Friday , July 10 2026

Alert

50K Cisco firewalls vulnerable to actively exploited flaws

admin

50k Cisco ASA and FTD devices on the internet are at risk due to two vulnerabilities being exploited by hackers. Flaws CVE-2025-20333 and CVE-2025-20362 allow remote code execution and access to restricted VPN URLs without authentication. On September 25, Cisco warned that the issues were actively exploited in attacks that …

Read More »

Hackers Exploiting New VMware Zero-Day Since October 2024

October 2024

A newly patched security flaw in Broadcom VMware Tools and VMware Aria Operations has been exploited by a threat actor named UNC5174 since mid-October 2024, according to NVISO Labs. The vulnerability identified as CVE-2025-41244 (CVSS score: 7.8) is a flaw that allows local privilege escalation, impacting the following versions – …

Read More »

CVE-2025-55177 and CVE-2025-43300
WhatsApp 0-Click Vuln Exploited Using Malicious DNG File

WhatsApp

Security researchers found a zero-click vulnerability in WhatsApp that lets remote code execution (RCE) on iOS, macOS, and iPadOS. The attack chain uses two vulnerabilities, CVE-2025-55177 and CVE-2025-43300, to compromise a device without user interaction. Researchers from DarkNavyOrg demonstrated a “zero-click” exploit that targets WhatsApp. This attack involves sending a …

Read More »

Cisco warns customer of ASA firewall zero-days exploited in attacks

firewall

Cisco warned customers to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company’s firewall software. The first one (CVE-2025-20333) allows authenticated, remote attackers to execute arbitrary code on devices running vulnerable Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software, while the second …

Read More »

Unpatched OnePlus vuln allows rogue app SMS access

SMS

A flaw in various versions of OnePlus’s OxygenOS lets any app access SMS data and metadata without needing permission or user consent. OnePlus is a Shenzhen-based tech company recognized for producing high-quality smartphones at affordable prices. Unlike other major Chinese brands like Huawei and Xiaomi, OnePlus phones are officially sold …

Read More »

Cisco IOS 0-Day RCE Vuln Actively Exploited in the Wild

Cisco IOS

Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its popular IOS and IOS XE software, which is currently under active exploitation. The flaw in the Simple Network Management Protocol (SNMP) can let remote attackers execute code or cause denial-of-service (DoS) on affected devices. The stack overflow vulnerability (CWE-121) exists in …

Read More »

Cisco Unveils New PlugX Backdoor Linked to Chinese APTs

PlugX

Cisco Talos researchers have discovered an ongoing espionage campaign since 2022, targeting telecom and manufacturing sectors in Central and South Asia. The campaign uses a new variant of the PlugX backdoor, closely related to the RainyDay and Turian malware families linked to Chinese-speaking APT groups. According to the report, “Cisco …

Read More »

IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

SIEM

A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. The flaw, identified as CVE-2025-0164, results from incorrect permission assignments and has a CVSS 3.1 score of 2.3 AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Incorrect Permission Assignment Flaw: The …

Read More »

AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

Villager

The Villager framework, an AI-powered penetration testing tool, integrates Kali Linux tools with DeepSeek AI to automate cyber attack processes. Developed by the Chinese group Cyberspike, it was released on the Python Package Index in July 2025 and quickly gained over 10,000 downloads in two months. Villager marks a major …

Read More »

CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

Samsung

Samsung released its monthly Android security updates, addressing a vulnerability exploited in zero-day attacks. CVE-2025-21043 (CVSS score: 8.8) is a vulnerability that allows an out-of-bounds write, potentially leading to arbitrary code execution. “Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,” Samsung …

Read More »