Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. […]
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like
Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in
Hackers are exploiting critical flaw in vBulletin forum software
Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. […]
Microsoft now testing Notepad text formatting in Windows 11
Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input. […]
Police takes down AVCheck site used by cybercriminals to scan malware
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. […]
Germany doxxes Conti ransomware and TrickBot ring leader
The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. […]
Firebase, Google Apps Script Abused in Fresh Phishing Campaigns
Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.
The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.
US Sanctions Philippine Company for Supporting Crypto Scams
The US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.
The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.
“This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as
“This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as