%20(1).webp)
Cisco ASA 0-Day Exploited to Deploy RayInitiator and LINE VIPER
Today, the National Cyber Security Centre (NCSC) – part of GCHQ – issued further advice to help network defenders mitigate| Cyber Security News
In May 2023, a zero-day exploit in Progress Software’s MOVEit Transfer exploded into one of the largest supply chain breaches on record. CISA later estimated that more than 3000 US organizations and 8000 worldwide were affected, from banks and insurers to airlines and federal agencies. But for many, the first sign of trouble was seeing […] The post CVE-2023-34362 Explained: Inside the Zero-Day that Fueled Global Data Theft appeared first on CybelAngel.| CybelAngel
What is CVE-2025-10035? A new critical vulnerability, CVE-2025-10035, has been disclosed in Fortra’s GoAnywhere MFT, a widely used managed file transfer solution. The flaw lies in the License Servlet and allows unauthenticated attackers to achieve remote code execution (RCE) through crafted license responses. The vendor has rated this vulnerability as Critical (CVSS 10.0) due to... The post CVE-2025-10035 Critical Remote Code Execution in Fortra GoAnywhere MFT appeared first on IONIX.| IONIX
Today, the National Cyber Security Centre (NCSC) – part of GCHQ – issued further advice to help network defenders mitigate| Cyber Security News
A seemingly harmless message is broadcast across the galaxy, exploiting a zero-day vulnerability in every ship's logging system. The Atlas Monkey must race to create a patch before the entire fleet is compromised by this Log4Shell-style attack.| Seuros Blog - Navigation Logs from the Ruby Nebula
Overview The IONIX research team is tracking CVE-2025-42944, an insecure deserialization vulnerability affecting SAP NetWeaver AS Java’s RMI-P4 module—a critical issue warranting immediate attention. What’s at Risk? Context & Why It Matters Current State of Exploitation IONIX Recommendations Who Might Be Affected? Final Take CVE-2025-42944 is a textbook example of how insecure deserialization can escalate... The post CVE-2025-42944 — Insecure Deserialization in SAP NetWeaver appeared ...| IONIX
Summary A critical Server-Side Request Forgery (SSRF) vulnerability—CVE-2025-8085—has been discovered in the popular WordPress plugin “Ditty (News Ticker & Display Items)” for versions prior to 3.1.58. The issue resides in the displayItems REST API endpoint (wp-json/dittyeditor/v1/displayItems), which lacks authentication and authorization, allowing unauthenticated attackers to force the server to fetch arbitrary URLs—internal or external—via crafted... The post Unauthenticated SS...| IONIX
Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in the wild.| SecurityWeek
Overview A new critical vulnerability has been identified in FreePBX, the widely adopted open-source, web-based graphical user interface for managing Asterisk PBX systems. Tracked as CVE-2025-57819, this flaw affects FreePBX versions 15, 16, and 17 and enables unauthenticated attackers to bypass administrator login controls. Once inside, threat actors can perform SQL Injection attacks that lead... The post FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819) appeare...| IONIX
zero-day vulnerability, CVE-2025-7775, has been disclosed in Citrix NetScaler ADC and Gateway appliances. This flaw is classified as a memory overflow vulnerability| IONIX
A severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. This security flaw in the Windows MSHTML Platform allows remote code execution, potentially compromising numerous organizations worldwide.| MixMode
A recent Washington Post report sent shockwaves through the cybersecurity landscape, revealing that Chinese government-backed hackers have infiltrated at least two major US internet service providers (ISPs) and several smaller ones.| MixMode
