Daily Cyber News

add a heading (20)

VirtualBox 7.2 Adds Windows 11/Arm VM Support and 50 Bug  Fixes

Oracle has officially rolled out VirtualBox 7.2, a powerful upgrade to its open-source virtualization software. Released on August 14, 2025, this version introduces strong support for Windows 11/Arm virtualization, a redesigned graphical interface, and more than 50 bug fixes. The release strengthens VirtualBox’s position in the evolving Arm-based ecosystem, while still ensuring reliable performance for […]

VirtualBox 7.2 Adds Windows 11/Arm VM Support and 50 Bug  Fixes Read More »

add a heading (8)

Rockwell ControlLogix Ethernet Flaw Enables Remote Code Execution

A severe security flaw has been identified in Rockwell Automation’s ControlLogix Ethernet communication modules. This issue could allow remote attackers to execute arbitrary code on industrial control systems, posing a high risk to manufacturing and automation operations. The vulnerability, tracked as CVE-2025-7353, has been rated with a CVSS score of 9.8, placing it in the

Rockwell ControlLogix Ethernet Flaw Enables Remote Code Execution Read More »

add a heading (7)

Critical PostgreSQL Flaws Enable Code Injection in Restorations

The PostgreSQL Global Development Group has rolled out emergency security updates across all supported versions to fix three newly discovered vulnerabilities that expose organizations to arbitrary code execution risks during database restoration processes. These vulnerabilities affect PostgreSQL versions 13 through 17, with security patches available in the latest releases: 17.6, 16.10, 15.14, 14.19, and 13.22.

Critical PostgreSQL Flaws Enable Code Injection in Restorations Read More »

add a heading (6)

Workday Data Breach: Hackers Exploit Third-Party CRM

Workday, a well-known provider of enterprise cloud applications for finance and human resources, has confirmed it was impacted by a sophisticated social engineering campaign that led to a data breach involving a third-party Customer Relationship Management (CRM) system. No Customer Data Compromised The company clarified that its customer data and tenant environments were not affected,

Workday Data Breach: Hackers Exploit Third-Party CRM Read More »

add a heading (5)

North Korean Hackers Leak Stealthy Linux Malware Online

North Korean Linux Rootkit Leak Exposes Advanced Espionage Tools In a major cybersecurity incident, sensitive hacking tools and technical documentation linked to a North Korean threat actor have been leaked online. The disclosure, first highlighted in Phrack Magazine, includes advanced exploit methods, system compromise logs, and, most concerning, a stealth Linux rootkit capable of bypassing

North Korean Hackers Leak Stealthy Linux Malware Online Read More »

add a heading (4)

Back-to-School Shopping Scams Trick Users Into Fake Sites

Back-to-School Shopping Scams Surge as Cybercriminals Exploit Seasonal Rush As families nationwide gear up for the school season, cybercriminals are taking advantage of the increased demand for online shopping with a wave of advanced scams. Rising Online Threats During Seasonal Spending Criminals are leveraging higher shopping activity to launch malicious campaigns that target individuals searching

Back-to-School Shopping Scams Trick Users Into Fake Sites Read More »

add a heading (3)

Over 1000 N-able N-central RMM Servers Exposed to 0-Day

Over 1,000 N-able N-central Servers Exposed to Critical Zero-Day Vulnerabilities More than 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are at risk due to two newly identified zero-day vulnerabilities (CVE-2025-8875 and CVE-2025-8876). According to data confirmed on August 15, 2025, 1,077 unique IPs were detected running outdated N-central versions. This

Over 1000 N-able N-central RMM Servers Exposed to 0-Day Read More »

add a heading (1)

Supply Chain: Malicious PyPI, npm Packages Exploit Dependencies

Malicious Python and npm Packages Uncovered in Supply Chain Attacks Cybersecurity researchers have uncovered a malicious package on the Python Package Index (PyPI) that introduced harmful behavior through a hidden dependency, enabling persistence and remote code execution. The package, named termncolor, achieved its malicious activity via a dependency called colorinal, as detailed by Zscaler ThreatLabz.

Supply Chain: Malicious PyPI, npm Packages Exploit Dependencies Read More »

add a heading (16)

New Gmail Phishing Attack Steals Credentials via Login Flow

A sophisticated phishing campaign is actively targeting Gmail users by exploiting legitimate Microsoft Dynamics infrastructure to bypass security protections and steal user credentials. The scam begins with deceptive “New Voice Notification” emails, appearing to come from trusted voicemail services. These messages include spoofed sender details and prominent “Listen to Voicemail” buttons that redirect victims through

New Gmail Phishing Attack Steals Credentials via Login Flow Read More »

add a heading (15)

ImageMagick Vulnerabilities Trigger Memory Corruption, Overflows

Multiple ImageMagick Vulnerabilities Expose Users to Memory Corruption and Integer Overflow Risks Security experts have identified four critical vulnerabilities in ImageMagick, one of the most popular open-source image processing tools, potentially putting millions of users at risk. Discovered by researcher “urban-warrior” and reported three days ago, the flaws include two high-risk issues that could allow

ImageMagick Vulnerabilities Trigger Memory Corruption, Overflows Read More »