CVE-2025-14558: FreeBSD IPv6 Vulnerability Allows RCE A critical vulnerability in FreeBSD's IPv6 auto-configuration feature (CVE-2025-14558) scores 9.8/10 and allows attackers on the same network to execute arbitrary commands with a single malicious pack...

FreeBSD CVE-2025-14558: 9.8-severity IPv6 flaw lets attackers execute code via crafted packets. Patched Dec 16, but PoC exploits dropped 2 weeks ago.

Read More: www.security.land/freebsd-ipv6...

#SecurityLand #CyberWatch #FreeBSD #Cybersecurity #IPv6 #CVE #Vulnerability

NuGet Malware Targets Crypto Wallets in Multi-Month Attack Security researchers uncovered 14 malicious NuGet packages that impersonated legitimate cryptocurrency tools to steal funds and OAuth tokens. The campaign ran undetected from July through October 2025...

14 fake crypto packages hid on NuGet for 4 months, stealing wallet keys and redirecting transactions. They looked legit—copied real codebases, inflated downloads to millions.

#SecurityLand #CyberWatch #Malware #Blockchain #Crypto

Read More: www.security.land/crypto-theft...

NPM Malware Steals WhatsApp Messages: 56K Downloads of Lotusbail Researchers at Koi Security have uncovered a malicious npm package that stole WhatsApp credentials and messages while functioning perfectly as a legitimate API library. The lotusbail package accumulat...

Koi Security research team uncovered something that should concern every developer using npm: a WhatsApp API package with 56,000 downloads that steals everything passing through it.

#SecurityLand #CyberWatch #NPM #WhatsApp #Koi

Read More: www.security.land/whatsapp-ste...

Inside CVE-2025-14733: The Unauthenticated RCE Hitting WatchGuard Firewalls Analysis of CVE-2025-14733, a critical WatchGuard Firebox vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.

Security administrators worldwide are rushing to patch a critical security vulnerability in WatchGuard Firebox appliances tracked as CVE-2025-14733.

#SecurityLand #CyberWatch #ZeroDay #Watchguard #SecurityVulnerability #Firewall #CVE

Read More: www.security.land/watchguard-c...

Critical Flaws Discovered in Ivanti EPM Endpoint Management Software Ivanti Endpoint Manager faces four security vulnerabilities, including a critical 9.6 CVSS flaw. Updates now available for EPM users.

Ivanti Endpoint Manager faces four security vulnerabilities, including a critical 9.6 CVSS flaw. Updates now available for EPM users.

#SecurityLand #CyberWatch #SecurityVulnerability #Ivanti #EPM #CVSS #CVE #XSS

Read More: www.security.land/critical-fla...

CISA Orders Agencies to Mitigate Cisco ASA Zero-Day Exploitation | Security Land CISA issues Emergency Directive 25-03 as Cisco ASA zero-days (CVE-2025-20333, CVE-2025-20362) face active exploitation.

CISA issued Emergency Directive 25-03 after threat actors exploited Cisco ASA zero-days, including RCE and privilege escalation flaws.

#SecurityLand #CyberWatch #CISA #Cisco #ZeroDay #RCE #SecurityVulnerability

Read More: www.security.land/cisa-orders-...

Critical RCE Vulnerability Found in Control Web Panel | Security Land Critical flaw in Control Web Panel (CVE-2025-48703) lets attackers bypass authentication and execute commands remotely.

A critical RCE vulnerability in Control Web Panel (CVE-2025-48703) allows remote command execution. Patch to version 0.9.8.1205 immediately.

#SecurityLand #CyberWatch #SecurityVulnerability #RCE #CVE #CWP #ControlWebPanel

Read More: www.security.land/critical-rce...

Cisco Releases Security Advisories for IOS and IOS XE Vulnerabilities | Security Land Cisco warns of IOS and IOS XE flaws, including CVE-2025-20352, urging users to update before attackers exploit them.

Cisco has disclosed 13 IOS and IOS XE vulnerabilities, including CVE-2025-20352, which is already being exploited. Immediate updates are strongly advised.

#SecurityLand #CyberWatch #Cisco #SecurityVulnerability #CVE #PatchNow

Read More: www.security.land/cisco-releas...

Zero-Click ChatGPT Vulnerability Exposes Gmail Data Without User Knowledge | Security Land Critical ShadowLeak vulnerability in ChatGPT's Deep Research agent allows hackers to steal Gmail data without user interaction.

A security flaw has been discovered in ChatGPT that could silently steal your Gmail data without you ever knowing. Security firm Radware has uncovered what they’re calling “ShadowLeak”.

