-
A critical zero-day vulnerability in several Sitecore products could allow attackers to execute code remotely. The vulnerability, identified as CVE-2025-53690, stems from a ViewState deserialization flaw and is being actively exploited in the wild. The investigation by Mandiant revealed that attackers are leveraging exposed ASP.NET machine keys that were included in Sitecore deployment guides from […] The post Google Warns of Zero-Day Vulnerability in Sitecore Products Allowing Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Within hours of its release, the newly unveiled framework Hexstrike-AI has emerged as a game-changer for cybercriminals, enabling them to scan, exploit and persist inside targets in under ten minutes. Hexstrike-AI, a red-team tool, quickly tu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three disti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Kevin Beaumont has revealed alarming details about CVE-2025-6543, a critical Citrix NetScaler vulnerability that was actively exploited as a zero-day attack for months before the company issued patches. What Citrix initially downpla…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
FreePBX administrators worldwide have been urged to immediately disable public internet access to their systems after a critical 0-day vulnerability was discovered in the commercial Endpoint Manager module. The Sangoma FreePBX Security Team confirmed t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day vulnerability in the ImageIO framework that has been actively exploited in sophisticated targeted attacks. This represents the seventh zero-day vulnerability that Apple has patched in 2025, underscoring the persistent and escalating threat landscape facing iOS and macOS devices. The vulnerability’s addition to CISA’s […] The post Analysis of Apple’s ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-77…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compression utilities. CVE-2025-6218 and CVE-2025-8088 represent sophisticated attack vectors that have enabled threat actors to achieve remote code execution and establish persistent access to compromised systems through maliciously crafted archive […] The post WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of su…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-2025–31324. This flaw stems from a missing aut…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
