Daily Cyber News

Microsoft Links Storm-1175 to GoAnywhere Exploit, Medusa Ransomware Deployment

Microsoft has attributed a recent wave of cyberattacks to a threat group identified as Storm-1175, linking it to the exploitation of a critical flaw in Fortra’s GoAnywhere MFT software. The attacks ultimately led to the deployment of Medusa ransomware, affecting several organizations globally. The vulnerability, tracked as CVE-2025-10035 with a CVSS score of 10.0, is […]

Microsoft Links Storm-1175 to GoAnywhere Exploit, Medusa Ransomware Deployment Read More »

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access

A newly uncovered remote code execution (RCE) flaw in Redis, known as RediShell, has revealed that attackers could gain complete control over the host system. The issue, tracked as CVE-2025-49844, was discovered by Wiz Research and carries the maximum CVSS score of 10.0, placing it among the most critical security threats identified to date. The

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access Read More »

Google Chrome RCE Flaw Disclosed, Exploit Code Published

Researchers have published full technical details and proof-of-concept exploit code for a critical remote code execution, RCE, vulnerability in Google Chrome’s V8 JavaScript engine. The bug stems from a WebAssembly type canonicalization regression that creates nullability confusion, and a separate JavaScript Promise Integration, JSPI, state-switching weakness that enables a novel sandbox bypass. This article explains

Google Chrome RCE Flaw Disclosed, Exploit Code Published Read More »

Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers

A new cybersecurity investigation has revealed a large-scale cyber fraud operation linked to a Chinese-speaking group named UAT-8099. This group is reportedly involved in SEO manipulation, data theft, and unauthorized access to systems via compromised Microsoft IIS servers. The attackers primarily target regions like India, Thailand, Vietnam, Canada, and Brazil, with victims including universities, tech

Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers Read More »

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities

A new intelligence report has revealed connections between two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), and China’s Ministry of State Security (MSS). According to cybersecurity firm Recorded Future, BIETA appears to be managed or influenced by the MSS based

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities Read More »

PoC Released for Sudo Vulnerability Allowing Attackers to Gain Root Access

A public proof-of-concept, PoC, has been published for CVE-2025-32463, a local privilege escalation flaw in the Sudo utility that can allow a local attacker to gain root privileges under certain configurations. Security researcher Rich Mirch discovered the issue, and a working exploit plus usage instructions are available in an open GitHub repository, increasing the pressure

PoC Released for Sudo Vulnerability Allowing Attackers to Gain Root Access Read More »

Oracle Issues Urgent Patch for CVE-2025-61882 Exploited by Cl0p in Data Theft Attacks

Oracle has released an emergency patch to address a serious security vulnerability in its E-Business Suite. The flaw, identified as CVE-2025-61882 with a CVSS score of 9.8, has already been actively exploited in data theft campaigns carried out by the Cl0p ransomware group. Details of the Vulnerability The issue lies in the Oracle Concurrent Processing

Oracle Issues Urgent Patch for CVE-2025-61882 Exploited by Cl0p in Data Theft Attacks Read More »

Detour Dog Exposed for Operating DNS-Based Malware Factory Linked to Strela Stealer

A cybercriminal known as Detour Dog has been exposed as the operator behind large-scale DNS-powered malware campaigns that distribute Strela Stealer, an information-stealing malware. Security researchers from Infoblox have traced the attacker’s infrastructure, revealing how it fuels the spread of a backdoor named StarFish, which acts as the entry point for Strela Stealer infections. Background

Detour Dog Exposed for Operating DNS-Based Malware Factory Linked to Strela Stealer Read More »

Researchers Alert on SORVEPOTEL, a Self-Spreading Malware Targeting WhatsApp Users

A newly discovered malware campaign is targeting WhatsApp users in Brazil, spreading rapidly through phishing techniques. The malware, named SORVEPOTEL by Trend Micro researchers, is designed for fast propagation rather than data theft or ransomware. The attack begins when compromised WhatsApp accounts send phishing messages containing malicious ZIP file attachments. These files often appear as

Researchers Alert on SORVEPOTEL, a Self-Spreading Malware Targeting WhatsApp Users Read More »

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited

Security firm ONEKEY, which discovered and reported the flaw in February 2025, explained that the Meteobridge web application, built using CGI shell scripts and C, exposes a script called template.cgi through the /cgi-bin/template.cgi directory. This script’s insecure use of eval makes it possible for attackers to inject malicious commands through specially crafted requests. For instance,

CISA Warns Meteobridge CVE-2025-4008 Vulnerability Is Actively Exploited Read More »