Critical Windows SMB Flaw Actively Exploited: CVE-2025-33073 Allows Attackers to Gain SYSTEM-Level Access CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20266 mins0 CVE-2025-33073 is a high-severity privilege escalation vulnerability affecting the Windows Server Message Block (SMB) client. At its…continue reading..
High-Risk Buffer Overflow Vulnerabilities Expose UTT 520W Devices to Remote Attacks CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 202614 mins0 Product name: UTT 进取 (UTT) 520W (firmware v1.7.7-180627 reported as vulnerable)Product type: Small/branch router / firewall (embedded…continue reading..
Microsoft Patches High-Risk Windows HTTP.sys Privilege Escalation Vulnerability (CVE-2026-20929) CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20266 mins0 CVE-2026-20929 is a high-impact elevation of privilege vulnerability affecting the HTTP.sys kernel driver in Microsoft Windows.The flaw…continue reading..
New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20267 mins0 A newly demonstrated Kerberos relay technique has revealed how attackers can bypass widely deployed protections by abusing…continue reading..
Security Researchers Exploit Flaw in StealC Malware Panel to Spy on Cybercriminal Operations CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20265 mins0 Cybersecurity researchers have exposed a serious security defect in the control panel used by operators of the…continue reading..
Critical WordPress Plugin Flaw Allows Attackers to Gain Full Admin Access Without Authentication (CVE-2025-15403) CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20267 mins0 CVE-2025-15403 is a critical privilege escalation vulnerability affecting the RegistrationMagic plugin used on WordPress sites.The flaw allows…continue reading..
Critical WordPress WooCommerce Plugin Flaw Allows Full Account Takeover Without Login CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20267 mins0 CVE-2025-10484 is a critical authentication bypass vulnerability affecting a WordPress plugin used for mobile-number-based registration and login…continue reading..
Attackers Exploit Trusted Windows Utility ahost.exe in Stealthy Multi-Actor Malware Campaign CyberSecurity News CyberDefenderJanuary 19, 2026January 19, 20269 mins0 Modern malware campaigns are increasingly shifting away from noisy exploits and instead abusing trusted binaries already present…continue reading..
Mandiant’s Bold Move: Releasing Rainbow Tables to Force Legacy Protocol Retirement CyberSecurity News CyberDefenderJanuary 18, 2026January 18, 202611 mins0 Security firm Mandiant, now part of Google Cloud, recently made a striking decision: it publicly released a…continue reading..
Grok AI Breach on X Sparks Global Alarm Over Deepfake Abuse and Platform Safety CyberSecurity News CyberDefenderJanuary 18, 2026January 18, 20264 mins0 Grok AI — the generative AI chatbot developed by Elon Musk’s xAI and integrated with X —…continue reading..
