-
Critical vulnerabilities in Sitecore Experience Platform allow attackers to achieve complete system compromise through a sophisticated attack chain combining HTML cache poisoning with remote code execution capabilities. These flaws also enable attackers to enumerate cache keys and configuration details via the exposed ItemServices API, streamlining targeted exploitation. Key Takeaways1. CVE-2025-53693 lets attackers inject HTML via […] The post Sitecore CMS Platform Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Infostealer malware, initially designed to indiscriminately harvest credentials from compromised hosts, has evolved into a potent weapon for state-sponsored Advanced Persistent Threat (APT) groups. Emerging in early 2023, families such as RedLine, Lumma, and StealC quickly proliferated across phishing campaigns and malicious downloads. These infostealers cast wide nets, siphoning browser data, cookies, and system information, […] The post Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in ImageMagick, the widely used open-source image processing software, that could allow attackers to execute arbitrary code remotely. The vulnerability, tracked as CVE-2025-57803 with a se…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to redirect unsuspecting visitors to malicious infrastructure. Once redirected, users encountered counterfeit Cloudflare verification pages designed […] The post Amazon Dismantles Russian APT 29 Infrastructure Used to Attack Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are exploiting Windows Defender Application Control (WDAC) policies to systematically disable Endpoint Detection and Response (EDR) agents, creating a dangerous blind spot in corporate security infrastructure. Real-world threat actors, including ransomware groups like Black Basta, have now adopted a sophisticated attack technique originally developed as a proof-of-concept. Key Takeaways1. Attackers weaponize WDAC to block […] The post Hackers Leverage Windows Defender Application Control Policies to Disable EDR Agents appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative AI character enhancement tool that promises “meta” interactions between users and their virtual AI companions. […] The post AI Waifu RAT Attacking Users With Novel Social Engineering Techniques appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has begun rolling out the Windows 11, version 25H2 (Build 26200.5074) preview to the Release Preview Channel, offering enthusiasts and enterprise customers an early look at this year’s annual feature update ahead of general availability later…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
QNAP Systems has disclosed a critical security vulnerability in its legacy VioStor Network Video Recorder (NVR) firmware that could allow remote attackers to completely bypass authentication mechanisms and gain unauthorized system access. The vulnerability affects QVR firmware version 5.1.x running on legacy VioStor NVR Key Takeaways1. Two vulnerabilities allow remote authentication bypass and unauthorized file […] The post QNAP Vulnerability Let Attackers Bypass Authentication and Access Unauthorized Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed a dangerous evolution as Advanced Persistent Threat (APT) groups increasingly weaponize opportunistic infostealer malware for sophisticated espionage campaigns. What once served as broad-spectrum credential har…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
