-
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of su…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems. The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution […] The post Mozilla High Severity Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Kali Linux has announced a major overhaul of its Vagrant virtual machine distribution system, transitioning from HashiCorp’s Packer to the DebOS build system for creating pre-configured command-line accessible VMs. This strategic shift unifies Ka…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has released Firefox 142 to address multiple critical security vulnerabilities that could enable remote attackers to execute arbitrary code on affected systems. The Mozilla Foundation Security Advisory 2025-64, announced on August 19, 2025, det…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks. The vulnerability, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” affects the second most widely used QUIC implementation globally, potentially impacting over 34% of HTTP/3-enabled websites that rely on LiteSpeed technologies. Key Takeaways1. CVE-2025-54939 allows remote DoS via […] The post New QUIC-LEAK Vulnerability Let Attackers Exhaust Server Memory and Trigger DoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft announced on August 20, 2025, a significant enhancement to its Microsoft 365 administrative capabilities with the introduction of new tenant-level controls for managing org-wide sharing links for user-built Copilot agents. This feature, sched…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Static Tundra, a Russian state-sponsored threat actor connected to the FSB’s Center 16 unit, has been responsible for a sustained cyber espionage effort, according to information released by Cisco Talos. Operating for over a decade, this group sp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a critical series of vulnerabilities in Commvault’s backup and data management software that could enable attackers to achieve remote code execution and compromise on-premises infrastructure. The flaws, discove…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers are highlighting a dangerous attack technique that combines rogue IPv6 configuration with NTLM credential relay to achieve complete Active Directory domain compromise, exploiting default Windows configurations that most organi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA issued four comprehensive Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting serious vulnerabilities affecting critical infrastructure sectors including energy and manufacturing. These advisories detail exploitable vulnerabilities with CVSS scores ranging from 5.8 to 9.8, requiring immediate attention from system administrators and security professionals. Key Takeaways1. CISA issued four ICS advisories for Siemens, […] The post CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
