The Tenda AC6 router, particularly firmware version V15.03.05.16, has been identified to contain a buffer overflow vulnerability in the formexeCommand function. This security flaw arises when the function fails to properly validate input lengths, allowing an attacker to input data that exceeds the buffer’s capacity. Consequently, this can lead to …
NVIDIA Container Toolkit for Linux contains a TOCTOU vulnerability
In the world of high-performance computing, artificial intelligence, and GPU-accelerated workloads, NVIDIA’s Container Toolkit has become a cornerstone for developers leveraging GPU capabilities within containerized environments. It allows Docker and other container runtimes to seamlessly utilize NVIDIA GPUs for executing complex computations. However, a recent security disclosure has revealed a …
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200
Apple has released an emergency security update to address a critical zero-day vulnerability, CVE-2025-24200, that has been actively exploited in the wild. The flaw affects iPhones, iPads, and macOS devices, prompting Apple to push out immediate fixes to protect users from potential cyber threats. Overview of CVE-2025-24200 The CVE-2025-24200 vulnerability …
Hackers Exploit Google Tag Manager
In the ever-evolving landscape of cybersecurity threats, attackers are constantly finding new vectors to exploit, often hiding in plain sight. One such recent trend that has alarmed the security community is the exploitation of Google Tag Manager (GTM) by cybercriminals to stealthily inject malicious code into websites. What makes this …
Zimbra Releases Security Updates for SQL Injection
Zimbra has released urgent security updates for its collaboration suite. The updates address critical SQL injection vulnerabilities. These flaws could allow attackers to gain unauthorized access to email systems. Security researchers discovered the vulnerabilities last month. The patches are now available for all supported versions of the platform. Cybersecurity experts …
iPhone Users Warned of ‘SparkCat’ Malware
In a recent cybersecurity revelation, iPhone users have been warned about a newly discovered malware campaign dubbed “SparkCat.” Cybersecurity researchers have identified this sophisticated malware as a potent threat, particularly targeting Apple iOS devices in a manner previously thought to be extremely difficult due to Apple’s closed ecosystem. The emergence …
Cross-Platform JavaScript Stealer Targets Crypto Wallets
In recent years, cryptocurrency has transformed from a niche interest into a mainstream financial instrument worth trillions of dollars. With this explosive growth comes an equally significant rise in sophisticated cyber threats targeting these valuable digital assets. Among the most concerning developments is the emergence of cross-platform JavaScript stealers specifically …
Cybercriminals Use Go Resty in 13 Million Password Spraying
Cybersecurity experts have discovered a massive password spraying campaign. The attack used more than 13 million username and password combinations. The tool behind the campaign is Go Resty, a simple but powerful HTTP client library written in Go. This campaign is one of the largest of its kind. It shows …
Taiwan Bans DeepSeek AI Over National Security Concerns
In a major step to protect its digital safety, Taiwan has banned DeepSeek. This is a China-based AI company. The reason is national security. The decision comes as fears grow about foreign data theft and spying. Background and Context DeepSeek is a rising tech company in China. It builds AI …
Crazy Evil Gang Targets Crypto
In a concerning development for the cryptocurrency industry, a cybercriminal group known as the Crazy Evil Gang has been actively targeting crypto wallets and exchanges using a sophisticated trio of malware strains—StealC, AMOS, and Angel Drainer. These malicious tools have been wreaking havoc by enabling large-scale theft of digital assets, …