Three vulnerabilities found in the open-source PHP package Voyager in Laravel can be exploited to launch remote code execution attacks. Until now, the issue has not been fixed and can be exploited against authenticated Voyager users who click on a malicious link. Vulnerability researchers at SonarSource said that they tried to report the weakness to...Read More
A critical vulnerability was found in the open-source file archiving tool, 7-Zip, which allows attackers to bypass the Windows Mark of the Web (MotW) security feature and potentially trick users into launching malware. This vulnerability was identified as CVE-2025-0411 by Trend Micro and received a CVSS score of 7.0. “The CVE-2025-0411 vulnerability allows remote attackers...Read More
A bug was discovered in the Windows BitLocker encryption tool identified as CVE-2025-21210. This vulnerability has exposed the BitLocker encryption system to a new random attack targeting the AES-XTS encryption mode. In addition, this vulnerability also allows an attacker who has physical access to manipulate ciphertext blocks and cause sensitive data to be written to...Read More
In his coverage, Sergiu Gatlan reported that Microsoft has begun forcibly rolling out Windows 11 version 24H2 to eligible and unmanaged devices, specifically the Home and Pro editions of Windows 11 versions 22H2 and 23H2. Based on the Microsoft Lifecycle Policy site, support for Windows 11 version 22H2 Home and Pro editions ends in October...Read More
In his report on bleepingcomputer.com, Bill Toulas stated that a serious vulnerability was found in the W3 Total Cache plugin installed on more than one million WordPress sites. This resulted in granting access to various information, including metadata on cloud-based applications, to attackers. The W3 Total Cache plugin uses several caching techniques to optimize website...Read More
Docker issued a warning that macOS cannot use Docker Desktop because some files are signed with the wrong code signing certificate. The first notification about this malware appeared on January 7, 2025, when MacOS users unexpectedly received a “Malware Blocked” message that prevented them from running the Docker container management application. “Malware Blocked. ‘com.docker.vmnetd’ cannot...Read More
The year 2024 recorded a significant surge in global cyberattacks, with major companies such as Dell and Ticketmaster becoming victims of data breaches and infrastructure compromises. This trend of cyber attacks can be predicted to continue into 2025. So, to prepare for all types of malware attacks, every company or organization needs to know the...Read More
A new dangerous malware identified as a WordPress plugin named PhishWP. This malware has been used by cyber attackers to create fake payment pages that mimic legitimate services like Stripe, enabling the theft of sensitive financial and personal data. According to researchers from SlashNext circulating on a Russian cybercrime forum, PhishWP allows attackers to create...Read More
The MITSUI-BUSSAN Scholarship Program for Indonesia was established in Tokyo, Japan, in 1992 as a non-profit foundation under the approval of the Japanese Ministry of Education, Culture, Sports, Science, and Technology (formerly the Ministry of Education), based on funds provided by Mitsui & Co., Ltd. This program aims to encourage Indonesian students who wish to...Read More
DoubleClickjacking is a new variation of the Clickjacking attack that allows attackers to trick users into authorizing sensitive actions by double-clicking and bypassing existing protections against this type of attack. Clickjacking itself is better known as UI redressing, which is when a threat actor creates a malicious web page that tricks visitors into clicking on...Read More