ZCyberNews
中文

Articles

432 articles

Microsoft Patches Exploited SharePoint Zero-Day Among 161 VulnerabilitiesHIGH
Vulnerabilities

Microsoft Patches Exploited SharePoint Zero-Day Among 161 Vulnerabilities

Microsoft's April 2025 Patch Tuesday addresses 161 CVEs, including an actively exploited zero-day in SharePoint Server (CVE-2025-27088) and a critical RCE in Windows DNS (CVE-2025-27080).

CVE-2025-27088CVE-2025-27080
4 min read
Mirax Android RAT Steals Credentials, Enslaves Phones for Proxy NetworkHIGH
Malware

Mirax Android RAT Steals Credentials, Enslaves Phones for Proxy Network

The Mirax Android RAT steals banking credentials and covertly turns infected devices into residential proxy nodes for criminal traffic, creating a dual-threat mobile botnet.

4 min read
Critical PHP Composer Flaws Allow Remote Command Execution via Perforce DriverHIGH
Vulnerabilities

Critical PHP Composer Flaws Allow Remote Command Execution via Perforce Driver

Two high-severity command injection vulnerabilities (CVE-2026-40176, CVE-2026-40177) in PHP Composer's Perforce driver enable arbitrary command execution on developer systems during package operations.

CVE-2026-40176CVE-2026-40177
3 min read
PlugX USB Worm Evolves with DLL Sideloading for Cross-Continent SpreadHIGH
Malware

PlugX USB Worm Evolves with DLL Sideloading for Cross-Continent Spread

A new PlugX USB worm variant uses DLL sideloading to propagate across Asia and Africa, targeting removable drives for initial access and establishing persistence.

4 min read
ShowDoc RCE Vulnerability CVE-2025-0520 Under Active ExploitationCRITICAL
Vulnerabilities

ShowDoc RCE Vulnerability CVE-2025-0520 Under Active Exploitation

Attackers are actively exploiting CVE-2025-0520, a critical RCE flaw in ShowDoc, to compromise unpatched servers via unrestricted file upload. The vulnerability has a CVSS score of 9.4.

CVE-2025-0520
3 min read
Zero Trust Architecture as a Critical Defense Against Credential-Based AttacksINFORMATIONAL
Industry News

Zero Trust Architecture as a Critical Defense Against Credential-Based Attacks

Specops analysis details how an identity-first Zero Trust model counters the primary breach vector of stolen credentials by enforcing least privilege, device trust, and blocking lateral movement.

3 min read
Adobe Patches Acrobat Zero-Day Exploited via Malicious PDFs for MonthsCRITICAL
Vulnerabilities

Adobe Patches Acrobat Zero-Day Exploited via Malicious PDFs for Months

Adobe patches CVE-2024-34102, a critical zero-day vulnerability in Acrobat and Reader exploited via malicious PDFs for at least four months prior to discovery.

CVE-2024-34102
4 min read
AI Chatbots as Political Advisors Raise Security and Transparency ConcernsMEDIUM
AI Security

AI Chatbots as Political Advisors Raise Security and Transparency Concerns

A U.S. Senator's use of an AI chatbot for policy consultation highlights emerging risks in AI-assisted governance, including data privacy, model integrity, and accountability gaps.

4 min read
CVE-2024-38112: BlueHammer PoC Escalates Windows to SYSTEMHIGH
Vulnerabilities

CVE-2024-38112: BlueHammer PoC Escalates Windows to SYSTEM

Researcher Chaotic Eclipse published a PoC for CVE-2024-38112, a Windows zero-day that grants local SYSTEM privileges, citing MS disclosure failures.

CVE-2024-38112
3 min readChaotic Eclipse
ClickFix Mac Malware Campaign Uses Fake Apple Page to Deliver PayloadsMEDIUM
Malware

ClickFix Mac Malware Campaign Uses Fake Apple Page to Deliver Payloads

A new ClickFix-style campaign targets macOS users with fake Apple instructions to run malicious commands.

3 min read
CPUID Software Downloads Compromised, Delivered STX RAT MalwareHIGH
Malware

CPUID Software Downloads Compromised, Delivered STX RAT Malware

Threat actors compromised CPUID's download infrastructure for six hours, redirecting users to malicious sites serving the STX RAT. Official signed files were not affected.

3 min read
CPUID Website Compromised to Distribute Trojanized System UtilitiesHIGH
Malware

CPUID Website Compromised to Distribute Trojanized System Utilities

A Russian-speaking threat actor hacked the CPUID website, replacing legitimate download links for CPU-Z and HWMonitor with trojanized installers delivering the STX RAT malware.

3 min readRussian-speaking threat actor
← PrevPage 34 of 36Next →