At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. […]
Author: cyberbytes
GitHub secrets: Deleted files still pose risks
Deleted files within public GitHub repositories could still be exposing secrets like API keys, tokens, and credentials, if threat actors knew where and how to […]
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. […]
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 […]
NVIDIA NeMo Vulnerability Enables Remote Exploits
NVIDIA has issued an urgent security advisory addressing three high-severity vulnerabilities in its NeMo Framework, a platform widely used for developing AI-powered applications. The flaws, […]
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. “This addition […]
Commvault RCE Vulnerability Exploited—PoC Released
Enterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in […]
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
Cisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP’s SSH server. The flaw, tracked […]
Trotz Back-Up: 86 Prozent der Unternehmen zahlen Lösegeld
80 Prozent der Cyberangriffe beginnen mit kompromittierten Zugangsdaten und einem Active Directory. Andrey_Popov – shutterstock.com Cybertools um sich gegen Angriffe zu wappnen, werden genauso wie […]
Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
Security researcher Alessandro Sgreccia (aka “rainpwn”) has revealed a set of critical vulnerabilities in Zyxel’s USG FLEX-H firewall series that enable remote code execution (RCE) […]