Collecting Cyber-News from over 60 sources

Tag: exploit

Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files

Jan 8, 2026 5:01 AM

Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerability

CVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…
Attackers Exploit Zero-Day in End-of-Life D-Link Routers

Jan 8, 2026 12:01 AM

Tags: exploit, flaw, hacker, router, zero-day

Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-exploit-zero-day-end-of-life-d-link-routers
Phishers Exploit Office 365 Users Who Let Their Guard Down

Jan 8, 2026 12:01 AM

Tags: exploit, microsoft, office, phishing

Microsoft said that Office 365 tenants with weak configurations and who don’t have strict anti-spoofing protection enabled are especially vulnerable. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/phishers-exploit-office-365-users-guard-down
Threat Actors Exploit Google Cloud Services to Steal Microsoft 365 Credentials

Jan 7, 2026 10:02 PM

Tags: cloud, credentials, cyber, cybersecurity, email, exploit, google, infrastructure, malicious, microsoft, phishing, service, threat

A sophisticated phishing campaign is exploiting Google Cloud infrastructure to bypass email security filters and steal Microsoft 365 credentials, demonstrating how attackers increasingly abuse trusted cloud platforms to lend legitimacy to their malicious activities. Cybersecurity researchers at Check Point have uncovered a large-scale operation targeting approximately 3,200 organizations, resulting in over 9,300 phishing emails over…
ToddyCat Malware Exploits ProxyLogon to Compromise Microsoft Exchange Servers

Jan 7, 2026 10:02 PM

Tags: cyber, espionage, exploit, group, malware, microsoft, risk, threat

ToddyCat, a sophisticated cyber-espionage threat group also known as Websiic and Storm-0247, has emerged as a significant risk to organizations across Europe and Asia. The group’s operations, which began in December 2020 by targeting Microsoft Exchange servers in Taiwan and Vietnam, have since evolved into complex, multi-stage campaigns that leverage advanced evasion techniques and specialized…
Critical RCE flaw allows full takeover of n8n AI workflow platform

Jan 7, 2026 9:02 PM

Tags: ai, api, attack, authentication, cloud, credentials, data, email, exploit, flaw, leak, LLM, password, rce, remote-code-execution, threat, vulnerability

formWebhook function used by n8n Form nodes to receive data doesn’t validate whether the Content-Type field of the POST request submitted by the user is set to multipart/form-data.Imagine a very common use case in which n8n has been used to build a chat interface that allows users to upload files to the system, for example,…
Bug in Open WebUI macht Kostenlos-Tool zur Backdoor

Jan 7, 2026 5:01 PM

Tags: access, ai, api, authentication, backdoor, cve, cyberattack, endpoint, exploit, mitigation, network, nvd, openai, remote-code-execution, risk, social-engineering, tool, update, vulnerability

Der Schweregrad des Bugs in Open WebUI wird als hoch eingestuft.Sicherheitsforschende von Cato Networks haben eine Schwachstelle in Open WebUI, einem selbstgehosteten Enterprise Interface für Large Language Models (LLM), entdeckt. Diese soll es externen Modell-Servern, die über das Feature ‘Direct Connections” eingebunden sind, ermöglichen, Schadcode einzuschleusen und KI-Workloads zu übernehmen.Das Problem, gekennzeichnet als CVE-2025-64496, beruht…
Misconfigured email routing enables internal-spoofed phishing

Jan 7, 2026 5:01 PM

Tags: email, exploit, phishing

Attackers exploit misconfigured email routing to spoof internal emails, using PhaaS platforms like Tycoon2FA to steal credentials. Attackers exploit misconfigured email routing and spoof protections to send phishing emails appearing internal, using PhaaS platforms like Tycoon2FA to steal credentials. >>Phishing actors are exploiting complex routing scenarios and misconfigured spoof protections to effectively spoof organizations’ domains…
Microsoft warns of a surge in phishing attacks exploiting email routing gaps

Jan 7, 2026 2:01 PM

Tags: access, attack, authentication, breach, control, defense, detection, dmarc, email, exploit, identity, infrastructure, mail, mfa, microsoft, password, phishing, service, spam, vulnerability

