-
A critical remote code execution vulnerability affecting XWiki’s SolrSearch component has become the target of widespread exploitation attempts, prompting cybersecurity authorities to add it to their watchlist. The flaw allows attackers with minimal guest privileges to execute arbitrary commands on vulnerable systems, posing a significant security risk to organizations using this open-source enterprise wiki platform. […] The post Hackers Actively Scanning Internet to Exploit XWiki Remote Code Execution Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has issued a critical security alert for Android devices, highlighting a severe zero-click vulnerability in the system’s core components that could allow attackers to execute malicious code remotely without any user interaction. Disclosed in the November 2025 Android Security Bulletin, this flaw affects multiple versions of the Android Open Source Project (AOSP) and underscores […] The post Critical Android 0-Click Vulnerability in System Component Allows Remote Code Eexecution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is rolling out a significant security enhancement for its Authenticator app starting February 2026, introducing jailbreak and root detection capabilities that will automatically wipe Microsoft Entra credentials from compromised devices. This …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity threat landscape shifted dramatically on October 30, 2025, when security researchers monitoring honeypot infrastructure detected a significantly evolved variant of the RondoDox botnet. The updated malware now features 75 distinct expl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The decentralised finance (DeFi) ecosystem was rocked by a significant exploit targeting Balancer, one of the leading DeFi platforms. The breach specifically impacted Balancer’s V2 Composable Stable Pools, resulting in losses that reportedly exceed $10…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a dangerous remote access trojan called SleepyDuck lurking in the Open VSX IDE extension marketplace, targeting developers who use code editors like Cursor and Windsurf. The malicious extension masqueraded as a legi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for the notorious Rhysida ransomware gang. The Rhysida ransomware operation has targeted enterprises since emerging from […] The post Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Network appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks. The Rhysida gang…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has acknowledged a critical issue affecting Windows Server 2025 systems enrolled in the Hotpatch program. A recent Windows Server Update Services (WSUS) patch was inadvertently distributed to machines configured to receive Hotpatch updates, c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
