-
Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual users worldwide. The flaw, now tracked as CVE-2025-34299, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
QNAP has addressed seven critical zero-day vulnerabilities in its network-attached storage (NAS) operating systems, following their successful exploitation by security researchers at Pwn2Own Ireland 2025. These flaws, identified as CVE-2025-62847, CVE-2025-62848, CVE-2025-62849, and associated ZDI canonical entries ZDI-CAN-28353, ZDI-CAN-28435, ZDI-CAN-28436, enable remote code execution (RCE) and privilege escalation attacks against QTS 5.2.x, QuTS hero h5.2.x, […] The post Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated spyware operation targeting Samsung Galaxy devices, dubbed LANDFALL, which exploited a zero-day vulnerability to infiltrate phones through seemingly innocuous images shared on WhatsApp. This campaign, active since mid-2024, allowed attackers to deploy commercial-grade Android malware capable of full device surveillance without user interaction. The discovery underscores ongoing threats from state-linked surveillance tools in […] The post Hackers Hijack Samsung Galaxy Phones via 0-Day Exploit Using a Single WhatsApp Image appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Active Directory sites are designed to optimize network performance across geographically separated organizations by managing replication and authentication across multiple locations. The Synacktiv security researchers have demonstrated that these supposedly safe network management tools can be weaponized to launch powerful attacks against enterprise environments. The vulnerability emerges because Active Directory sites can be linked to […] The post Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Congressional Budget Office (CBO), which serves as Congress’s official financial advisor, has been targeted in a suspected cyberattack by suspected foreign actors. The breach exposed sensitive financial research data that lawmakers rely on to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a dangerous attack vector targeting Active Directory Sites, a critical yet often overlooked component of enterprise network infrastructure. According to a recent technical analysis by Quentin Roland, attackers can e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have developed a new technique that leverages call gadgets to insert arbitrary modules into the call stack during module loading, successfully bypassing Elastic EDR’s signature-based detection rules. Openness in Elastic EDR Detecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The OPNsense project has released version 25.7.7, delivering critical security improvements and performance enhancements to strengthen enterprise firewall deployments. This update represents a significant step forward in addressing infrastructure vulne…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently disclosed vulnerability in the Amazon WorkSpaces client for Linux exposes a critical security flaw that could allow attackers to gain unauthorized access to user environments due to improper handling of authentication tokens. The issue, trac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
