vulnerability - Page 7

Security Breach Alert: Indian Government Warns of Vulnerabilities in MediaTek-Powered Devices

Posted: June 12, 2025

Categories: Security, Data Breach, vulnerability

Tags: wi-fi routers, tablets, smartphones, smart tvs, security patches, security breach alert, mediatek vulnerabilities, laptops, device security, denial-of-service, data theft, cve-2025-20673, cve-2025-20672, cert-in advisory

Author: Npav Lab

The Indian government has issued a high-severity alert regarding vulnerabilities in devices using MediaTek processors. Learn about affected devices, security risks, and recommended actions.

Critical Windows Remote Desktop Services Vulnerability CVE-2025-32710 Allows Remote Code Execution

Posted: June 12, 2025

Categories: vulnerability, Windows

Tags: windows server updates, windows remote desktop services, use-after-free vulnerability, system compromise, security vulnerability, remote code execution, race condition, microsoft security patch, endpoint protection, cve-2025-32710

Author: Npav Lab

A critical vulnerability in Windows Remote Desktop Services (CVE-2025-32710) enables unauthorized remote code execution. Learn about affected systems, security updates, and mitigation strategies.

Adobe Releases Security Update Fixing 254 Vulnerabilities in AEM and Other Products

Posted: June 11, 2025

Categories: Security, Products, Updates, vulnerability

Tags: xss vulnerabilities, vulnerabilities, substance 3d sampler, software security, privilege escalation, magento open source, cve-2025-47110, cross-site scripting, code execution flaws, aem vulnerabilities, adobe security update, adobe incopy, adobe experience manager, adobe commerce

Author: Npav Lab

Adobe has issued a security update addressing 254 vulnerabilities, primarily affecting Adobe Experience Manager. Learn about the critical flaws and how to protect your software.

FIN6 Leverages Fake LinkedIn Resumes & AWS to Spread More_eggs Malware

Posted: June 11, 2025

Categories: Ransomware, Malware Alerts, Cyber Attack, vulnerability, LinkedIn

Tags: recruiters, phishing campaign, malware via linkedin, malware, linkedin resumes, fin6, aws

Author: Npav Lab

FIN6 cybercrime group uses fake resumes hosted on AWS to deliver More_eggs malware via LinkedIn. Learn how they target recruiters and evade detection.

Google Account Recovery Vulnerability Exposes Users' Phone Numbers to Attackers

Posted: June 10, 2025

Categories: Google, Cyber Attack, Data Breach, Browser Hijack, vulnerability

Tags: user data protection, phone number exposure, legacy system vulnerabilities, google security breach, google account recovery vulnerability, cybersecurity threats, cve google security flaw, brute-force attack on google

Author: Npav Lab

Learn about a critical vulnerability in Google's account recovery system that allowed attackers to access any user's phone number through a brute-force attack, highlighting the importance of security audits for legacy systems.

Wazuh Server Vulnerability Exploited by Two Distinct Botnets for Mirai-Based DDoS Attacks

Posted: June 10, 2025

Categories: Security, Cyber Attack, Botnet, vulnerability, DDoS

Tags: wazuh server vulnerability, remote code execution vulnerabilities, mirai botnet attacks, iot security vulnerabilities, ddos attacks, cybersecurity threats, cve-2025-24016, botnet exploitation

Author: Npav Lab

Discover how two separate botnets exploit the critical Wazuh Server vulnerability (CVE-2025-24016) to launch Mirai-based DDoS attacks, targeting IoT devices and highlighting the urgency of cybersecurity measures.

New Stego Campaign Hides AsyncRAT in Images via MS Office Exploit

Posted: April 25, 2025

Categories: Malware Alerts, vulnerability

Tags: steganography, microsoft office vulnerability

Author: Npav Lab

A stealthy new cyberattack campaign is using steganography and a legacy Microsoft Office vulnerability to deliver AsyncRAT — a powerful remote access trojan capable of full system compromise. This multi-stage campaign cleverly embeds malicious code in innocent-looking image files, using advanced evasion tactics to bypass traditional security solutions.

Hackers Exploit SimpleHelp RMM Vulnerabilities to Breach Networks

Posted: January 30, 2025

Categories: Security, vulnerability

Tags: simplehelp rmm, network security

Author: Npav Lab

Hackers are actively targeting vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to infiltrate networks. These flaws allow attackers to download/upload files and gain admin-level access. While patches are available, unpatched systems remain at risk.

FortiGate Firewalls Face Zero-Day Vulnerability Attacks

Posted: January 15, 2025

Categories: vulnerability, firewall

Tags: zero-day exploit, firewall protection

Author: Npav Lab

Fortinet FortiGate firewall devices are under attack due to a zero-day vulnerability. Hackers are exploiting exposed management interfaces on public networks, gaining unauthorized access, and compromising firewall configurations. Organizations must act quickly to secure their systems and prevent further damage.

Global Telecom Giants Breached by Salt Typhoon Cyber Attacks Exposing Critical Vulnerabilities

Posted: December 05, 2024

Categories: Data Breach, vulnerability

Tags: network security, data breaches

Author: Npav Lab

Chinese state-backed hacking group Salt Typhoon has breached telecommunications companies in dozens of countries, including eight firms in the U.S., exploiting vulnerabilities in private communication networks. This long-running campaign raises alarms about critical infrastructure security and highlights the urgent need for encrypted communications and robust system defenses.