305/68 Monday, August 25, 2025 Cyber researchers at FortiGuard Labs have reported the resurgence of the “Gayfemboy” botnet, a new evolution of the original Mirai malware, exhibiting more sophisticated and dangerous capabilities. This botnet exploits both known vulnerabilities (N-day) and unpatched zero-day vulnerabilities in devices from DrayTek, TP-Link, Raisecom, and Cisco to spread malware. The […]
304/68 Friday, August 22, 2025 Apple has released security updates to address a zero-day vulnerability, tracked as CVE-2025-43300, affecting iOS, iPadOS, and macOS. The flaw was reportedly exploited in targeted attacks. The vulnerability resides in the ImageIO framework and could lead to memory corruption when the system processes a specially crafted image. According to Apple, […]
303/68 Friday, August 22, 2025 Security researcher Marek Tóth presented findings at DEF CON 33, revealing a newly identified vulnerability dubbed DOM-Based Extension Clickjacking that affects popular password manager browser extensions such as 1Password, iCloud Passwords, Bitwarden, LastPass, and several others. This flaw can potentially allow attackers to steal sensitive information simply by tricking users […]
302/68 Thursday, August 21, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Trend Micro Apex One, identified as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) Catalog after confirming that it has been actively exploited. This vulnerability is a command injection Remote Code Execution (RCE) flaw that allows unauthenticated […]
301/68 Thursday, August 21, 2025 The world of children’s toys is entering a new era as AI startups like Curio introduce intelligent plushies capable of holding conversations, answering questions, and telling stories. These toys, named Grem, Gabbo, and Grok, are marketed as screen-time alternatives that can become playful companions. However, academics and U.S. consumer protection […]
300/68 Wednesday, August 20, 2025 Xerox has released patches to address two high-severity vulnerabilities: CVE-2025-8355 (XXE Injection) and CVE-2025-8356 (Path Traversal) in its FreeFlow Core platform, which is used for Print Automation and Workflow Management. Both vulnerabilities allow unauthenticated attackers to perform remote code execution (RCE). A research team from Horizon3 discovered the flaws. They […]
299/68 Wednesday, August 20, 2025 Cybercriminals are deploying a new tactic by impersonating Google Support through emails or phone calls that claim “someone is trying to hack your account”, urging users to immediately reset their password. Victims then receive a separate account reset email. When the user logs in and shares a verification code, attackers […]
298/68 Tuesday, August 19, 2025 Colt Technology Services, a UK-headquartered telecommunications provider, is facing a multi-day service disruption following a ransomware attack carried out by the WarLock group on August 12. Affected services include Hosting, Porting, Colt Online, and Voice API, with the company’s IT team currently working to restore impacted systems. Initially, Colt described […]
297/68 Tuesday, August 19, 2025 A threat actor using the alias Chucky_BF has reportedly advertised a massive database allegedly containing PayPal login credentials on a cybercrime forum. The data set, dubbed the “Global PayPal Credential Dump 2025,” is over 1.1 GB in size and includes more than 15.8 million records of plain-text email and password […]
296/68 Monday, August 18, 2025 Researchers from Trustwave SpiderLabs have issued a warning regarding a new attack campaign by the threat group EncryptHub (also known as LARVA-208 or Water Gamayun). The group is leveraging the CVE-2025-26633 vulnerability, also known as “MSC EvilTwin,” found in Microsoft Management Console (MMC), in combination with social engineering tactics to […]
