Cybersecurity

Threatsday Bulletin: AI Voice Cloning Exploit, Wi-fi Kill Switch,... (2026)

2026-01-15 0 views admin
Threatsday Bulletin: AI Voice Cloning Exploit, Wi-fi Kill Switch,... (2026)

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.

This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.

A high-severity security flaw has been disclosed in Redis (CVE-2025-62507, CVSS score: 8.8) that could potentially lead to remote code execution by means of a stack buffer overflow. It was fixed in version 8.3.2. JFrog's analysis of the flaw has revealed that the vulnerability is triggered when using the new Redis 8.2 XACKDEL command, which was introduced to simplify and optimize stream cleanup. Specifically, it resides in the implementation of xackdelCommand(), a function responsible for parsing and processing the list of stream IDs supplied by the user. "The core issue is that the code does not verify that the number of IDs provided by the client fits within the bounds of this stack-allocated array," the company said. "As a result, when more IDs are supplied than the array can hold, the function continues writing past the end of the buffer. This results in a classic stack-based buffer overflow." The vulnerability can be triggered remotely in the default Redis configuration just by sending a single XACKDEL command containing a sufficiently large number of message IDs. "It is also important to note that by default, Redis does not enforce any authentication, making this an unauthenticated remote code execution," JFrog added. As of writing, there are 2,924 servers susceptible to the flaw.

BaoLoader, ClickFix campaigns, and Maverick emerged as the top three threats between September 1 and November 30, 2025, according to ReliaQuest. Unlike typical malware that steals certificates, BaoLoader's operators are known to register legitimate businesses in Panama and Malaysia specifically to purchase valid code-signing certificates from major certificate authorities to sign their payloads. "With these certificates, their malware appears trustworthy to both users and security tools, allowing them to operate largely undetected while being dismissed as merely potentially unwanted programs (PUPs)," ReliaQuest said. The malware, once launched, abuses "node.exe" to run malicious JavaScript for reconnaissance, in-memory command execution, and backdoor access. It also routes command-and-control (C2) traffic through legitimate cloud services, concealing outbound traffic as normal business activity and undermi

Source: The Hacker News

🏷️ Tags

securityhackvulnerabilitycvemalware

More from Cybersecurity

Critical Wordpress Modular Ds Plugin Flaw Actively Exploited To... (2026)

Critical Wordpress Modular Ds Plugin Flaw Actively Exploited To... (2026)

2026-01-15 0
Researchers Reveal Reprompt Attack Allowing Single-click Data... (2026)

Researchers Reveal Reprompt Attack Allowing Single-click Data... (2026)

2026-01-15 0
How To Automate Just-in-time Access To Applications With Tines

How To Automate Just-in-time Access To Applications With Tines

2026-01-15 0
Essential Guide: Model Security Is The Wrong Frame – The Real Risk Is Workflow Security

Essential Guide: Model Security Is The Wrong Frame – The Real Risk Is Workflow Security

2026-01-15 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views