Cybersecurity researchers have discovered a sophisticated malware campaign targeting WordPress websites. This campaign uses the installation of a backdoor, allowing hackers to execute remote code. The malware spreads through the mu-plugins directory, giving attackers full system compromise, data theft, and…
Cybersecurity researchers have discovered a new malware (backdoor) written in the Go programming language. This malicious software uses the Telegram messenger as a command and control (C2) channel. Although still under development, it is already fully functional and capable of…
A critical SQL injection vulnerability has been identified in Apache Fineract, an open-source software widely used in financial services. This vulnerability, tracked as CVE-2024-32838, affects versions 1.4 to 1.9 and has a CVSS score of 9.4, indicating a highly severe…
Recent cybersecurity research has revealed that the Chinese state-backed hacker group “Salt Typhoon” (also known as “RedMike”) compromised more than 1,000 vulnerable Cisco devices worldwide between December 2024 and January 2025, exploiting them for their operations. This cyber-espionage campaign primarily…
Cybersecurity researchers have discovered a high-risk vulnerability in the AMD Ryzen™ Master Utility software. Identified as CVE-2024-21966, this flaw allows attackers to execute malicious code on a system and escalate their privileges. This vulnerability is classified as DLL Hijacking and…
Recently, cybersecurity researchers discovered a critical SQL injection vulnerability in PostgreSQL’s interactive terminal tool, psql. This vulnerability, identified as CVE-2025-1094, allows attackers to remotely execute arbitrary code. This flaw was uncovered during the analysis of CVE-2024-12356, a remote code execution…
One of the world’s most popular file archiving programs, WinZip, has been found to contain a critical security vulnerability. Designated as CVE-2025-1240, this vulnerability enables attackers to execute arbitrary code remotely using malicious 7Z archive files. This vulnerability has received…
The ZeroLogon exploit is currently one of the most dangerous cyber threats used by malicious actors to attack Microsoft Active Directory environments. This exploit is registered under the identifier CVE-2020-1472 and poses a serious risk to Microsoft domain controllers. The…
Recently, cybersecurity experts have discovered a critical vulnerability in SonicWall firewalls. The vulnerability, identified as CVE-2024-53704, allows attackers to hijack SSL VPN sessions and gain unauthorized access. This vulnerability affects SonicOS versions 7.1.x (7.1.1-7058 and earlier), 7.1.2-7019, and 8.0.0-8035. Attackers…
Recently, cybersecurity specialists have discovered a critical vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) in Windows operating systems. This vulnerability, designated as CVE-2025-21376, enables attackers to execute arbitrary code remotely. The most dangerous aspect of this…