serisec

Tag: cyber-security-news

  • Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

    Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities that pose serious risks to its users.  These vulnerabilities, identified as CVE-2025-25064 and CVE-2025-25065, allow attackers to exploit the system for unauthorized access to sensitive data and internal network…

  • PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

    PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers A recently disclosed vulnerability in AnyDesk, a popular remote desktop software, identified as CVE-2024-12754, enables local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files.  This could potentially escalate their privileges to administrative levels,…

  • Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites

    Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving tactics of cybercriminals in leveraging legitimate tools for malicious purposes. Google Tag Manager…

  • TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30

    TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30 In an impressive demonstration of cost-effective AI research, a group of researchers has successfully replicated DeepSeek’s R1-Zero model for just $30. Dubbed TinyZero, this project focuses on countdown and multiplication tasks, leveraging reinforcement learning (RL) to enable a 3-billion-parameter (3B) base language model (LM) to…

  • Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access

    Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access The eSentire Threat Response Unit (TRU) revealed that threat actors are actively exploiting a six-year-old IIS vulnerability in Progress Telerik UI for ASP.NET AJAX to gain remote access to systems. This vulnerability, identified as CVE-2019-18935, allows attackers to execute arbitrary code on vulnerable servers, posing…

  • 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

    0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows A critical 0-Day vulnerability has been identified in nearly all Microsoft Sysinternals tools, presenting a significant risk to IT administrators and developers who rely on these utilities for system analysis and troubleshooting. This vulnerability, outlining how attackers can exploit DLL injection…

  • Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access

    Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.  This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions. …

  • CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers

    CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with international cybersecurity authorities, has issued comprehensive guidance aimed at securing network edge devices.  These devices, which include firewalls, routers, VPN gateways, Internet of Things (IoT) devices, internet-facing servers, and operational technology (OT) systems, are critical…

  • New Attack Technique to Bypassing EDR as Low Privileged Standard User

    New Attack Technique to Bypassing EDR as Low Privileged Standard User A new cyberattack technique has emerged, enabling attackers to bypass Endpoint Detection and Response (EDR) systems while operating under a low-privileged standard user account.  Traditionally, EDR evasion requires elevated privileges, such as administrative or system-level access.  However, this innovative approach leverages masquerading and path…

  • Canadian National Charged for Stealing $65 Million in Crypto 

    Canadian National Charged for Stealing $65 Million in Crypto  U.S. prosecutors have charged Andean Medjedovic, a 22-year-old Canadian, with five counts of criminal indictment for allegedly orchestrating a sophisticated cryptocurrency theft.  Medjedovic is accused of exploiting vulnerabilities in the KyberSwap and Indexed Finance DeFi protocols, resulting in significant financial losses. The alleged schemes carried out…

  • Roundcube XSS Vulnerability Let Attackers Inject Malicious Files

    Roundcube XSS Vulnerability Let Attackers Inject Malicious Files A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2024-57004, has been discovered in Roundcube Webmail version 1.6.9.  This flaw allows remote authenticated users to upload malicious files disguised as email attachments, posing significant risks to individuals and organizations using the popular open-source webmail client. The vulnerability stems…

  • Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access

    Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue, allowing attackers to bypass authentication mechanisms via spoofing, escalating their privileges over a network. However, Microsoft has confirmed that…

  • Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System 

    Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System  Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.  These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary code.  Organizations relying on these systems for…

  • Parrot 6.3 Released With Improved Security & New Hacking Tools

    Parrot 6.3 Released With Improved Security & New Hacking Tools ParrotOS, the cybersecurity-focused Linux distribution, has recently released its latest update, Parrot 6.3, which includes a number of new features, performance improvements, and updated tools to enhance the user experience. This release is designed to make ParrotOS faster, more stable, and even more secure for…

  • APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File

    APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File The North Korean state-sponsored hacking group APT37 (aka ScarCruft, Reaper), has been identified leveraging group chat platforms to distribute malicious LNK files. This latest tactic highlights the group’s evolving methods to infiltrate systems and exfiltrate sensitive data. APT37’s recent campaign involves sending malicious LNK…

  • BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised

    BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabilities and has since been linked to the China-based hacking group Silk Typhoon.  While…

  • 10 Best Web Application Firewall (WAF) – 2025

    10 Best Web Application Firewall (WAF) – 2025 A Web Application Firewall (WAF) is a security solution designed to protect web applications by monitoring, filtering, and blocking malicious HTTP/S traffic. Operating at the OSI model’s application layer (Layer 7), a WAF acts as a reverse proxy between users and web applications, analyzing incoming requests and…

  • Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks

    Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks A new threat to cybersecurity has emerged in the form of Devil-Traff, a bulk SMS platform designed to facilitate large-scale phishing campaigns. Leveraging advanced features such as sender ID spoofing, API integration, and support for malicious content, this platform has become a favorite tool…

  • National Change Your Password Day! – CISA Recommends to Enable MFA

    National Change Your Password Day! – CISA Recommends to Enable MFA February 1 marks National Change Your Password Day, a timely initiative to combat escalating cyber risks by promoting stronger password practices. With hacking incidents surging globally, the Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the critical role of multi-factor authentication (MFA) in safeguarding digital accounts. Despite annual reminders to update passwords, weak or reused…

  • WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives 

    WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives  The notorious WantToCry ransomware group leverages misconfigured Server Message Block (SMB) services to infiltrate networks and launch widespread attacks. The weaknesses in SMBs, such as weak credentials, outdated software, and poor security configurations, are providing attackers with an easy entry point through which attackers exploit…

  • Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware

    Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware WhatsApp revealed on Friday that a “zero-click” spyware attack, attributed to the Israeli firm Paragon, has targeted scores of users worldwide, including journalists and members of civil society. The spyware targeted nearly 100 WhatsApp users, including journalists, and did not require any user interaction, nor did…

  • WhatsApp New Privacy Let Users Control who Can See The Profile Photo

    WhatsApp New Privacy Let Users Control who Can See The Profile Photo In a move to enhance user privacy, WhatsApp has rolled out a significant update allowing users to control who can view their profile photos. This feature, available on both iOS and Android devices, provides users with more granular control over their privacy settings.…

  • Google Has Blocked 2.28 Million Malicious Apps Entering Into Play Store

    Google Has Blocked 2.28 Million Malicious Apps Entering Into Play Store Google announced today it blocked a record 2.28 million policy-violating apps from entering the Play Store in 2023, leveraging advanced machine learning, stricter developer vetting, and cross-industry collaborations to combat evolving cyberthreats.  The milestone underscores efforts to uphold its SAFE principles (Safeguard Users, Advocate…

  • New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History

    New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History As internet security evolves, SSL (Secure Sockets Layer) certificates, cornerstones of encrypted communication, are stepping into a brand-new role as vital tools in the fight against cyberattacks. Experts are now leveraging SSL intelligence and historical SSL data to expose hidden threat actor infrastructure, track…

  • Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000

    Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000 A significant extension of Microsoft’s Microsoft 365 (M365) Bounty Program has been announced. The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions.  This update underscores Microsoft’s commitment to…

  • D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely

    D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max Bellia of SECURE NETWORK BVTECH.…

  • Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users

    Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users In a law enforcement operation dubbed “Operation Talent,” an international coalition of law enforcement agencies led by Germany’s Bundeskriminalamt (BKA) and Europol has dismantled two of the world’s largest cybercrime forums: Cracked.io and Nulled.to. These platforms, which collectively hosted over 10 million…

  • Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely

    Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that exploits cross-process communication features in object-oriented remoting technologies like…

  • VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations 

    VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations  Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.  These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation.  The vulnerabilities affect the following VMware products:…

  • Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

    Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration. Over 1,500 infected devices have been…

  • PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability

    PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability A Cross-Site Scripting (XSS) vulnerability has been identified in the TP-Link Archer A20 v3 router, specifically in firmware version 1.0.6 Build 20231011 rel.85717(5553).  The issue stems from improper handling of directory listing paths on the router’s web interface. When a specially crafted URL is accessed,…

