-
A critical zero-day vulnerability in Samsung’s flagship Galaxy S25 smartphone was successfully exploited at Pwn2Own Ireland 2025, demonstrating how attackers could silently activate the device’s camera and track a user’s real-time loc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The group’s sophisticated attack infrastructur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive informat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China, this advanced persistent threa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to gain full administrator access. These issues were patched in the October 2025 cumulative update, but […] The post Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In its October 2025 Patch Tuesday release, Microsoft addressed a staggering 172 security vulnerabilities across its vast ecosystem, with four zero-day flaws stealing the spotlight, two of which are already being exploited in the wild. This massive secu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary involvement to the GRACEFUL SPIDER threat group and wa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day vulnerabilities affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) platforms. At the center of this security crisis lies CVE-2025-20333, a devastating remote code execution vulnerability with a CVSS score of 9.9, which sophisticated state-sponsored threat actors […] The post Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
