Author: cyberknight
-
US Strategic Bitcoin Reserve
President Donald Trump signed an executive order directing his administration to establish a Strategic Bitcoin Reserve. The reserve is set to consolidate bitcoin already held by the federal government assets acquired through criminal and civil forfeiture proceedings. See more details on:
-
VMware ESXi and VMware Workstation security vulnerability (CVE-2025-22224)
CVE-2025-22224 is a critical vulnerability classified as a Time-of-Check Time-of-Use (TOCTOU) flaw affecting VMware ESXi and VMware Workstation. In essence, the issue arises from a race condition where the system checks a resource and then uses it without verifying that it hasn’t changed, which can lead to an out-of-bounds write. This behavior can allow a…
-
Lazarus Group
The Lazarus Group is a notorious, North Korea linked hacking organization often described as an advanced persistent threat (APT38) group that has been active since at least 2009. Believed to be run or heavily sponsored by the North Korean government, Lazarus has been implicated in a wide array of high-profile cyber operations ranging from cyber…
-
North Korea has become the country to hold the largest strategic reserve of Ethereum (ETH)
In a stunning escalation of state-sponsored cybercrime, North Korea’s notorious Lazarus hacking group has pulled off what experts are calling the largest cryptocurrency heist in history. In a meticulously orchestrated attack on the Dubai-based exchange Bybit, hackers manipulated a routine transfer between the exchange’s cold and hot wallets to siphon off over 400,000 Ethereum (ETH)…
-
OpenH264 security vulnerability (CVE-2025-27091)
CVE-2025-27091 is a vulnerability found in the OpenH264 codec library a widely used tool for H.264 video encoding and decoding developed by Cisco. The issue arises from a race condition in the library’s decoding functions. In essence, there is a timing gap between the allocation of memory for a Sequence Parameter Set (SPS) and the…
-
Palo Alto Networks PAN-OS security vulnerability (CVE‑2025‑0108)
CVE‑2025‑0108 is an authentication bypass vulnerability found in Palo Alto Networks’ PAN‑OS software. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass standard authentication and invoke specific PHP scripts. While the flaw doesn’t directly lead to remote code execution, it can compromise the confidentiality and integrity of the…
-
InvestAI
InvestAI: The EU’s Bold Initiative to Empower Europe’s AI Future The European Union is taking a decisive step to secure its position as a global leader in artificial intelligence with InvestAI—a groundbreaking initiative designed to mobilize unprecedented financial support for the development of AI technologies across the continent. A Vision for a Digital Continent Announced…
-
OpenSSL security vulnerability (CVE-2024-12797)
CVE-2024-12797 is a high-severity vulnerability in the OpenSSL cryptographic library, identified by Apple Inc. This flaw affects OpenSSL versions 3.2, 3.3, and 3.4 and pertains to the handling of RFC7250 handshakes. Specifically, when clients use raw public keys (RPKs) for server authentication, the handshake may not abort as expected if the server is unauthenticated. This…
-
Fortinet security vulnerability (CVE-2025-24472)
CVE-2025-24472 is an authentication bypass vulnerability identified in Fortinet’s FortiOS and FortiProxy products. This flaw allows a remote attacker to gain super-admin privileges by sending specially crafted CSF proxy requests. Affected Versions: Severity: The vulnerability has been assigned a CVSS v3.1 base score of 8.1, categorizing it as ‘High’ severity. Mitigation: Fortinet has addressed this…
-
Apple security vulnerability (CVE-2025-24200)
CVE-2025-24200 is a vulnerability in Apple’s iOS and iPadOS systems that stems from an authorization flaw caused by improper state management. In affected devices, this flaw could allow a physical attacker to bypass USB Restricted Mode on a locked device potentially permitting unauthorized data access via a USB connection. This vulnerability has been fixed in…
-
FreeBSD security vulnerability (CVE-2025-0662)
CVE-2025-0662 identifies a vulnerability in FreeBSD’s ktrace facility, which is used for tracing kernel and user programs. In certain scenarios, ktrace logs variable-sized sockaddr structures to userspace. When the actual sockaddr is shorter than its full size, the entire structure is still copied, resulting in up to 14 bytes of uninitialized kernel memory being exposed…
-
FreeBSD security vulnerability (CVE-2025-0374)
CVE-2025-0374 is a security vulnerability identified in FreeBSD’s etcupdate utility. When etcupdate encounters conflicts during file merging, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This temporary file does not preserve the original file’s permissions and is world-readable, potentially exposing sensitive information. Files that typically have restricted access, such as /etc/master.passwd, could be affected.…