Xerox FreeFlow Vulnerabilities leads to SSRF and RCE Attacks

Threat Score:
46
Cybersecurity News
5 days ago

Overview

An urgent security update has been released for Xerox FreeFlow Core software, addressing two critical vulnerabilities that could allow attackers to execute remote code and perform server-side request forgery attacks.  The vulnerabilities, identified as CVE-2025-8355 and CVE-2025-8356, affect FreeFlow Core version 8.0.4 and require immediate patching to prevent potential exploitation.  Security researchers at Horizon3.ai discovered […]...

Related Articles

5 articles
1

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

The Hacker News 5 hours ago

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft capabilities to target more than 700 banking, shopping, and cryptocurrency applications," Hunt.iosaidin a report. ERMAC wasfirst documentedby ThreatFabric in September 2021, detailing its ability to cond

Score
86
Read more
3

ERMAC v3.0 Banking Malware Source Code Exposed via Weak Password ‘changemeplease’

Cybersecurity News 2 hours ago

Researchers at Hunt.io have made a significant discovery in the cybersecurity field by obtaining and analyzing the complete source code of ERMAC V3.0. This advanced Android banking trojan targets over 700 financial applications worldwide. This unique insight into an active malware-as-a-service platform offers a valuable understanding of modern cybercriminal operations and highlights critical vulnerabilities that could assist […]

Score
78
Read more
4

Threat Actors Abuse npm Developer Accounts Hijacked to Spread Malicious Packages

GB Hackers 5 hours ago

Threat Actors Abuse npm Developer Accounts Hijacked to Spread Malicious Packages A sophisticated phishing campaign targeting the maintainer of eslint-config-prettier, a widely-used npm package with over 3.5 billion downloads, resulted in malicious code being distributed to thousands of developer projects worldwide. The incident, discovered on July 18 by ReversingLabs’ automatedthreat detectionsystem, highlights critical vulnerabilities in modern software development practices, particularly the r

Score
77
Read more
5

New Gmail Phishing Attack With Weaponized Login Flow Steals Login Credentials

Cybersecurity News 1 hour ago

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from legitimate voicemail services. These emails contain spoofed sender information and feature prominent “Listen to Voicemail” […]

Score
76
Read more