The UK’s National Cyber Security Centre (NCSC) and international partners have issued urgent advisories warning about sophisticated spyware targeting specific communities globally. The malware variants, identified as MOONSHINE and BADBAZAAR, are being deployed in surveillance campaigns against Uyghur, Tibetan, and…
Tag: Cyber Security News
Apache mod_auth_openidc Vulnerability Exposes Protected Content to Unauthenticated Users
A significant security vulnerability in Apache’s mod_auth_openidc module has been discovered that could allow unauthorized access to protected web resources. The flaw, tracked as CVE-2025-31492 and rated 8.2 on the CVSSv4 scale, affects widely deployed OpenID Connect authentication systems and…
AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code
A critical vulnerability in the AWS Systems Manager (SSM) Agent that could allow attackers to execute arbitrary code with elevated privileges. The vulnerability, stemming from improper input validation within the ValidatePluginId function, affects a core component used to manage EC2…
CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability in CrushFTP file transfer software to its Known Exploited Vulnerabilities (KEV) Catalog. Designated as CVE-2025-31161, this vulnerability is actively being exploited in the wild, posing significant…
Top 11 Best SysAdmin Tools in 2025
The SysAdmin tools streamline IT infrastructure management by automating routine tasks, monitoring system performance, and ensuring the efficient operation of networks and servers. They offer comprehensive monitoring capabilities, allowing SysAdmins to monitor system health, network traffic, and application performance in…
Chrome Use After Free Vulnerability Let Attackers Execute Remote Code
Google has released an urgent security update for its Chrome browser addressing a critical “Use After Free” vulnerability in the browser’s Site Isolation feature. The high-severity Vulnerability tracked as CVE-2025-3066 could allow attackers to execute arbitrary code on affected systems,…
Windows CLFS Zero-Day Vulnerability Actively Exploited by Ransomware Group
A critical zero-day vulnerability in the Windows Common Log File System (CLFS) has been uncovered and is being actively exploited by a ransomware group. The vulnerability Tracked as CVE-2025-29824, this elevation of privilege flaw has been targeted in attacks against…
Windows Common Log File System 0-Day Vulnerability Exploited in the Wild
A critical zero-day vulnerability in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824, has been actively exploited in the wild. This security flaw allows attackers to elevate privileges to SYSTEM level, posing a significant risk to affected…
Microsoft Patch Tuesday April 2025 – 121 Vulnerabilities Fixed Including Actively Exploited Zero-Day
Microsoft’s April 2025 Patch Tuesday update has arrived, delivering critical fixes for 121 security vulnerabilities across its broad suite of software products. This month’s update addresses a significant array of threats, including elevation of privilege, remote code execution, and a…
Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
Fortinet has disclosed and addressed multiple vulnerabilities across its product suite, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. These vulnerabilities range from improper output neutralization for logs to unverified password changes and insufficiently protected credentials. The company has…