A critical security vulnerability in the widely used Linux Sudo utility has been disclosed, allowing any local unprivileged user to escalate privileges to root access. Summary1. CVE-2025-32463 affects Sudo versions 1.9.14-1.9.17, enabling privilege escalation to root.2. Exploitation uses the chroot…
Tag: Cyber Security News
Top 20 Best Endpoint Management Tools – 2025
Endpoint management is now a cornerstone of modern IT operations, enabling organizations to secure, monitor, and optimize devices across diverse environments. As hybrid and remote work models continue to expand, the need for robust endpoint management tools is greater than…
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Defense Cyber Crime Center, and National Security Agency, has issued an urgent warning regarding potential cyber attacks by Iranian-affiliated actors targeting U.S. critical infrastructure. Despite ongoing ceasefire…
Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code – Patch Now
Google has issued an urgent security update for Chrome browser users worldwide, addressing a critical zero-day vulnerability that is actively being exploited by cybercriminals. The high-severity flaw, designated CVE-2025-6554, allows attackers to execute arbitrary code on affected systems through a…
Hackers Use .PIF Files and UAC Bypass to Drop Remcos Malware on Windows
A sophisticated new phishing campaign has emerged, leveraging obsolete Windows file formats and advanced evasion techniques to distribute the notorious Remcos Remote Access Trojan. The attack chain employs DBatLoader as its primary delivery mechanism, utilizing a combination of User Account…
2100+ Citrix Servers Vulnerable to Actively Exploited Bypass Authentication Vulnerability
Over 2,100 vulnerable Citrix NetScaler servers remain exposed to active exploitation, despite patches being available for critical vulnerabilities that allow attackers to bypass authentication mechanisms and steal session tokens. Cybersecurity firm ReliaQuest has issued warnings about active exploitation of two…
RIFT – New Open-Source Tool From Microsoft to Analyze Malware Hidden Within Rust Binaries
Microsoft has released RIFT (Rust Identification and Function Tagging), a groundbreaking open-source tool designed to help cybersecurity analysts identify and analyze malware concealed within Rust binaries. The cybersecurity community has witnessed a significant shift toward Rust-based malware development over the…
Multiple Critical Vulnerabilities in D-Link Routers Let Attackers Execute Arbitrary Code Remotely
Multiple critical vulnerabilities in D-Link router models could allow remote attackers to execute arbitrary code and gain unauthorized access to the network infrastructure. The vulnerabilities affect all hardware revisions and firmware versions of the non-US DIR-816 models, which have now…
Threat Actors Weaponizing Facebook Ads to Deliver Malware and Stealing Wallet Passwords
Cybercriminals have launched a sophisticated campaign exploiting Facebook’s advertising platform to distribute malware and steal cryptocurrency wallet credentials, targeting users worldwide through deceptive Pi Network-themed advertisements. The malicious operation, which began on June 24, 2025, coincides with the Pi2Day celebration…
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest…