A dangerous vulnerability has been discovered in Apache Jackrabbit that could lead to remote execution of arbitrary code and compromise enterprise systems. The issue is registered as CVE-2025-58782 and affects two key components simultaneously: Jackrabbit Core and JCR Commons. The flaw is present in all versions from 1.0.0 to 2.22.1 and is rated Important in severity. The issue is related to insecure data deserialization when using JNDI requests to JCR repositories. If an application accepts external parameters to connect to a repository, an attacker can inject a malicious JNDI address. The vulnerable component then interprets the object encoded in the link, allowing

Italian companies that use online telephony platforms (VoIP) based on open-source software such as Asterisk and Vicidial rely on these systems to contact Italian citizens on a daily basis, offering various products and services for sale. Paragon Sec, during an underground search, identified numerous call centers of Italian companies active in various sectors, from the promotion of photovoltaic panels to the supply of water, electricity, and gas, to wellness products. What we have What has been discovered, however, is alarming: a leak of private audio recordings between operators and customers, made publicly accessible on the web without any protection. Why it’s a

Manuel Roccon, leader of Red Hot Cyber’s HackerHood ethics team, has created a detailed video demonstration on YouTube that demonstrates in a practical way how the exploit based on the WinRAR CVE-2025-8088 vulnerability works. The video demonstrates step-by-step the techniques used by attackers to compromise victims’ systems by simply double-clicking on a malicious RAR archive. WinRAR Bug CVE-2025-8088 The bug in question is a directory traversal bug and has been actively exploited in targeted phishing campaigns. As explained in the article “Did you double-click on WinRAR? Congratulations! You’ve been compromised”, a manipulated archive can extract files to critical directories, such as Windows

In a security test, Ethiack researchers found a way to bypass even the most stringent web application firewalls using an unusual technique: JavaScript injection via HTTP parameter pollution. The test subject was an ASP.NET application with the strictest filtering rules. Any attempt to inject standard XSS constructs was blocked, but thanks to the peculiarities of duplicate parameter processing, the researchers were able to collect a working payload that the firewall hadn’t even detected. The key to the workaround was that the ASP.NET HttpUtility.ParseQueryString() method combines identical parameters using commas. Therefore, a query string like q=1’&q=alert(1)&q=’2 becomes the sequence 1′,alert(1),’2. When inserted into

Security researcher Matthew Bryant recently unveiled Thermoptic, an innovative tool that acts as an HTTP proxy. This tool can disguise network requests to appear to be traffic from the Chrome browser, allowing it to bypass fingerprinting blockers. In fact, services like Cloudflare are increasingly adopting these methods to identify “non-human” clients, such as bots or highly specialized parsers. Thermoptic allows you to use common command-line utilities, but passes their requests as real browser requests. It simultaneously synchronizes multiple layers of network “signatures,” from TLS and HTTP to X.509 certificates and TCP packets. As a result, the fingerprints the service sees from the

eSentire has reported the discovery of a new botnet called NightshadeC2, which uses unconventional methods to bypass protection and sandboxes. The malware is distributed via counterfeit versions of legitimate programs such as CCleaner, Express VPN, Advanced IP Scanner, and Everything, as well as via the ClickFix scheme, in which the victim is prompted to enter a command in a Run window after completing a fake captcha. The main feature of NightshadeC2 is a technique experts call “UAC Prompt Bombing.” The downloader runs a PowerShell script that attempts to add the malware to the Windows Defender exclusion list. If the user refuses to

In mid-August, researchers encountered the Cephalus ransomware in two separate incidents. Among recent outbreaks of families like Crux and KawaLocker, a ransom note beginning with the words “We are Cephalus” attracted attention. In both cases, the attackers gained initial access via RDP using compromised credentials without multi-factor authentication and used the MEGA cloud service to potentially leak data. The most notable aspect of the attack chain was the ransomware’s launch method. The attackers resorted to DLL replacement using the legitimate SentinelOne component: the SentinelBrowserNativeHost.exe file was launched from the Downloads directory, fetching the SentinelAgentCore.dll library, which in turn loaded the data.bin file

On August 20, Apple released an unscheduled security update for all major operating systems: iOS, iPadOS, macOS, and other platforms. The patch addresses the CVE-2025-43300 vulnerability in the ImageIO module: a buffer overflow error that was addressed through stricter bounds checking during image processing. The vulnerability has received increasing attention: it has been reported as “exploited in real-world attacks” and without user intervention. Separately, WhatsApp released a fix, noting that attackers could force the victim’s device to download a resource from an arbitrary URL and start processing it; This issue is believed to have been part of an exploit chain involving CVE-2025-43300.

Researchers at Proofpoint, a leader in cybersecurity and information protection, have detected a worrying increase in the use of open-source malware, such as Stealerium and Phantom Stealer, by opportunistic cybercriminals. These tools, originally “for educational purposes,” are becoming effective weapons for stealing sensitive data, putting corporate identities and information at risk. Identity in the Crosshairs: The Infostealer Threat Threat actors are increasingly focusing their efforts on infostealers, as identity theft has become a top priority in the cybercrime landscape. While many favor “malware-as-a-service” offerings, such as Lumma Stealer or Amatera Stealer, a growing number of criminals are turning to disposable or freely

Egyptian authorities and the Alliance for Creativity and Entertainment (ACE) say they have shut down Streameast, the largest illegal sports streaming network in the world, and arrested two of the platform’s alleged operators. Streameast, active since 2018, is a free, ad-supported streaming service that offers access to HD content from licensed broadcasters. According to ACE, Streameast operates 80 domains that collectively generate 136 million monthly visits. The platform attracted 1.6 billion visits last year, primarily from the United States, Canada, the United Kingdom, the Philippines, and Germany. The pirate platform offers illegal streams of soccer leagues including the English Premier League, Spanish