Researchers uncovered nine critical vulnerabilities in NVIDIA’s CUDA Toolkit, a cornerstone software suite for GPU-accelerated computing. These vulnerabilities, spanning the cuobjdump and nvdisasm utilities, expose developers to denial-of-service (DoS) attacks and information disclosure risks when analyzing maliciously crafted cubin files.…
Tag: Cyber Security News
Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data
A critical vulnerability (CVE-2025-1272) in Fedora Linux kernels starting at version 6.12 has disabled the kernel’s Lockdown Mode by default, potentially allowing attackers to bypass Secure Boot protections, load unsigned kernel modules, and access sensitive kernel memory regions. The regression,…
AWS Key Hunter – A Free Automated Tool to Detect Exposed AWS keys
AWS-Key-Hunter is an open-source tool released to automatically scan public GitHub repositories for exposed AWS access keys. The tool, which leverages continuous monitoring and Discord-based alerts, aims to mitigate risks associated with accidental credential leaks in version control systems. According to the…
Microsoft Admin Technical Guide to Block & Remove Apps on Endpoints
In response to growing regulatory requirements worldwide, Microsoft has published detailed technical guidance for Intune administrators on blocking and removing specific applications from managed endpoints. The guide focuses on compliance with international frameworks such as Australia’s Protective Security Policy Framework…
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware
The 360 Advanced Threat Research Institute has uncovered a sophisticated cyber espionage campaign orchestrated by the North Korean-linked threat actor APT-C-28, also known as ScarCruft or APT37. The group, active since 2012, has shifted tactics to employ fileless malware delivery…
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild
Microsoft has confirmed active exploitation of a critical elevation-of-privilege vulnerability (CVE-2025-24989) in its Power Pages platform, a low-code tool organizations use to build business websites. The vulnerability, which allowed unauthorized attackers to bypass registration controls and escalate network privileges, underscores…
Ghost Ransomware Compromised Organisations Across 70+ Countries – CISA & FBI Warns
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning of widespread attacks by the Ghost ransomware group, which has compromised over 70 organizations across critical sectors globally. Operating under aliases…
NSA Added New Features to Supercharge Ghidra 11.3
The National Security Agency (NSA) has unveiled Ghidra 11.3, a transformative update to its open-source Software Reverse Engineering (SRE) framework, delivering advanced debugging tools, accelerated emulation, and modernized integrations for cybersecurity professionals. This version introduces critical enhancements tailored for kernel-level…
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges
Symantec, a division of Broadcom, has addressed a critical security flaw (CVE-2025-0893) in its Diagnostic Tool (SymDiag) that could allow attackers to escalate privileges on affected systems. The vulnerability, which impacted SymDiag versions prior to 3.0.79, received a CVSSv3 score…
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges
Microsoft has addressed a critical vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) in the February 2025 Patch Tuesday security updates. Tracked as CVE-2025-21420, the vulnerability has a CVSS rating of 7.8 and could allow a threat actor to gain…