Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver devastating payloads that compromise user credentials and sensitive data.paste.txt The infection chain begins when users […]
Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges.
The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016, 2017, 2019, and 2022.
This vulnerability stems from improper handling of special characters in SQL commands, creating an opening for SQL injection attacks that can compromise database security.
The vulnerability carries a CVSS score of 8.8, marking it as a high-severity issue that requires immediate attention from system administrators.
An attacker with low-level access can exploit this flaw over a network without any user interaction, making it particularly dangerous for exposed database servers.
The issue affects the confidentiality, integrity, and availability of SQL Server systems, potentially allowing unauthorized access to sensitive data and system controls.
Microsoft security researchers identified this vulnerability as a SQL injection weakness classified under CWE-89.
The flaw allows authorized users with limited privileges to inject malicious T-SQL commands through specially crafted database names.
When successfully exploited, attackers can execute arbitrary commands with elevated permissions, potentially gaining complete control over the database system.
Attack Mechanism
The vulnerability works by exploiting how SQL Server processes database names in queries. Attackers can craft malicious database names containing special SQL characters that are not properly sanitized by the server.
When these crafted names are processed, the injected T-SQL commands execute with the privileges of the process running the query.
If the process runs with sysadmin privileges, the attacker gains full administrative control over the entire SQL Server instance, allowing them to read, modify, or delete any data, create new accounts, or execute system-level commands.
Vulnerability Details:-
Property
Details
CVE ID
CVE-2025-59499
Vulnerability Type
SQL Injection (CWE-89)
CVSS Score
8.8 (High)
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Severity
Important
Publicly Disclosed
No
Exploited in Wild
No
Release Date
November 11, 2025
Affected Versions
SQL Server 2016, 2017, 2019, 2022
Microsoft has released security patches for all affected versions through both General Distribution Release (GDR) and Cumulative Update (CU) channels.
Administrators should immediately apply the appropriate updates based on their current SQL Server version and update path to protect their systems from potential exploitation.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of 9.1, indicating an exceptionally high risk to affected environments. CVE ID Product Affected Versions Remediated […]
Allows authenticated attackers to escalate privileges
Numerous devices marked as “patched” in official reporting templates were found running outdated software versions that remain vulnerable to active threats.
This difference indicates that agencies misunderstood patch requirements or deployed incomplete updates.
CISA emphasizes that agencies must update ALL ASA and Firepower devices to the minimum required software versions, not just public-facing equipment.
Vulnerable software trains include ASA versions 9.12 through 9.22 and Firepower versions 7.0 through 7.6, each requiring specific minimum patch levels.
For ASA devices, the minimum required versions are: 9.12.4.72, 9.14.4.28, 9.16.4.85, 9.18.4.67, 9.20.4.10, and 9.22.2.14. ASA versions 9.17 and 9.19 require migration to supported releases.
Firepower devices must run at least 7.0.8.1, 7.2.10.2, 7.4.2.4, or 7.6.2.1, depending on their current release train. Emergency Directive 25-03 mandates patch deployment within 48 hours of release.
Agencies operating public-facing ASA hardware must execute CISA’s Core Dump and Hunt procedures and submit findings via the Malware Next Gen portal before patching.
Non-compliant agencies must resubmit ED 25-03 compliance reports through CyberScope. CISA will directly contact identified non-compliant agencies to ensure corrective actions are completed immediately.
This enforcement action underscores the critical importance of comprehensive patching strategies across all device categories within federal networks.
A newly discovered malware campaign is leveraging one of cybercriminals’ most effective lures cryptocurrency to distribute DarkComet RAT. This notorious remote access trojan continues to plague users despite being discontinued by its creator years ago. Security researchers have identified a suspicious executable masquerading as a Bitcoin wallet application, which, when executed, silently deploys the full […]
A new phishing campaign is targeting iPhone owners who have lost their devices, exploiting their hope of recovery to steal Apple ID credentials.
The National Cyber Security Centre (NCSC) has received multiple reports of cases where victims received text messages claiming their lost or stolen iPhones had been found abroad, sometimes months after the devices went missing.
These messages appear to come from Apple and include specific details about the device, such as model, color, and storage capacity, making them look genuine and trustworthy.
The attack works by sending victims a text message or iMessage that claims their iPhone has been located.
To make the scam more convincing, attackers include accurate information about the device that they can read directly from the phone itself.
The message contains a link that supposedly shows the device’s current location but actually redirects to a fake website designed to mimic Apple’s official login page.
Scam SMS pretending to come from Apple and containing a link (Source – NCSC)
When victims enter their Apple ID and password on this phishing page, they unknowingly hand over complete control of their account to the scammers.
NCSC security analysts noted that these attacks have become increasingly common, with scammers refining their tactics to make the messages more believable.
The phishing pages are carefully designed to display what appears to be the device’s location in the background while requesting login credentials.
Phishing page that asks for Apple ID access data and shows the alleged location of the lost iPhone in the background (Source – NCSC)
This creates a sense of urgency and legitimacy that can trick even cautious users into entering their information.
Understanding the Activation Lock Bypass
The primary goal behind this phishing campaign is to disable Apple’s Activation Lock, a security feature that permanently connects an iPhone to its owner’s Apple ID.
This lock makes stolen devices completely useless and impossible to resell, as there is no known technical method to bypass it.
Because of this strong protection, social engineering becomes the only realistic option for criminals to unlock and resell stolen iPhones.
The scammers face one major challenge: discovering the phone number of a locked device. While the exact methods remain unclear, security researchers believe attackers use two main approaches.
The first involves accessing the SIM card that was in the phone when it was stolen, provided the owner has not blocked it yet.
The second method exploits Apple’s Find My feature, where owners can display a message on the lock screen with contact details like phone numbers or email addresses for honest finders to reach them.
Unfortunately, this helpful feature becomes a vulnerability when the device falls into criminal hands, providing them with the exact information needed to launch targeted phishing attacks.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations relying on these devices for network security. The Vulnerability WatchGuard Firebox firewalls contain an out-of-bounds write […]
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services. Field Value CVE ID CVE-2025-12101 Vulnerability Type Cross-Site Scripting (XSS) CWE Classification CWE-79: Improper Neutralization […]
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated attack campaign leveraging legitimate Remote Monitoring and Management (RMM) tools to deploy backdoor malware on unsuspecting users’ systems. The attacks abuse LogMeIn Resolve (GoTo Resolve) and PDQ Connect, transforming trusted administrative tools into weapons for data theft and remote system compromise. While the […]
.webp)
.webp)