Npav Lab - Page 42

Critical Windows Remote Desktop Services Vulnerability CVE-2025-32710 Allows Remote Code Execution

Posted: June 12, 2025

Categories: vulnerability, Windows

Tags: windows server updates, windows remote desktop services, use-after-free vulnerability, system compromise, security vulnerability, remote code execution, race condition, microsoft security patch, endpoint protection, cve-2025-32710

Author: Npav Lab

A critical vulnerability in Windows Remote Desktop Services (CVE-2025-32710) enables unauthorized remote code execution. Learn about affected systems, security updates, and mitigation strategies.

Adobe Releases Security Update Fixing 254 Vulnerabilities in AEM and Other Products

Posted: June 11, 2025

Categories: Security, Products, Updates, vulnerability

Tags: xss vulnerabilities, vulnerabilities, substance 3d sampler, software security, privilege escalation, magento open source, cve-2025-47110, cross-site scripting, code execution flaws, aem vulnerabilities, adobe security update, adobe incopy, adobe experience manager, adobe commerce

Author: Npav Lab

Adobe has issued a security update addressing 254 vulnerabilities, primarily affecting Adobe Experience Manager. Learn about the critical flaws and how to protect your software.

Fake Instagram Growth Tool "imad213" Steals Credentials: Malware Alert!

Posted: June 11, 2025

Categories: Malware Alerts, Cyber Attack, Data Breach, Instagram

Tags: socialmedia, security, phishing, malware, instagram, infosec, imad213, hacking, growthtool, cybersecurity, credentialtheft

Author: Npav Lab

A new malware campaign disguised as an Instagram growth tool is stealing login credentials. Learn how "imad213" works and how to protect your account.

FIN6 Leverages Fake LinkedIn Resumes & AWS to Spread More_eggs Malware

Posted: June 11, 2025

Categories: Ransomware, Malware Alerts, Cyber Attack, vulnerability, LinkedIn

Tags: recruiters, phishing campaign, malware via linkedin, malware, linkedin resumes, fin6, aws

Author: Npav Lab

FIN6 cybercrime group uses fake resumes hosted on AWS to deliver More_eggs malware via LinkedIn. Learn how they target recruiters and evade detection.

China-Linked Cyber Espionage Group Targets 70+ Organizations

Posted: June 10, 2025

Categories: Ransomware, Security, Malware Alerts, Cyber Attack, Data Backup, Data Breach, Spyware

Tags: unc5174, purplehaze, cyber espionage group, china cyber espionage, apt15

Author: Npav Lab

Discover how a China-linked cyber espionage group, including APT15 and UNC5174, targeted over 70 organizations across government, media, and other sectors. Learn about the malware used, including ShadowPad and GoReShell, and the exploited vulnerabilities.

Sensata Technologies Ransomware Attack 2025: Data Breach, Operations Impact, and Response

Posted: June 10, 2025

Categories: Ransomware, Cyber Attack, Data Breach, Phishing, Website hacks

Tags: sensata technology building, sensata technologies, pii, maine, data breach, cybersecurity, cyber security security vulnerability, breach notification

Author: Npav Lab

Learn about the ransomware attack on Sensata Technologies, a leading industrial tech firm. Discover how the breach impacted operations, compromised customer data, and the company's response, including credit monitoring for affected individuals.

Google Account Recovery Vulnerability Exposes Users' Phone Numbers to Attackers

Posted: June 10, 2025

Categories: Google, Cyber Attack, Data Breach, Browser Hijack, vulnerability

Tags: user data protection, phone number exposure, legacy system vulnerabilities, google security breach, google account recovery vulnerability, cybersecurity threats, cve google security flaw, brute-force attack on google

Author: Npav Lab

Learn about a critical vulnerability in Google's account recovery system that allowed attackers to access any user's phone number through a brute-force attack, highlighting the importance of security audits for legacy systems.

Wazuh Server Vulnerability Exploited by Two Distinct Botnets for Mirai-Based DDoS Attacks

Posted: June 10, 2025

Categories: Security, Cyber Attack, Botnet, vulnerability, DDoS

Tags: wazuh server vulnerability, remote code execution vulnerabilities, mirai botnet attacks, iot security vulnerabilities, ddos attacks, cybersecurity threats, cve-2025-24016, botnet exploitation

Author: Npav Lab

Discover how two separate botnets exploit the critical Wazuh Server vulnerability (CVE-2025-24016) to launch Mirai-based DDoS attacks, targeting IoT devices and highlighting the urgency of cybersecurity measures.

OpenAI Bans ChatGPT Accounts Linked to Russian, Iranian, and Chinese Hacker Groups: A Deep Dive into Cyber Threats

Posted: June 09, 2025

Categories: Security, Cyber Attack, Securty Tips, Hacking, Hacker, Trojan

Tags: social media manipulation, openai, north korean cyber threats, malware development, hacker groups, cybersecurity, cyber threat intelligence, chatgpt, apt5, apt15

Author: Npav Lab

Discover how OpenAI has banned ChatGPT accounts associated with Russian, Iranian, and Chinese hacker groups. Learn about the malicious activities, including malware development and social media manipulation, and explore the implications for cybersecurity.

New Supply Chain Malware Campaign Targets npm and PyPI Ecosystems, Affecting Millions

Posted: June 08, 2025

Categories: Ransomware, Security, Malware Alerts, Spyware

Tags: supply chain malware, software supply chain attacks, remote access trojan, pypi vulnerabilities, package security, npm security, malware distribution, data protection, cybersecurity threats, credential harvesting

Author: Npav Lab

Cybersecurity experts reveal a significant supply chain attack affecting npm and PyPI ecosystems, compromising numerous packages and exposing millions of users to malware. Learn about the affected packages and how to protect yourself.