Security Issues, Vulnerabilities, Exploits & Government Alerts
Sep 02, 2025Ravie LakshmananMalware / Threat Intelligence The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT,…
Sep 02, 2025Ravie LakshmananCyber Espionage / Network Security Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems. “MystRodX is a…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: SunPower Equipment: PVS6 Vulnerability: Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) announced the appointment today of Nicholas Andersen as the Executive Assistant Director for Cybersecurity. A recognized national security and cybersecurity leader, Andersen will lead CISA’s cybersecurity…
Sep 02, 2025The Hacker NewsData Privacy / SaaS Security The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90%…
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025. The activity originated from a Ukraine-based autonomous…
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at…
Sep 02, 2025Ravie LakshmananCryptocurrency / Malware Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows…