1010.cx

1010.cx

/

Archive

/

Category: cyber security

  • PoC Published for Sudo Flaw Lets Attackers Escalate to Root

    A proof-of-concept exploit has been released for CVE-2025-32463, a critical local privilege escalation vulnerability affecting the Sudo binary that allows attackers to gain root access on Linux systems. The flaw was discovered by security researcher Ri…

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files

    A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to steal sensitive data from victims’ email accounts. The attacks were first identified by StrikeReady, which […] The post Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data

    A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, […] The post New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code

    Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform.  The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […] The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users

    Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms.  This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically structured to […] The post Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click

    A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft.  Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL to extract sensitive user data without requiring any traditional credential theft or malicious webpage content. […] The post New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked

    A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs. The incident did not compromise Discord’s main systems, and the unauthorized access was limited to data handled by the company’s support teams. Discord announced […] The post Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Top 10 Best End-to-End Threat Intelligence Companies in 2025

    In 2025, businesses face growing challenges in securing their digital assets, networks, and sensitive data. The rise in sophisticated cyberattacks has made end-to-end threat intelligence solutions one of the most critical investments for enterprises, g…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Top 10 Best Supply Chain Intelligence Security Companies in 2025

    The digital world continues to face growing threats around software vulnerabilities, data breaches, and cyber supply chain attacks. As companies rely more heavily on open-source software, third-party code, and cloud-native applications, the need for supply chain intelligence security solutions has never been greater. In 2025, organizations must adopt highly reliable platforms that provide visibility, compliance, […] The post Top 10 Best Supply Chain Intelligence Security Companies in 2025 appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site

    A cybercrime collective known as Scattered LAPSUS$ Hunters has launched a new data leak site on the dark web, claiming it holds nearly one billion records from Salesforce customers. The group is orchestrating a widespread blackmail campaign, setting a ransom deadline of October 10, 2025. They have threatened to publish sensitive data and technical details […] The post Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