Hardening configurations can help: The disclosure emphasizes that proper configuration of mail authentication mechanisms is the most effective defense against this spoofing vector. Organizations are advised to adopt strict DMARC reject policies and enforce SPF hard fails so that unauthenticated mail claiming to be from their domains is rejected or safely quarantined.Additionally, recommendations include ensuring…
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

Jan 7, 2026 2:01 PM

Tags: automation, cloud, cve, cvss, exploit, flaw, open-source, rce, remote-code-execution, vulnerability

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system.”Under certain conditions, an authenticated user may be able to cause untrusted code to be…
Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Jan 7, 2026 12:01 PM

Tags: cve, exploit, flaw, hacker, rce, remote-code-execution, router, threat, vulnerability

Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’),…
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Jan 7, 2026 12:01 PM

Tags: 2fa, attack, email, exploit, microsoft, phishing, service, threat

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have been sent internally.”Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA,” the First…
Entsorgung empfohlen: Laufende Attacken auf DRouter über Zero-Day-Lücke

Jan 7, 2026 11:01 AM

Tags: exploit, router, update, zero-day

D-Link untersucht eine bisher ungepatchte Schadcode-Lücke in seinen Routern. Für einige betroffene Modelle wird es keinen Patch geben. First seen on golem.de Jump to article: www.golem.de/news/entsorgung-empfohlen-d-link-router-werden-ueber-zero-day-luecke-attackiert-2601-203887.html
Black Cat Hacker Group Uses Fake Notepad++ Websites to Distribute Malware and Steal Data

Jan 7, 2026 9:52 AM

Tags: backdoor, cyber, cyberattack, data, exploit, group, hacker, Internet, malware, software

A sophisticated cyberattack campaign orchestrated by the notorious >>Black Cat
Hackers Exploit Routing Misconfigurations to Successfully Spoof Organizations

Jan 7, 2026 9:52 AM

Tags: attack, authentication, cyber, cybercrime, email, exploit, hacker, phishing

Cybercriminals are exploiting complex routing scenarios and misconfigured email authentication protections to successfully spoof organizational domains, enabling them to deliver phishing emails that appear to originate from within targeted companies. The attack vector, which has seen increased activity since May 2025, leverages weaknesses in Domain-based Message Authentication, Reporting, and Conformance (DMARC) configurations and third-party email…
Entsorgung empfohlen: DRouter werden über Zero-Day-Lücke attackiert

Jan 7, 2026 9:52 AM

Tags: exploit, router, update, zero-day

D-Link untersucht eine bisher ungepatchte Schadcode-Lücke in seinen Routern. Für einige betroffene Modelle wird es keinen Patch geben. First seen on golem.de Jump to article: www.golem.de/news/entsorgung-empfohlen-d-link-router-werden-ueber-zero-day-luecke-attackiert-2601-203887.html
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Jan 7, 2026 6:52 AM

Tags: attack, cve, dns, endpoint, exploit, flaw, injection, rce, remote-code-execution, router, vulnerability

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.”An unauthenticated remote attacker can inject…
New D-Link flaw in legacy DSL routers actively exploited in attacks

Jan 6, 2026 9:52 PM

Tags: attack, exploit, flaw, injection, router, threat, vulnerability

Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/
Kimwolf Android botnet abuses residential proxies to infect internal devices

Jan 6, 2026 8:52 PM

Tags: android, botnet, exploit, malware, network, vulnerability

The Kimwolf botnet, an Android variant of the Aisuru malware, has grown to more than two million hosts, most of them infected by exploiting vulnerabilities in residential proxy networks to target devices on internal networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kimwolf-android-botnet-abuses-residential-proxies-to-infect-internal-devices/
NDSS 2025 HADES Attack: Understanding And Evaluating Manipulation Risks Of Email Blocklists

Jan 6, 2026 7:52 PM

Tags: attack, conference, dns, email, exploit, infrastructure, Internet, malicious, mitigation, network, risk, service, spam, technology

