Aggregator

Ivanti has identified and resolved three high-severity vulnerabilities in its Endpoint Manager (EPM) software. If exploited, these flaws could enable attackers to decrypt other users’ passwords or gain access to sensitive database information, posing significant risks to organizations that rely on this endpoint management solution. Ivanti Endpoint Manager Mobile Vulnerabilities Ivanti’s recent security update targets […]

The post Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords appeared first on Cyber Security News.

Phishing kits are evolving fast. Threat actors behind toolkits like Tycoon2FA, EvilProxy, and Sneaky2FA are getting smarter, setting up infrastructure that bypasses 2FA and mimics trusted platforms like Microsoft 365 and Cloudflare to steal user credentials without raising red flags.  But if you’re part of a SOC or threat intel team, you don’t have to […]

The post Tycoon2FA, EvilProxy, Sneaky2FA: How To Defend Against These Phishing Kit Attacks  appeared first on Cyber Security News.

A critical vulnerability in DNN (formerly DotNetNuke) that allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass technique.  The vulnerability, tracked as CVE-2025-52488, affects one of the oldest open-source content management systems and demonstrates how defensive coding measures can be circumvented through clever exploitation of Windows and .NET quirks. Key Takeaways1. CVE-2025-52488 […]

The post DNN Vulnerability Let Attackers Steal NTLM Credentials via Unicode Normalization Bypass appeared first on Cyber Security News.

You must login to view this content

You must login to view this content