The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on March 4, 2025, adding three critical VMware vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. The vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 allow attackers…
Tag: Cyber Security News
Microsoft To Remove DES Encryption from Windows 11 24H2 & Windows Server 2025
Microsoft has announced plans to enhance security measures by removing the Data Encryption Standard (DES) encryption algorithm from Kerberos authentication in upcoming Windows releases. This security change will affect Windows Server 2025 and Windows 11 version 24H2 computers after they…
Vim Editor Vulnerability Exploited Via TAR Files to Trigger Code Execution
The Vim text editor vulnerability CVE-2025-27423 is a high-severity issue that allows for arbitrary code execution via malicious TAR archives. Affecting Vim versions prior to 9.1.1164, this flaw in the bundled tar.vim plugin exposes users to potential command injection attacks…
Telegram EvilVideo Vulnerability Exploited to Execute Malicious Code on Victim Device
A critical evolution of the CVE-2024-7014 vulnerability, originally patched in July 2024, has resurfaced with updated tactics to bypass security measures. Dubbed Evilloader, this new exploit leverages Telegram’s multimedia handling mechanisms to execute malicious JavaScript code by disguising .htm files…
NVIDIA Warns of Multiple Vulnerabilities that Let Attackers Execute Malicious Code
NVIDIA has issued urgent security advisories addressing multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing (HMC) platforms, including a high-severity flaw (CVE-2024-0114, CVSS 8.1) that permits unauthorized code execution, privilege escalation, and systemic data compromise. A secondary medium-severity vulnerability…
Zoho ADSelfService Plus Vulnerability Let Attackers Gain Unauthorized Access
Zoho has patched a high-severity vulnerability (CVE-2025-1723) in its ADSelfService Plus software, a widely used self-service password management and single sign-on solution. The flaw, discovered in builds 6510 and earlier, could enable attackers to bypass authentication safeguards and access sensitive…
HPE Remote Support Tool Vulnerability Let Attackers Execute Arbitrary code – PoC Released
A newly disclosed vulnerability in Hewlett Packard Enterprise’s (HPE) Insight Remote Support tool enables unauthenticated attackers to execute arbitrary code on vulnerable systems, with proof-of-concept (PoC) exploit code now publicly available. Tracked as CVE-2024-53676, this critical remote code execution (RCE)…
GrassCall Malware Attacking Job Seekers To Steal Login Credentials
A sophisticated malware campaign named “GrassCall” was detected that specifically targets job seekers through deceptive tactics. The campaign, attributed to the threat group known as Crazy Evil, has been actively exploiting job hunters’ vulnerability by luring them with fake employment…
Researchers Detailed APT28’s HTA Trojan Multi-Layer Obfuscation Techniques
A security researcher known as “Seeker” has published an in-depth analysis of advanced obfuscation techniques employed by APT28, a threat actor known for sophisticated cyber espionage operations. The report provides a comprehensive examination of a heavily obfuscated HTA Trojan used…
Chrome 134 Released, Fixes 14 Vulnerabilities That Could Crash the Browser
Google has rolled out Chrome 134 to the stable channel, delivering critical security updates that resolve 14 vulnerabilities, including high-severity flaws that could enable browser crashes, data leaks, or arbitrary code execution. The update (versions 134.0.6998.35 for Linux, 134.0.6998.35/36 for…