Author: cyberknight
-
NVIDIA security vulnerability (CVE-2025-23352)
CVE-2025-23352 is a vulnerability identified in NVIDIA’s vGPU software, specifically in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. If exploited successfully, it can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Affected versions include all releases prior to and including version 19.1,…
-
Oracle E-Business Suite security vulnerability (CVE-2025-61884)
CVE-2025-61884 is a high-severity security vulnerability in the Oracle E-Business Suite (EBS), specifically in the Oracle Configurator product’s Runtime UI component. The flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator and gain unauthorized access to sensitive data. Because the affected component is often exposed to internal and external networks,…
-
Vulnerabilities of Zero Trust Security: Critical Points and the Role of AI Agents
Zero Trust Security (ZTS) Zero Trust Security (ZTS) is a cybersecurity model in which no user, device, network location or system component is implicitly trusted. Instead, every access request to a resource must be verified continuously — based on identity, device posture, access context, and risk-signals. According to the National Institute of Standards and Technology…
-
National Terrorism Advisory System Bulletin (22 June 2025)
The National Terrorism Advisory System provides Americans with alert information on homeland security threats. It is distributed by the Department of Homeland Security. The National Terrorism Advisory System issued a bulletin on June 22, 2025. The bulletin highlights the potential threats to the United States of the ongoing Iran-Israel war. The Iranian Government has publicly…
-
FBI’s 2024 Internet Crime Complaint Center Report
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its latest annual report. The 2024 Internet Crime Report combines information from 859,532 complaints of suspected Internet crime and details reported losses exceeding $16 billion—a 33% increase in losses from 2023. See more details on:
-
AWS Serverless Application Model Command Line Interface (SAM CLI) security vulnerability (CVE-2025-3047)
CVE-2025-3047 is a vulnerability identified in the AWS Serverless Application Model Command Line Interface (AWS SAM CLI). When the sam build process is executed with Docker and includes symbolic links (symlinks) in the build files, the container environment may allow unauthorized access to privileged files on the host system. An attacker could exploit this by…
-
Genoa – Capital of Super Computing – High Performance Computing for Biomedical Research
Cyberknight attended the event Genoa – Capital of Super Computing – High Performance Computing for Biomedical Research held on March 28, 2025 at Genoa Erzelli GREAT Campus. See more details on:
-
US Strategic Bitcoin Reserve
President Donald Trump signed an executive order directing his administration to establish a Strategic Bitcoin Reserve. The reserve is set to consolidate bitcoin already held by the federal government assets acquired through criminal and civil forfeiture proceedings. See more details on:
-
VMware ESXi and VMware Workstation security vulnerability (CVE-2025-22224)
CVE-2025-22224 is a critical vulnerability classified as a Time-of-Check Time-of-Use (TOCTOU) flaw affecting VMware ESXi and VMware Workstation. In essence, the issue arises from a race condition where the system checks a resource and then uses it without verifying that it hasn’t changed, which can lead to an out-of-bounds write. This behavior can allow a…
-
Lazarus Group
The Lazarus Group is a notorious, North Korea linked hacking organization often described as an advanced persistent threat (APT38) group that has been active since at least 2009. Believed to be run or heavily sponsored by the North Korean government, Lazarus has been implicated in a wide array of high-profile cyber operations ranging from cyber…
-
North Korea has become the country to hold the largest strategic reserve of Ethereum (ETH)
In a stunning escalation of state-sponsored cybercrime, North Korea’s notorious Lazarus hacking group has pulled off what experts are calling the largest cryptocurrency heist in history. In a meticulously orchestrated attack on the Dubai-based exchange Bybit, hackers manipulated a routine transfer between the exchange’s cold and hot wallets to siphon off over 400,000 Ethereum (ETH)…
-
OpenH264 security vulnerability (CVE-2025-27091)
CVE-2025-27091 is a vulnerability found in the OpenH264 codec library a widely used tool for H.264 video encoding and decoding developed by Cisco. The issue arises from a race condition in the library’s decoding functions. In essence, there is a timing gap between the allocation of memory for a Sequence Parameter Set (SPS) and the…