A new technique to exploit a complex use-after-free (UAF) vulnerability in the Linux kernel successfully bypasses modern security mitigations to gain root privileges. The method targets CVE-2024-50264, a difficult-to-exploit race condition bug in the AF_VSOCK subsystem that was recognized with a Pwnie…
Category: Cyber Security News
SpamGPT – AI-powered Attack Tool Used By Hackers For Massive Phishing Attack
A sophisticated new cybercrime toolkit named SpamGPT is enabling hackers to launch massive and highly effective phishing campaigns by combining artificial intelligence with the capabilities of professional email marketing platforms. Marketed on the dark web as a “spam-as-a-service” platform, SpamGPT…
Elastic Salesloft Drift Security Incident – Hackers Accessed Email Account Contains Valid Credentials
Elastic has disclosed a security incident stemming from a third-party breach at Salesloft Drift, which resulted in unauthorized access to an internal email account containing valid credentials. While the company’s core Salesforce environment was not impacted, the incident exposed sensitive…
Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads
In the largest supply chain attack, hackers compromised 18 popular npm packages, which together account for over two billion downloads per week. The attack, which began on September 8th, involved injecting malicious code designed to steal cryptocurrency from users. The…
Dynatrace Confirms Data Breach: Hackers Accessed Customer Data From Salesforce
Dynatrace has confirmed it was impacted by a third-party data breach originating from the Salesloft Drift application, resulting in unauthorized access to customer business contact information stored in its Salesforce CRM. The company confirmed that the incident was limited to…
Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack
A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The technique, which leverages a flaw in how Defender selects its execution folder, can be carried out…
Progress OpenEdge AdminServer Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for remote code execution (RCE) and affects multiple versions of the software, potentially enabling attackers to…
Venezuela’s Maduro Says Huawei Mate X6 Gift From China is Unhackable by U.S. Spies
In Caracas this week, President Nicolás Maduro unveiled the Huawei Mate X6 gifted by China’s Xi Jinping, declaring the device impervious to U.S. espionage efforts. The announcement coincides with heightened tensions between Washington and Beijing, as the United States enforces…
PoC Exploit Released for ImageMagick RCE Vulnerability – Update Now
A proof-of-concept (PoC) exploit has been released for a critical remote code execution (RCE) vulnerability in ImageMagick 7’s MagickCore subsystem, specifically affecting the blob I/O (BlobStream) implementation. Security researchers and the ImageMagick team urge all users and organizations to update immediately to prevent exploitation.…
PgAdmin Vulnerability Lets Attackers Gain Unauthorised Account Access
A significant security flaw has been discovered in pgAdmin, the widely used open-source administration and development platform for PostgreSQL databases. The vulnerability, tracked as CVE-2025-9636, affects all pgAdmin versions up to and including 9.7, potentially allowing remote attackers to gain…