Tag: flaw
-
Hackers Exploit Triofox 0-Day to Deploy Malicious Payloads Using Anti-Virus Feature
Tags: authentication, cyber, cybersecurity, defense, exploit, flaw, hacker, malicious, mandiant, threat, virus, vulnerability, zero-dayCybersecurity researchers from Mandiant Threat Defense have uncovered a critical zero-day vulnerability in Gladinet’s Triofox file-sharing platform that allowed attackers to bypass authentication and execute malicious code with system-level privileges. The vulnerability, tracked as CVE-2025-12480, was actively exploited by the threat actor group UNC6485 as early as August 24, 2025. The flaw affected Triofox version 16.4.10317.56372 and has…
-
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform.The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads. The First seen…
-
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/
-
Denmark and Norway investigate Yutong bus security flaw amid rising tech fears
Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urgently probing a security vulnerability in Chinese-made Yutong electric buses, raising concerns about Western dependence on Chinese technology. The issue highlights growing European fears that…
-
Denmark and Norway investigate Yutong bus security flaw amid rising tech fears
Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urgently probing a security vulnerability in Chinese-made Yutong electric buses, raising concerns about Western dependence on Chinese technology. The issue highlights growing European fears that…
-
Louvre Museum’s Camera Network Password Was Reportedly Just “Louvre”
Louvre Museum’s surveillance network reportedly used the password “Louvre,” exposing major cybersecurity and human flaws after an Euro88 million jewel theft. First seen on hackread.com Jump to article: hackread.com/louvre-museums-security-camera-louvr-password/
-
Louvre Museum’s Camera Network Password Was Reportedly Just “Louvre”
Louvre Museum’s surveillance network reportedly used the password “Louvre,” exposing major cybersecurity and human flaws after an Euro88 million jewel theft. First seen on hackread.com Jump to article: hackread.com/louvre-museums-security-camera-louvr-password/
-
Louvre Museum’s Camera Network Password Was Reportedly Just “Louvre”
Louvre Museum’s surveillance network reportedly used the password “Louvre,” exposing major cybersecurity and human flaws after an Euro88 million jewel theft. First seen on hackread.com Jump to article: hackread.com/louvre-museums-security-camera-louvr-password/
-
Runtime bugs break container walls, enabling root on Docker hosts
Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
-
Runtime bugs break container walls, enabling root on Docker hosts
Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
-
Runtime bugs break container walls, enabling root on Docker hosts
Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
-
Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover
Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately. First seen on hackread.com Jump to article: hackread.com/monsta-ftp-flaw-web-servers-open-server-takeover/
-
Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover
Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately. First seen on hackread.com Jump to article: hackread.com/monsta-ftp-flaw-web-servers-open-server-takeover/
-
LangGraph Deserialization Flaw Enables Execution of Malicious Python Code
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component, which is the default serialization protocol used for all checkpointing operations. This vulnerability (CVE-2025-64439) allows attackers to execute arbitrary Python code during the deserialization of malicious payloads. Attribute Details CVE…
-
LangGraph Deserialization Flaw Enables Execution of Malicious Python Code
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component, which is the default serialization protocol used for all checkpointing operations. This vulnerability (CVE-2025-64439) allows attackers to execute arbitrary Python code during the deserialization of malicious payloads. Attribute Details CVE…
-
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts
Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed…
-
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts
Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed…
-
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts
Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed…
-
Monsta FTP Remote Code Execution Flaw Being Exploited in the Wild
Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual users worldwide. The flaw, now tracked as CVE-2025-34299, affects versions up to 2.11.2 and allows attackers to execute arbitrary code on vulnerable servers without authentication. CVE ID Vulnerability Type Affected…
-
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025. The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities addressed by the company…
-
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025. The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities addressed by the company…
-
Dangerous runC flaws could allow hackers to escape Docker containers
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers/
-
Week in review: Cisco fixes critical UCCX flaws, November 2025 Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Securing real-time payments without slowing them down In this Help Net … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/09/week-in-review-cisco-fixes-critical-uccx-flaws-november-2025-patch-tuesday-forecast/
-
Balancer hack analysis and guidance for the DeFi ecosystem
Tags: access, attack, blockchain, control, crypto, exploit, finance, flaw, guide, intelligence, monitoring, oracle, radius, risk, software, strategy, threat, tool, update, vulnerabilityTL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years. When the bug was first introduced, the threat landscape of the blockchain ecosystem was significantly different, and arithmetic issues in particular were not widely considered likely vectors for exploitation. As low-hanging attack paths…
-
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
-
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
-
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks
A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy LANDFALL spyware on Galaxy devices in Middle East attacks. >>Unit 42 researchers have uncovered a…
-
Samsung Zero-Day Flaw Exploited by ‘Landfall’ Spyware
Spyware Targets Samsung Galaxy Devices, Says Unit 42. Hackers used previously unknown commercial spyware dubbed Landfall to surveil the activities of Samsung Galaxy device owners in the Middle East, say security researchers who posit the threat actor has connections to the United Arab Emirates. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/samsung-zero-day-flaw-exploited-by-landfall-spyware-a-29963
-
Previously unknown Landfall spyware used in 0-day attacks on Samsung phones
‘Precision espionage campaign’ began months before the flaw was fixed First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/landfall_spyware_samsung_0days/
-
Cisco Warns of Active Exploitation of ASA and FTD 0-Day Vulnerability
Cisco warns that hackers are actively exploiting a 0-day flaw in its firewall software, putting unpatched systems at risk of full compromise. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-warns-of-active-exploitation-of-asa-and-ftd-0-day-vulnerability/