  • API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers

    API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers A vulnerability in a third-party travel service API has exposed millions of airline users to potential account takeovers, enabling attackers to exploit airline loyalty points and access sensitive personal information.  The flaw, discovered by Salt Labs, highlights the risks associated with API supply…

  • Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released

    Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability. The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.  It allows authenticated users with device management permissions to execute arbitrary commands on the server, posing significant risks to data…

  • DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts

    DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts DeepSeek R1, the latest AI model from China, is making waves in the tech world for its reasoning capabilities. Positioned as a challenger to AI giants like OpenAI, it has already climbed to 6th place on the Chatbot Arena benchmarking list, surpassing notable models such as Meta’s…

  • Akira’s New Linux Ransomware Attacking VMware ESXi Servers

    Akira’s New Linux Ransomware Attacking VMware ESXi Servers The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023 by deploying a Linux-based encryptor specifically designed…

  • Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges

    Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution.  This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations.  The issue affects only On-Premise installations and does not impact…

  • New Phishing Campaign Mimic Amazon Prime Membership To Steal Credit Card Data

    New Phishing Campaign Mimic Amazon Prime Membership To Steal Credit Card Data A sophisticated phishing campaign targeting Amazon Prime members has been uncovered, aiming to steal credit card information and other sensitive data. Cybersecurity experts have identified a complex attack chain that leverages PDF attachments, redirects, and cleverly crafted phishing sites to deceive unsuspecting victims.…

  • New Docker 1-Click RCE Attack Exploits Misconfigured API Settings

    New Docker 1-Click RCE Attack Exploits Misconfigured API Settings A newly disclosed attack method targeting Docker installations has raised significant security concerns among developers and system administrators. The vulnerability leverages a misconfigured Docker Engine API setting, allowing attackers to achieve remote code execution (RCE) with minimal user interaction. While Docker’s default settings are secure, enabling…

  • Stratoshark – Wireshark Has Got a Friend for Cloud

    Stratoshark – Wireshark Has Got a Friend for Cloud The creators of Wireshark, Gerald Combs and Loris Degioanni, have unveiled Stratoshark, a groundbreaking tool designed to bring Wireshark’s renowned capabilities into the cloud era. Building on over 25 years of experience with Wireshark, which has become a staple for network analysis with over 5 million…

  • Mario Duarte, Former Snowflake Cybersecurity Leader, Joins Aembit as CISO to Tackle Non-Human Identities

    Mario Duarte, Former Snowflake Cybersecurity Leader, Joins Aembit as CISO to Tackle Non-Human Identities Aembit, the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte, formerly head of security at Snowflake, joins Aembit with a deep commitment to address pressing gaps in non-human identity security. Duarte’s journey…

  • Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) – Exploit POC Released

    Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) – Exploit POC Released Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Identified as CVE-2024-45519, this flaw allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. The vulnerability was discovered in Zimbra’s post-journal…

  • Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate

    Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate Authorities in the UK, US, and Australia have sanctioned sixteen individuals linked to Evil Corp, a group once considered the pinnacle of global cyber threats. This move exposes their connections to the Russian state and other infamous ransomware groups, including LockBit. The National Crime…

  • New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing

    New Bluetooth Vulnerability Leak Your Passcode to Hackers While Pairing A recently identified vulnerability in Bluetooth technology, identified as CVE-2020-26558, poses a significant security risk to devices supporting various Bluetooth Core Specifications. This vulnerability, known as “Impersonation in the Passkey Entry Protocol,” affects devices using the Passkey Entry association model in BR/EDR Secure Simple Pairing,…

  • Authorities Unmasked LockBit Affiliate Evil Corp Key Member

    Authorities Unmasked LockBit Affiliate Evil Corp Key Member Law enforcement agencies have identified Russian national Aleksandr Viktorovich Ryzhenkov as a key member of the notorious Evil Corp cybercrime group and a LockBit ransomware affiliate. Ryzhenkov, also known by his alias “Beverley,” has been linked to over 60 LockBit ransomware builds and is believed to have…