Skip to content
software vulnerability Page 4

software vulnerability

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Dec 19, 2025Ravie LakshmananFirmware Security / Vulnerability Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA)… 

Read More »New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

Dec 18, 2025Ravie LakshmananMalware / Cloud Security A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal… 

Read More »China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Dec 18, 2025Ravie LakshmananVulnerability / Enterprise Security Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the… 

Read More »HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

Dec 18, 2025Ravie LakshmananCybersecurity / Hacking News This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each… 

Read More »WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
North Korea-Linked Hackers Steal .02 Billion in 2025, Leading Global Crypto Theft

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out… 

Read More »North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

Dec 18, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of… 

Read More »CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Dec 18, 2025Ravie LakshmananVulnerability / Network Security Cisco has alerted users of a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686… 

Read More »Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances