2025-11-26 Daily Vulns
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-33194 NVIDIA - DGX Spark ...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-33194 NVIDIA - DGX Spark ...
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JS...
Source: Arctic Wolf Excerpt: In September 2025, Arctic Wolf® Labs identified a U.S.-based company that was targeted by RomCom threat actors via SocGholish, operated by TA569. While the typical ini...
A new free AI tool named KawaiiGPT is being leveraged by cybercriminals to automate and simplify a range of attacks, including phishing, ransomware deployment, and data exfiltration. The tool, curr...
The FBI is warning of a significant surge in account takeover (ATO) fraud schemes, with cybercriminals impersonating financial institutions and stealing over $262 million since January 2025. The ag...
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: they offer unlimited access to more than 2,200 pay-per-view and streaming ...
A massive resurgence of the Sha1-Hulud malware family, dubbed “The Second Coming” by its creators, has been observed targeting the npm ecosystem, beginning around November 24. The attackers comprom...
Cox Enterprises has confirmed that its Oracle E-Business Suite (EBS) instance was impacted in the recent cybercrime campaign that has targeted many organizations. The company said the attackers ob...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-31216 Apple - iPadOSApple - ...
Researchers are urging users of the glob file pattern matching library to update their installations due to a recently discovered remote code execution flaw (CVE-2025-64756) in the tool’s CLI. The ...
The Security Affairs newsletter highlights a surge in cybercrime activity, including a confirmed data breach impacting the Pennsylvania Attorney General following an INC Ransom attack. DoorDash als...
Iberia, the flag carrier airline of Spain, is notifying customers of a data breach stemming from a security incident affecting one of its third-party suppliers. The breach resulted in the exposure ...
A massive leak of internal documents has blown the cover off one of Iran’s most active hacking groups. For years, the cybersecurity community tracked them as APT35, Charming Kitten, Fresh Feline. N...
A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels.\n\nThe vulnerability undermi...
The issue is related to how older 7-Zip versions handle symbolic links inside ZIP files (a symbolic link is a shortcut to another file or folder). As explained by Trend Micro’s Zero Day Initiative ...
Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting.\n\nThe researchers from th...
Leading cybersecurity firm CrowdStrike recently confirmed it fired an employee for sharing confidential internal details with a major hacking group. This incident, which became public on Friday, sh...
NEW: CVE vendor-product description metric Referenceurl title GithubURL CVE-2025-0504 Black Duck - Black Duck...
Two American citizens and two Chinese nationals now face 50 years behind bars each for illegally exporting at least four shipments of Nvidia’s cutting-edge GPU chips and their AI technology to the ...
The ShinyHunters cybercrime group has claimed responsibility for the Gainsight breach, asserting they leveraged access gained during the earlier Salesloft Drift hack to pilfer data from hundreds of...