensitive Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
