Daily Cyber News

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release

Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released. The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative […]

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release Read More »

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes

Cybersecurity researchers have attributed a series of espionage driven cyber intrusions to a China linked threat actor tracked as UAT 7290, which has been actively targeting organizations across South Asia and Southeastern Europe. According to a new report published by Cisco Talos, the activity cluster has been operational since at least 2022 and is known

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes Read More »

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages

Cybersecurity researchers have uncovered a new malware campaign involving three malicious npm packages that were used to distribute a previously undocumented remote access trojan named NodeCordRAT. The discovery highlights ongoing risks within open source ecosystems, particularly for developers working with cryptocurrency related libraries. Malicious Packages Identified The following npm packages were identified as part of

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages Read More »

Coolify Reveals 11 Critical Vulnerabilities Allowing Full Server Compromise on Self-Hosted Instances

Security researchers have disclosed 11 high-impact security vulnerabilities affecting Coolify, an open-source self-hosting and application deployment platform. The flaws could allow attackers to bypass authentication controls and execute arbitrary commands, potentially resulting in complete server and infrastructure compromise on self-hosted instances. Overview of the Disclosed Vulnerabilities The identified issues primarily stem from command injection, improper

Coolify Reveals 11 Critical Vulnerabilities Allowing Full Server Compromise on Self-Hosted Instances Read More »

CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security vulnerabilities affecting Microsoft Office and HPE OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence that the flaws are being actively abused by threat actors. The move highlights growing concerns about unpatched enterprise software being leveraged in real-world attacks. Vulnerabilities Added to KEV Catalog The following security

CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited Read More »

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches

Cybersecurity authorities have linked the notorious Black Cat gang to an ongoing SEO poisoning campaign that targets popular software searches, tricking users into downloading malicious backdoors capable of stealing sensitive information. Fraudulent Sites Target Popular Software According to reports by CNCERT/CC and Beijing Weibu Online (ThreatBook), the threat actors manipulate search engine results on platforms

Black Cat Group Runs SEO Poisoning Malware Campaign Targeting Popular Software Searches Read More »

Ongoing Attacks Target Legacy D-Link DSL Routers via Critical RCE Vulnerability

Cybersecurity researchers have reported ongoing attacks exploiting a critical vulnerability in legacy D-Link DSL gateway routers. The flaw, tracked as CVE-2026-0625, has a CVSS score of 9.3 and enables unauthenticated remote attackers to execute arbitrary code on affected devices. Command Injection in DNS Configuration Endpoint The vulnerability stems from improper sanitization of user-supplied DNS parameters in the dnscfg.cgi endpoint. Exploitation allows

Ongoing Attacks Target Legacy D-Link DSL Routers via Critical RCE Vulnerability Read More »

Critical n8n Vulnerability (CVSS 10.0) Lets Unauthenticated Attackers Take Full Control

Cybersecurity researchers have disclosed a maximum-severity vulnerability in n8n, a widely used workflow automation platform, that allows unauthenticated attackers to gain complete control over vulnerable instances. The flaw, tracked as CVE-2026-21858 and named Ni8mare by Cyera Research Labs, carries a CVSS score of 10.0. Security researcher Dor Attias discovered and reported the issue on November 9, 2025. Unauthenticated Exploit Lets Attackers Access Sensitive

Critical n8n Vulnerability (CVSS 10.0) Lets Unauthenticated Attackers Take Full Control Read More »

Microsoft Warns That Misconfigured Email Routing Can Enable Internal Domain Phishing

Microsoft has issued a warning that threat actors are exploiting misconfigured email routing and weak spoofing protections to carry out phishing attacks that appear to originate from within an organization’s own domain. According to the Microsoft Threat Intelligence team, attackers are abusing these routing weaknesses to deliver phishing emails that impersonate internal communications. These messages

Microsoft Warns That Misconfigured Email Routing Can Enable Internal Domain Phishing Read More »

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has issued a security advisory detailing a serious unpatched vulnerability affecting the TOTOLINK EX200 wireless range extender, which could allow a remote attacker to gain complete control over the device. The vulnerability, tracked as CVE-2025-65606, originates from improper error handling within the device’s firmware upload mechanism. Although no CVSS score has been

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover Read More »