Daily Cyber News

China-Linked APT Exploits Sitecore Zero-Day in Critical Infrastructure Attacks

A threat actor assessed to be linked with China has been observed conducting cyber intrusions against critical infrastructure organizations in North America since at least last year. The activity was identified by Cisco Talos, which is tracking the campaign under the designation UAT 8837. Based on tactical similarities with previously documented operations, Talos assessed with […]

China-Linked APT Exploits Sitecore Zero-Day in Critical Infrastructure Attacks Read More »

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco has released security updates to address a critical remote code execution vulnerability affecting Cisco AsyncOS Software used in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The patches arrive nearly one month after Cisco confirmed that the flaw was actively exploited as a zero day by a China linked advanced persistent

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways Read More »

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks

Cloud security researchers have revealed that a critical misconfiguration in AWS CodeBuild could have allowed attackers to fully compromise Amazon Web Services owned GitHub repositories, including the widely used AWS JavaScript SDK. The issue created a potential pathway for large scale supply chain attacks that could have impacted countless AWS customers. The vulnerability, named CodeBreach by cloud security firm Wiz,

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks Read More »

Critical WordPress Modular DS Plugin Vulnerability Actively Exploited to Gain Admin Access

Security researchers have confirmed active exploitation of a critical vulnerability affecting the Modular DS WordPress plugin, allowing attackers to gain administrator level access without authentication. The issue has been disclosed by WordPress security firm Patchstack and is already being abused in real world attacks. The vulnerability is tracked as CVE-2026-23550 and carries a maximum CVSS

Critical WordPress Modular DS Plugin Vulnerability Actively Exploited to Gain Admin Access Read More »

Researchers Disclose Reprompt Attack Enabling One-Click Data Exfiltration From Microsoft Copilot

Cybersecurity researchers have uncovered a new attack technique named Reprompt that allows threat actors to silently extract sensitive information from AI chatbots such as Microsoft Copilot with just a single click. The attack operates without requiring plugins, user interaction, or visible prompts, creating a serious blind spot for enterprise security controls. According to Varonis security researcher Dolev

Researchers Disclose Reprompt Attack Enabling One-Click Data Exfiltration From Microsoft Copilot Read More »

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Behind Online Fraud

Microsoft has successfully taken legal measures in the U.S. and U.K. to dismantle RedVDS, a subscription-based cybercrime service that enabled criminals to carry out widespread online fraud. The action included seizing domains redvds[.]com, redvds[.]pro, and vdspanel[.]space, effectively taking the illegal service offline. RedVDS allowed threat actors to access cheap, disposable virtual computers for as little as $24 per month,

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Behind Online Fraud Read More »

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers

Security researchers have disrupted a major botnet operation after null-routing traffic linked to more than 550 command-and-control servers tied to the AISURU and Kimwolf botnets. The takedown was carried out by Black Lotus Labs, the threat intelligence arm of Lumen Technologies, and began in early October 2025. These botnets have rapidly grown into some of the largest active malicious

Researchers Null-Route More Than 550 Kimwolf and Aisuru Botnet Command Servers Read More »

Hackers Abuse c-ares DLL Side-Loading to Evade Security and Deploy Malware

Cybersecurity researchers have uncovered an active malware campaign that abuses a DLL side-loading weakness in a legitimate binary linked to the open-source c-ares library. By exploiting this technique, attackers are able to bypass traditional security controls and deliver a wide range of commodity malware, including trojans, stealers, and remote access tools. How the Attack Works According to

Hackers Abuse c-ares DLL Side-Loading to Evade Security and Deploy Malware Read More »

Fortinet Patches Critical FortiSIEM Vulnerability Allowing Unauthenticated Remote Code Execution

Fortinet has released security updates to address a critical vulnerability in FortiSIEM that could allow unauthenticated attackers to execute arbitrary code on affected systems. The flaw poses a serious risk to organizations using vulnerable FortiSIEM deployments, particularly those with exposed management services. Vulnerability Overview The issue, tracked as CVE-2025-64155, carries a CVSS score of 9.4, indicating critical

Fortinet Patches Critical FortiSIEM Vulnerability Allowing Unauthenticated Remote Code Execution Read More »

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Ukraine’s Computer Emergency Response Team (CERT-UA) has revealed details of a recent cyber espionage campaign targeting Ukrainian defense forces using a malware strain known as PLUGGYAPE. The attacks were observed between October and December 2025. CERT-UA has attributed the activity with medium confidence to a Russia aligned threat group tracked as Void Blizzard, also known

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces Read More »