460/68 Wednesday, November 12, 2025 Cybersecurity firm Mandiant (Google) has identified active exploitation of an n-day vulnerability in Gladinet Triofox, a secure enterprise file-sharing and remote access platform, shortly after a patch was released. The critical flaw, tracked as CVE-2025-12480 with a CVSS score of 9.1, allows attackers to bypass authentication and gain access to […]
459/68 Wednesday, November 12, 2025 OWASP (Open Web Application Security Project) has announced the 2025 edition of the Top 10 Web Application Security Risks, marking a significant update since the 2021 release. The changes reflect a major shift in the threat landscape: the new list emphasizes risks arising from software supply chains and system design/configuration […]
458/68 Tuesday, November 11, 2025 The National Cyber Security Centre of Switzerland (NCSC) has issued a warning to iPhone users about a new phishing scam that pretends to notify victims that their lost device has been found. Attackers send SMS or iMessage texts using contact information that the owner previously entered into the Find My […]
457/68 Tuesday, November 11, 2025 Cybersecurity firm watchTowr has disclosed a critical vulnerability in Monsta FTP, a widely used web-based file management application commonly deployed by organizations and web administrators. The vulnerability, tracked as CVE-2025-34299, is rated Critical and allows attackers to gain access to the system without authentication (pre-auth) and perform remote code execution […]
456/68 Tuesday, November 11, 2025 QNAP, the Taiwan-based network-attached storage (NAS) manufacturer, has issued a major security update to fix seven zero-day vulnerabilities affecting multiple core software components. These vulnerabilities are significant because they were discovered and successfully exploited during the Pwn2Own Ireland 2025 global hacking competition – demonstrating that attackers could compromise affected systems […]
455/68 Monday, November 10, 2025 Security researchers have revealed that the GlassWorm malware campaign has resurfaced on the OpenVSX platform after being detected last month. This time, the malware is embedded in three Visual Studio Code (VSCode) extensions: These extensions have accumulated over 10,000 downloads. GlassWorm uses transactions on the Solana blockchain to retrieve payloads […]
454/68 Monday, November 10, 2025 Cisco has released a security update addressing a critical vulnerability in Unified Contact Center Express (UCCX), tracked as CVE-2025-20354, with a CVSS score of 9.8. The flaw stems from improper authentication within the Java Remote Method Invocation (RMI) process, allowing remote attackers to upload malicious files and execute commands on […]
453/68 Monday, November 10, 2025 A new report from Palo Alto Networks’ Unit 42 reveals the discovery of a new spyware strain called “Landfall,” designed specifically to target Samsung Galaxy devices. The malware is capable of fully compromising infected devices for surveillance, including recording phone calls, tracking device location, silently taking photos, and stealing contacts […]
452/68 Friday, November 7, 2025 Researchers at Google Threat Intelligence Group (GTIG) have warned of an emerging trend in malware that leverages artificial intelligence (AI) at runtime to change its behavior in real time and harvest data from target systems. These capabilities are being used to evade security detections and continuously adapt malware behavior — […]
451/68 Friday, November 7, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting Gladinet CentreStack / Triofox and CWP Control Web Panel to its Known Exploited Vulnerabilities (KEV) catalog. CentreStack and Triofox are enterprise solutions for Enterprise File Sharing and hybrid cloud storage, enabling secure access to file servers and SMB/NFS […]
