The heat is back on Wireless LAN Controllers (WLCs) running Cisco IOS XE after technical details of a recently disclosed max-severity exploit were made public. […]
Author: cyberbytes
CISA Alerts on ConnectWise ScreenConnect Authentication Vulnerability Actively Exploited
A critical improper authentication vulnerability has been discovered in ConnectWise ScreenConnect, tracked as CVE-2025-3935 and mapped to CWE-287 (Improper Authentication). This flaw affects all ScreenConnect […]
Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling […]
New Research Uncovers Strengths and Vulnerabilities in Cloud-Based LLM Guardrails
Cybersecurity researchers have shed light on the intricate balance of strengths and vulnerabilities inherent in cloud-based Large Language Model (LLM) guardrails. These safety mechanisms, designed […]
Hackers Abuse AI Tool Misconfigurations to Execute Malicious AI-Generated Payloads
A malicious threat actor has exploited a misconfigured instance of Open WebUI, a widely-used self-hosted AI interface with over 95,000 stars on GitHub, designed to […]
Beware: Fake Booking.com Sites Spread AsyncRAT Malware to Infect Devices
Cybercriminals have launched a devious campaign targeting users of gaming sites, social media platforms, and even sponsored ads by redirecting links to counterfeit Booking.com websites. […]
Splunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScript
Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The […]
The high cost of misconfigured DevOps: Global cryptojacking hits enterprises
A massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz […]
Splunk Universal Forwarder for Windows Flaw Grants Non-Admin Users Full Content Access
A critical security advisory (SVD-2025-0602) has been issued for Splunk Universal Forwarder for Windows, addressing a high-severity vulnerability (CVE-2025-20298) that exposes Windows systems to potential […]
Threat Actors Exploit DevOps Web Server Misconfigurations to Deploy Malware
Threat actors have increasingly turned their attention to exploiting misconfigurations in DevOps-managed web servers to deploy malicious payloads. Recent investigations into web server vulnerabilities reveal […]