Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Aruba Networking ClearPass Policy Manager (CPPM), a widely used network access control solution. These flaws, if exploited, could lead to arbitrary code execution, privilege escalation, and sensitive data exposure.…
Tag: Cyber Security News
DeepSeek iOS App Sending Data Unencrypted to ByteDance Controlled Server
Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and national security risks. The app, which has been the top iOS download since January 25, 2025, transmits sensitive user data unencrypted to servers controlled by…
Dell Update Manager Plugin Vulnerability Let Hackers Access Sensitive Data
Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin (UMP), which could allow attackers to exploit sensitive data through improper neutralization of HTML tags in web pages. This vulnerability, identified as CVE-2025-22402, has been…
Ex-Google Engineer Charged for Stealing AI Secrets to China
In a groundbreaking case highlighting the intersection of technology and national security, a federal grand jury has indicted Linwei Ding, also known as Leon Ding, on four counts of theft of trade secrets. The charges allege that Ding, a former…
Logsign Vulnerability Remote Attackers to Bypass Authentication
A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps Platform, a widely used software for security operations. This flaw, rated with a CVSS score of 9.8, poses a critical threat, allowing remote attackers to…
Hackers Exploiting DeepSeek & Qwen AI Models To Develop Malware
Hackers have begun leveraging the capabilities of DeepSeek and Qwen AI models to create sophisticated malware. These models, known for their advanced language processing capabilities, have attracted the attention of cybercriminals due to their potential for generating malicious content with…
Hackers Exploited 3,000+ ASP.NET Keys To Execute Code on IIS Server Remotely
A recent security incident has revealed that over 3,000 publicly disclosed ASP.NET machine keys were exploited by hackers to execute remote code on IIS servers. This attack utilized ViewState code injection techniques, allowing malicious actors to gain unauthorized access and…
Splunk Unveils a New AI Based Honeypot “DECEIVE” to Log Attacker Activities
Splunk, a leader in data analytics and cybersecurity solutions, has introduced a groundbreaking proof-of-concept honeypot system named DECEIVE (DECeption with Evaluative Integrated Validation Engine). This AI-powered tool is designed to simulate high-interaction systems with minimal setup effort, offering organizations an…
7-Zip Vulnerability Actively Exploited in The Wild in Attacks – CISA Adds Its Catalog
A critical vulnerability in the popular file archiving tool 7-Zip (CVE-2025-0411) has been actively exploited in the wild, primarily targeting Ukrainian organizations, added to CISA’s known exploited vulnerability database. This flaw allows attackers to bypass Windows’ Mark-of-the-Web (MoTW) security feature,…
Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks – CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413. This remote code execution (RCE) flaw, discovered by Check Point researcher Haifei…