-
Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthorized access. This implant, first spotted in variations since October 2023, has seen renewed exploitation throughout 2024 and into 2025, exploiting the critical CVE-2023-20198 vulnerability in the software’s […] The post Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly began abusing it after proof-of-concept code became publicly available on GitHub. Sophos telemetry […] The post Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced enhanced artificial intelligence protections designed to combat the rising tide of mobile scams affecting billions of users worldwide. The company revealed that fraudsters stole over $400 billion globally in the past year using adv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Progress Software has released critical security patches addressing a high-severity vulnerability affecting MOVEit Transfer, a widely used enterprise file transfer solution. The vulnerability, tracked as CVE-2025-10932, carries a CVSS score of 8.2 and impacts the AS2 module across multiple product versions. The uncontrolled resource consumption vulnerability in MOVEit Transfer’s AS2 module could allow attackers to […] The post Progress Patches MOVEit Transfer Uncontrolled Resource Consumption Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting XWiki Platform to its Known Exploited Vulnerabilities catalog, highlighting the urgent security threat posed by an eval injection flaw. This vulner…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In mid-2025, Secureworks Counter Threat Unit (CTU) researchers uncovered a sophisticated cyber campaign where Chinese state-sponsored threat actors from the BRONZE BUTLER group exploited a critical zero-day vulnerability in Motex LANSCOPE Endpoint Mana…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Progress Software has released security patches to address a high-severity vulnerability in its MOVEit Transfer platform discovered on October 29, 2025. The flaw, tracked as CVE-2025-10932, affects the AS2 module and allows attackers to consume sy…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyber espionage campaign targeting European diplomatic institutions has been uncovered, signaling a strategic escalation by Chinese-affiliated threat actor UNC6384. Central to this campaign is the exploitation of the Windows shortcut (L…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarm over active exploitation of a critical privilege escalation vulnerability affecting Broadcom’s VMware Tools and VMware Aria Operations. Tracked as CVE-2025-41244, this 0…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
