Security

Development

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

April 7, 2025

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers…

Development

Australian Organisations Urged to Patch Ivanti Products Amid Exploited RCE Vulnerability

April 7, 2025

On April 3, 2025, Ivanti disclosed an unauthenticated buffer overflow vulnerability tracked as CVE-2025-22457, affecting multiple Ivanti products. Australian organizations…

Development

Social Media Flooded with Ghibli AI Images—But What Are We Really Feeding the Algorithms?

April 7, 2025

Scroll through Instagram, TikTok, or Twitter, and you’ll see them everywhere—stunning AI-generated images that transform everyday selfies into Studio Ghibli-inspired…

Development

Fast Flux is the New Cyber Weapon—And It’s Hard to Stop, Warns CISA

April 7, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI),…

Development

Security Theater: Vanity Metrics Keep You Busy – and Exposed

April 7, 2025

After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I’ve…

Development

⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More

April 7, 2025

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the…

Development

AI Turned My Face Into a Cartoon—Hackers Turned It Into a Weapon

April 7, 2025

What started as an innocent trend—turning selfies into adorable “Studio Ghibli-style AI images”—has now taken a sinister turn. AI-powered tools,…

King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors

April 7, 2025

A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts…

Development

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

April 5, 2025

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws…

Development

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

April 5, 2025

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by…

Development

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

April 5, 2025

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.…

Development

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

April 4, 2025

A maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a…

Development

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

April 4, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against…

Development

OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers

April 4, 2025

A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to…

Development

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

April 4, 2025

Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation…

Development

AustralianSuper, Rest, ART Among Victims in Widespread Superannuation Cyberattacks

April 4, 2025

A series of cyberattack have impacted some of Australia’s largest superannuation funds, likely compromising over 20,000 member accounts. The authorities…

Development

Have We Reached a Distroless Tipping Point?

April 4, 2025

There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A…

Development

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

April 4, 2025

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files”…

Development

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

April 3, 2025

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. “These campaigns…

HellCat ransomware: what you need to know

April 3, 2025

HellCat – the ransomware gang that has been known to demand payment… in baguettes! Are they rolling in the dough?…

Highlights

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

June 27, 2025

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

IBM has issued a security alert regarding a high-severity vulnerability—CVE-2025-36038—affecting WebSphere Application Server versions 8.5 and 9.0. With a CVSS base score of 9.0, this flaw could allow …
Read more

Published Date:
Jun 27, 2025 (3 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-36038

CVE-2022-34165