Session 8A: Email Security Authors, Creators & Presenters: Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)…
NDSS 2025 Exploiting the Complexity Of Modern CSS For Email And Browser Fingerprinting

Jan 6, 2026 7:52 PM

Tags: attack, conference, container, defense, email, exploit, Hardware, Internet, mobile, network, privacy, service, spy

Session 8A: Email Security Authors, Creators & Presenters: Leon Trampert (CISPA Helmholtz Center for Information Security), Daniel Weber (CISPA Helmholtz Center for Information Security), Lukas Gerlach (CISPA Helmholtz Center for Information Security), Christian Rossow (CISPA Helmholtz Center for Information Security), Michael Schwarz (CISPA Helmholtz Center for Information Security) PAPER Cascading Spy Sheets: Exploiting the Complexity…
The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 7:52 PM

Tags: access, ai, api, attack, breach, cloud, control, data, data-breach, exploit, flaw, infrastructure, jobs, LLM, risk, strategy, supply-chain, threat, tool, unauthorized, vulnerability, waf

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on “Prompt Injection” and “Model Poisoning,” a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).…
The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 7:52 PM

Tags: access, ai, api, attack, breach, cloud, control, data, data-breach, exploit, flaw, infrastructure, jobs, LLM, risk, strategy, supply-chain, threat, tool, unauthorized, vulnerability, waf

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on “Prompt Injection” and “Model Poisoning,” a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).…
How generative AI accelerates identity attacks against Active Directory

Jan 6, 2026 4:52 PM

Tags: ai, attack, credentials, exploit, identity, password, software

Generative AI is accelerating password attacks against Active Directory, making credential abuse faster and more effective. Specops Software explains how AI-driven cracking techniques exploit weak and predictable AD passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-generative-ai-accelerates-identity-attacks-against-active-directory/
Threat Actors Exploit Office Assistant to Deliver Malicious Mltab Browser Plugin

Jan 6, 2026 3:52 PM

Tags: ai, china, cyber, exploit, intelligence, malicious, malware, office, software, technology, threat

A sophisticated malware campaign has been discovered exploiting Office Assistant, a widely used AI-powered productivity software in China, to distribute a malicious browser plugin that hijacks user traffic and exfiltrates sensitive information. The RedDrip Team from QiAnXin Technology’s Threat Intelligence Center uncovered this operation, which has been active since at least May 2024 and has…
Threat Actors Exploit Commodity Loader in Targeted Email Campaigns Against Organizations

Jan 6, 2026 3:52 PM

Tags: attack, cyber, email, exploit, government, intelligence, threat

Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated, multi-stage attack campaign deploying a shared commodity loader across multiple threat actor groups. The operation demonstrates advanced operational security and represents a significant threat to manufacturing and government organizations in Italy, Finland, and Saudi Arabia. The campaign combines precision targeting with cutting-edge evasion techniques, utilizing…
Open WebUI bug turns the ‘free model’ into an enterprise backdoor

Jan 6, 2026 1:52 PM

Tags: access, api, authentication, backdoor, data, exploit, flaw, malicious, mitigation, network, nvd, remote-code-execution, risk, tool, update

Escalating to Remote Code Execution: The risk doesn’t stop at account takeover. If the compromised account has workspace.tools permissions, attackers can leverage that session token to push authenticated Python code through Open WebUI’s Tools API, which executes without sandboxing or validation.This turns a browser-level compromise into full remote code execution on the backend server. Once…
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?

Jan 6, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trust

AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…
Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Jan 6, 2026 8:52 AM

Tags: cve, exploit, flaw, update, vulnerability

Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server.Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting…
Why cybersecurity needs to focus more on investigation and less on just detection and response

Jan 5, 2026 10:52 PM

Tags: access, attack, breach, cyber, cyberattack, cybersecurity, data, defense, detection, exploit, network, resilience, risk, threat, tool, vulnerability

Investigation: Where the real insights lie: This is where investigation comes in. Think of investigation as the part where you understand the full story. It’s like detective work: not just looking at the footprints, but figuring out where they came from, who’s leaving them, and why they’re trying to break in in the first place.…