-
A critical vulnerability in HashiCorp Vault—tracked as CVE-2025-6203 and HCSEC-2025-24—has been disclosed that allows malicious actors to submit specially crafted payloads capable of exhausting server resources and rendering Vault instances unresponsiv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses a critical attack vector, effectively handing adversaries the keys to an organization’s cloud environment. During a recent cybersecurity …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a novel twist on the year-long trend of ClickFix scams, threat actors have blended human-verification social engineering with the Windows search protocol to deliver MetaStealer, a commodity infostealer notorious for harvesting credentials and exfilt…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code. These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security. Key Takeaways1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.2. Affects Snapdragon 8 […] The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments. This vulnerability centers around the exposure of appsettings.json files containing ClientId and ClientSecret credentials, effectively handing adversaries the keys to entire Microsoft 365 tenants. The vulnerability was identified during […] The post Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three disti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Nmap has remained at the forefront of network discovery and security assessment for nearly three decades. Originally introduced on September 1, 1997, in Phrack magazine as a modest, 2,000-line Linux-only port scanner, Nmap has since matured into a sprawling toolkit encompassing OS and version detection, scripting, packet crafting, and more. As Nmap celebrates its 28th […] The post 28 Years of Nmap – From Simple Port Scanner to Comprehensive Network Security Suite appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft announced that it will enforce mandatory multi-factor authentication (MFA) for all sign-in attempts to the Azure portal and other administrative interfaces. The new requirement, which builds on Microsoft’s long-standing commitment t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Wireshark Foundation today announced the release of Wireshark 4.4.9, delivering critical stability improvements and updates to its protocol dissectors. This incremental release, the ninth maintenance update in the 4.4 series, addresses a high-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new keylogger malware dubbed “TinkyWinkey” that is targeting Windows systems with advanced stealth capabilities and comprehensive data exfiltration features. First observed in late June 2025, this malware represents a signif…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
