Subscribe
Monday, April 27, 2026
type here...
Subscribe
HomeUncategorized

Uncategorized

CitrixBleed 2 Vulnerability: Proof-of-Concept Released, Widespread Threat Looms

A proof-of-concept (PoC) for CVE-2025-5777, dubbed "CitrixBleed 2," a critical memory disclosure vulnerability affecting Citrix NetScaler devices. The vulnerability, which bears striking similarities to the infamous 2023 CitrixBleed incident, is currently being exploited in the wild by multiple threat actors, prompting urgent warnings from...
Read more

Unleashing Threats – DeepSeek Installers Spread Sainbox RAT and Concealed Rootkit

A sophisticated new malware campaign has been uncovered by Netskope Threat Labs, targeting Chinese users through fake installers for popular software, including WPS Office, Sogou, and DeepSeek. The attackers behind this operation deliver advanced threats, including the Sainbox Remote Access Trojan (RAT), a variant...
Read more

WordPress Admins Alert: Beware of Fake SEO Plugins That Hijack Your Website

A sophisticated malware campaign targeting WordPress websites through fake plugins that cleverly disguise themselves using the victim's own domain name. This deceptive tactic allows the malicious software to evade detection while injecting SEO spam content designed to manipulate search engine rankings, particularly targeting Cialis-related...
Read more

Apache APISIX Vulnerability Enables Unauthorized Cross-Issuer Access via Misconfigurations

Apache APISIX, a popular open-source API gateway, has disclosed a critical security vulnerability affecting versions prior to 3.12.0 that could enable unauthorized cross-issuer authentication bypass. The vulnerability, CVE-2025-46647 discovered by security researcher Tiernan Messmer, specifically targets the OpenID Connect plugin when deployed in introspection...
Read more

Instagram Implements 1-Week Validity TLS Certificates, Renewed Daily

Instagram implements an unusual certificate management strategy, replacing their TLS certificates on a daily basis using certificates with approximately one-week validity periods. This practice deviates significantly from industry standards where certificates typically remain valid for 90 to 365 days, marking a potentially significant shift...
Read more

Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition

A critical security vulnerability has been identified and patched in Next.js, the popular React-based web framework. The vulnerability, designated as CVE-2025-49826, affects specific versions of the framework and could allow attackers to exploit cache poisoning mechanisms to trigger denial-of-service conditions on vulnerable applications. The security...
Read more

About us

The Cyber News is an online community for security professionals. It features articles from top security researchers, CISOs, and technology experts.

Company

The latest

Burp Suite Supercharges Its Scanning Capabilities With React2Shell Vulnerability Detection

Cybersecurity News 0
PortSwigger has leveled up Burp Suite's scanning arsenal with...

Malicious MCP Servers Enable New Prompt Injection Attack To Drain Resources

Cybersecurity News 0
Unit 42 researchers at Palo Alto Networks exposed serious...

Law Enforcement Detains Hackers Equipped With Specialized Flipper Hacking Tools

Cyber News 0
Polish police have arrested three Ukrainian men traveling through...

Subscribe

© 2025 the Cyber News