#SecurityLand #CyberWatch #ChatGPT #Vulnerability #ShadowLeak

Read More: www.security.land/zero-click-c...

Critical Security Flaws Expose Flowise AI Framework to Remote Code Execution Attacks | Security Land Seven critical security flaws discovered in Flowise AI development framework, including remote code execution and account takeover.

🚨 CRITICAL: 7 security flaws found in popular FlowiseAI framework! Includes remote code execution, file manipulation & account takeover vulnerabilities. 5 rated "Critical" severity.

#SecurityLand #CyberWatch #AI #CyberSecurity #Flowise #RCE

Read More: www.security.land/critical-sec...

NPM Under Attack: Shai-Hulud Worm Compromises 187+ Packages in Major Supply Chain Breach | Security Land Self-replicating Shai-Hulud malware compromises 187+ NPM packages, stealing developer credentials and exposing them publicly on GitHub.

🚨 Sophisticated "Shai-Hulud" worm compromises 187+ NPM packages in devastating supply chain attack. CrowdStrike among victims.

#SecurityLand #CyberWatch #CyberSecurity #NPM #SupplyChain #ShaiHulud #Github #Javascript

Read More: www.security.land/npm-under-at...

Critical pgAdmin CVE-2025-9636 Vulnerability Enables OAuth Session Hijacking and Account Takeover | Security Land pgAdmin CVE-2025-9636 COOP vulnerability allows OAuth session hijacking. Analysis of attack methods, patch and security recommendations.

🚨pgAdmin CVE-2025-9636 allows OAuth session hijacking & account takeover. CVSS 7.9 vulnerability affects versions ≤9.7. Patch available in v9.8. #SecurityLand #CyberWatch #Cybersecurity #PostgreSQL #DatabaseSecurity #CVE2025 #OAuth

Read More: www.security.land/critical-pga...

Critical Docker Desktop Vulnerability Exposes Container API Access Risk | Security Land Docker Desktop critical vulnerability CVE-2025-9074 allows unauthorized container API access. CVSS 9.3 rating. Security update 4.44.3 available now.

🚨Docker Desktop vulnerability CVE-2025-9074 (CVSS 9.3) allows containers to bypass isolation & access Docker APIs. Update to v4.44.3 immediately.

#SecurityLand #CyberWatch #Docker #Cybersecurity #ContainerSecurity #Docker

Read More: www.security.land/critical-doc...

Contradictory Intelligence: BreachForums Revival or Sophisticated Deception Operation? | Security Land BreachForums returns after FBI arrests of ShinyHunters & IntelBroker. Conflicting intelligence reveals honeypots vs real revival.

After ShinyHunters and IntelBroker arrest, BreachForums allegedly returns. Cybersecurity experts analyze contradictory revival intelligence.

#SecurityLand #CyberWatch #BreachForums #Cybercrime #Darkweb #IntelBroker #Cybersecurity

Read More: www.security.land/contradictor...

Tokiwa Group Data Breach: Ransomware Impact on Customer, Employee, and Partner Data | Security Land Tokiwa Group confirms a ransomware attack potentially exposed 421,355 customer records, employee data, and business partner info.

Tokiwa Group hit by ransomware, potentially exposing 420K+ customer/employee/partner records. Company addressing incident & notifying impacted individuals.

#SecurityLand #CyberWatch #Cybersecurity #DataBreach #Ransomware #TokiwaGroup #Japan

Read More: www.security.land/tokiwa-group...

BRICKSTORM Malware Evolves: Deploying Triple-Layer Encryption to Bypass Enterprise Security | Security Land Chinese-linked UNC5221 expands BRICKSTORM attack surface from Linux to Windows using three-layer encryption and tunneling to bypass security.

Chinese threat actor UNC5221 has significantly upgraded their BRICKSTORM malware with triple-layer encryption that renders most security monitoring ineffective, according to NVISO Security.

#SecurityLand #CyberWatch #CyberSecurity #ThreatIntelligence #APT #Brickstorm #Malware

Cyberwatch: French cybersecurity company acquired the domain Cyberwatch.com Cyberwatch France, operating from the domain Cyberwatch.fr, has acquired the domain name Cyberwatch.com from DigiMedia. Registered in 1997, Cyberwatch.com has been in the possession of DigiMedia sinc...

#Cyberwatch: French #cybersecurity company acquired the domain Cyberwatch*.com

domaingang.com/domain-news/...

#Domains #DomainRebranding