-
NVIDIA has issued a critical security update addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute malicious code and escalate privileges on affected systems. The vulnerabilities, tracked as CVE-2025-23361 and CVE-2025-33178, both carry a CVSS score of 7.8 and affect all versions of the NeMo Framework before version 2.5.0 across […] The post NVIDIA NeMo Framework Vulnerabilities Allows Code Injection and Privilege Escalation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The SmartApeSG campaign, also known as ZPHP or HANEY MANEY, continues to evolve its attack methods to compromise Windows systems with malicious remote access tools. First reported in June 2024, this campaign has shifted from using fake browser update pages to deploying sophisticated ClickFix-style techniques. The new approach tricks users into thinking they need to […] The post SmartApeSG Campaign Leverages ClickFix Technique to Deploy NetSupport RAT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems. This vulnerability CVE-2025-20341 …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed critical security vulnerabilities affecting Cisco Unified Contact Center Express (Unified CCX) that could enable unauthenticated, remote attackers to execute arbitrary commands, escalate privileges to root, and bypass authentication…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic Security Labs has uncovered a sophisticated campaign deploying a newly identified loader, dubbed RONINGLOADER, that weaponizes legitimately signed kernel drivers to systematically disable Microsoft Defender and evade endpoint detection and resp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a critical vulnerability in Cursor, the AI-powered code editor, that allows attackers to inject malicious code through rogue Model Context Protocol (MCP) servers. Unlike VS Code, Cursor lacks integrity checks on its …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Jamf Threat Labs has identified a new family of malicious stealers tracked as DigitStealer, representing a significant evolution in macOS-targeted malware. Unlike traditional infostealers that follow linear execution paths, DigitStealer introduced soph…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors abuse legitimate JSON storage services to deliver malware to software developers. The campaign, known as Contagious Interview, represents a significant shift in how attackers are concealing malicious payloads within seemingly legitimate development projects. By exploiting platforms such as JSON Keeper, JSONsilo, and npoint.io, threat actors […] The post Threat Actors Leverage JSON Storage Services to Host and Deliver Malware Via Trojanized Code Projects appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
