News - Page 16 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Firefox 135.0.1 Released: High-Severity Security Vulnerabilities Fixed

Mozilla has released Firefox 135.0.1 to protect users from potential Remote Code Execution (RCE) attacks. This update addresses a critical security vulnerability (CVE-2025-1414) that could have compromised systems and exposed user data. This vulnerability is classified as CWE-119 (Memory Corruption)…

News

A Newly Discovered WordPress Vulnerability Puts 90,000 Websites at Risk

A critical security flaw in the Jupiter X Core plugin for WordPress has been identified, potentially exposing over 90,000 websites to Local File Inclusion (LFI) and Remote Code Execution (RCE) attacks. This vulnerability, tracked as CVE-2025-0366, has been assigned a…

News

Lumma InfoStealer Malware Identified as a Threat to Educational Institutions

🔴 Cybercriminals Are Targeting the Education Sector! As cybersecurity challenges continue to grow in complexity, a new threat has emerged—Lumma InfoStealer, a malicious software (malware) designed to target educational institutions. This malware spreads through infected PDF documents, disguised as legitimate…

News

How can I protect myself from attacks carried out through dangerous vulnerabilities identified in OpenSSH?

Cybersecurity researchers have identified two serious vulnerabilities in OpenSSH, a widely used protocol for secure network communication. These vulnerabilities, discovered by specialists at Qualys Threat Research Unit (TRU), have been registered as CVE-2025-26465 and CVE-2025-26466. These flaws allow attackers to…

News

Hidden Malware on WordPress Websites: Threats and Protection Measures

Cybersecurity researchers have discovered a sophisticated malware campaign targeting WordPress websites. This campaign uses the installation of a backdoor, allowing hackers to execute remote code. The malware spreads through the mu-plugins directory, giving attackers full system compromise, data theft, and…

News

New Go-Based Malware Controlled via Telegram Identified

Cybersecurity researchers have discovered a new malware (backdoor) written in the Go programming language. This malicious software uses the Telegram messenger as a command and control (C2) channel. Although still under development, it is already fully functional and capable of…

News

Critical SQL Injection Vulnerability in Apache Fineract Threatens Financial Systems

A critical SQL injection vulnerability has been identified in Apache Fineract, an open-source software widely used in financial services. This vulnerability, tracked as CVE-2024-32838, affects versions 1.4 to 1.9 and has a CVSS score of 9.4, indicating a highly severe…

News

RedMike Hackers Breached 1000+ Cisco Devices and Gained Admin Access

Recent cybersecurity research has revealed that the Chinese state-backed hacker group “Salt Typhoon” (also known as “RedMike”) compromised more than 1,000 vulnerable Cisco devices worldwide between December 2024 and January 2025, exploiting them for their operations. This cyber-espionage campaign primarily…

News

AMD Ryzen DLL Hijacking Vulnerability Allows Attackers to Execute Arbitrary Code

Cybersecurity researchers have discovered a high-risk vulnerability in the AMD Ryzen™ Master Utility software. Identified as CVE-2024-21966, this flaw allows attackers to execute malicious code on a system and escalate their privileges. This vulnerability is classified as DLL Hijacking and…

News

PostgreSQL Terminal Tool Vulnerability Allows Remote Code Execution

Recently, cybersecurity researchers discovered a critical SQL injection vulnerability in PostgreSQL’s interactive terminal tool, psql. This vulnerability, identified as CVE-2025-1094, allows attackers to remotely execute arbitrary code. This flaw was uncovered during the analysis of CVE-2024-12356, a remote code execution…