Ivanti has issued urgent security updates for its Workspace Control platform after discovering three high-severity vulnerabilities that could allow attackers to decrypt stored SQL credentials. The company released patches addressing these security flaws, which affect versions 10.19.0.0 and earlier of…
Tag: Cyber Security News
Windows Security Best Practices – Protecting Active Directory Environments
Active Directory (AD) serves as the backbone of enterprise authentication and authorization, making it a prime target for cybercriminals. According to Microsoft’s Digital Defense Report 2022, 98% of organizations hit by cyberattacks had no privilege isolation in Active Directory via…
Canva Creators’ Data Exposed Via AI Chatbot Company Database
A significant data breach involving personal information from hundreds of Canva Creators program participants, exposed through an unsecured AI chatbot database operated by a Russian company. The incident highlights emerging security vulnerabilities in the rapidly expanding artificial intelligence supply chain.…
ISPConfig Vulnerability Allows Privilege Escalation to Superadmin and PHP Code Injection
A critical security vulnerability has been discovered in ISPConfig version 3.2 build 12p1 that allows authenticated remote users to escalate their privileges to superadmin status and subsequently execute arbitrary PHP code on affected systems. The vulnerability, identified by an independent…
‘Librarian Ghouls’ APT Group Actively Attacking Organizations To Deploy Malware
The cybersecurity landscape continues to face persistent threats from sophisticated Advanced Persistent Threat (APT) groups, with one particularly active campaign drawing significant attention from security researchers. The Librarian Ghouls APT group, also operating under the aliases “Rare Werewolf” and “Rezet,”…
Critical Vulnerability in Lovable’s Security Policies Let Attackers Inject Malicious Code
A severe security vulnerability, designated as CVE-2025-48757, has been discovered in Lovable’s implementation of Row Level Security (RLS) policies, allowing attackers to bypass authentication controls and inject malicious data into applications built on the platform. The vulnerability, first identified on…
DanaBot Malware C2 server Vulnerability Exposes Threat Actor Usernames & Crypto Keys
A critical memory leak vulnerability in the DanaBot malware’s command and control infrastructure has exposed sensitive operational data belonging to cybercriminals, revealing threat actor identities, cryptographic keys, and victim information spanning nearly three years of malicious operations. The vulnerability, dubbed…
84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks
A critical security vulnerability affecting Roundcube webmail installations has exposed over 84,000 systems worldwide to remote code execution attacks. The vulnerability, tracked as CVE-2025-49113, allows authenticated users to execute arbitrary code remotely, presenting a significant security risk to organizations relying…
ManageEngine Exchange Reporter Plus Vulnerability Allows Remote Code Execution
A severe security vulnerability has been identified in ManageEngine Exchange Reporter Plus that could allow attackers to execute arbitrary commands on target servers. Designated as CVE-2025-3835, this critical remote code execution vulnerability affects all Exchange Reporter Plus installations with build…
CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild. The vulnerability, tracked as CVE-2025-32433, enables attackers to achieve unauthenticated remote code execution on affected systems, prompting its…