-
A sophisticated intrusion in which threat actors co-opted the legitimate, open-source Velociraptor digital forensics and incident response (DFIR) tool to establish a covert remote access channel. This represents an evolution from the long-standing tactic of abusing remote monitoring and management (RMM) utilities, with attackers now repurposing DFIR frameworks to minimize custom malware deployment and evade […] The post Threat Actors Abuse Velociraptor Incident Response Tool to Gain Remote Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of NX-OS Software for Cisco Nexus 3000 and 9000 Series switches. Tracked as CVE-2025-20241 with a CVSS base score of 7.4, the flaw could allow an unauthenticated, Layer 2-adjacent attacker to send a malformed IS-IS […] The post Cisco Nexus 3000 and 9000 Series Vulnerability Let Attackers Trigger DoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated Management Controller (IMC). Tracked as CVE-2025-20317 with a CVSS 3.1 base score of 7.1, the vulnerability could enable an unauthenticated remote attacker to redirect administrators or users of affected devices to malicious websites, potentially capturing credentials through […] The post Cisco IMC Virtual Keyboard Video Monitor Let Attacker Direct User to Malicious Website appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the public internet. With active compromises detected since August 21, 2025, admins must act immediately to […] The post FreePBX Servers Hacked in 0-Day Attack – Admins are Urged to Disable Internet Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over 1,400 developers discovered today that a malicious post-install script in the popular NX build kit silently created a repository named s1ngularity-repository in their GitHub accounts. This repository contains a base64-encoded dump of sensitive data wallet files, API keys, .npmrc credentials, environment variables, and more harvested directly from developers’ file systems. Key Takeaways1. Malware in […] The post NX Build Tool Hacked with Malware That Checks for Claude or Gemini to Find Wallets and Secrets appeared first on Cyber Security…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has released a comprehensive cybersecurity advisory detailing a widespread espionage campaign by People’s Republic of China (PRC) state-sponsored actors targeting critical networks worldwide. The 37-page report, “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed […] The post CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide. The flaw, designated CVE-2025-40779, allows remote attackers to crash DHCP services with just a single maliciously crafted packet, potentially disrupting network operations across entire organizations. The vulnerability affects multiple versions of the Kea DHCP […] The post Kea DHCP Server Vulnerability Let Remote Attacker With a Single Crafted Packet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Citrix NetScaler systems, designated as CVE-2025-7775. This memory overflow vulnerability enables remote code execution (RCE) and has been actively exploited by malicious cyber actors, prompting immediate inclusion in CISA’s Known Exploited Vulnerabilities (KEV) Catalog on August 26, 2025. Key Takeaways1. Citrix NetScaler zero-day […] The post CISA Warns of Citrix Netscaler 0-day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog. The Shadowserver Foundation discovered that as of August 26, […] The post 28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability affecting CrushFTP file transfer servers. The flaw enables remote attackers to gain administrative privileges through a race condition in AS2 validation processing, circumventing authentication mechanisms entirely. Key Takeaways1. Race-condition exploit lets attackers bypass CrushFTP authentication.2. Public PoC on GitHub confirms […] The post PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309) appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
