A critical supply chain vulnerability dubbed “GerriScary” (CVE-2025-1568) that could have allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chromium, Dart, and Bazel. The vulnerability uncovered by Tenable security researcher Liv Matan exploits…
Category: Cyber Security News
New Veeam Vulnerabilities Enables Malicious Remote Code Execution on Backup Servers
Critical security vulnerabilities have been discovered in Veeam’s backup software solutions that could allow attackers to execute malicious code remotely on backup servers, posing significant risks to enterprise data protection systems. The vulnerabilities, assigned CVE numbers 2025-23121, 2025-24286, and 2025-24287,…
How to Detect Threats Early For Fast Incident Response: 3 Examples
Security Operations Center (SOC) teams are now facing an increasingly complex challenge: identifying and responding to security incidents before they can cause significant damage. The key to effective incident response is not just detecting threats quickly. It is understanding the…
New Microsoft Excel Token Protection Policy May Block Certain Data Imports
Microsoft has announced a significant security update that could disrupt data workflows for organizations heavily reliant on Excel’s Power Query functionality. The Microsoft Entra Conditional Access Token Protection feature, currently in Public Preview, introduces enhanced security measures that may prevent…
Citrix NetScaler ADC and Gateway Vulnerabilities Allow Attackers to Access Sensitive Data
Two critical security vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway products, formerly known as Citrix ADC and Gateway, potentially allowing attackers to access sensitive data and compromise network security. Cloud Software Group, the company behind these networking…
Email Hosting Provider Cock.li Hacked – 1 Million Email Addresses Stolen
A major security breach at email hosting provider Cock[.]li has compromised personal data from over one million users, the company announced in an official statement. The incident specifically targeted the service’s Roundcube webmail platform, affecting approximately 1,023,800 users who had…
WhatsApp to Show Ads for Users in Status & Updates Tab
Meta has announced a significant expansion of WhatsApp’s monetization strategy with the introduction of advertising capabilities within the platform’s Updates tab. The company is implementing three key features: channel subscriptions, promoted channels, and status advertisements, targeting the 1.5 billion daily…
Critical Sitecore CMS Platform Vulnerabilities Let Attackers Gain Full Control of Deployments
Critical vulnerabilities in Sitecore Experience Platform, one of the most widely deployed enterprise content management systems, potentially expose over 22,000 instances worldwide to complete system compromise. The vulnerabilities, discovered by watchTowr researchers, allow attackers to gain full control of Sitecore…
New Sorillus RAT Actively Attacking European Organizations Via Tunneling Services
European organizations are facing a sophisticated cyber threat as the Sorillus Remote Access Trojan (RAT) emerges as a prominent weapon in a multi-language phishing campaign targeting businesses across Spain, Portugal, Italy, France, Belgium, and the Netherlands. The malware, which has…
BeyondTrust Tools RCE Vulnerability Let Attackers Execute Arbitrary Code
A high-severity remote code execution vulnerability has been identified in BeyondTrust’s Remote Support and Privileged Remote Access platforms, potentially allowing attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-5309, carries a CVSSv4 score of 8.6 and…
New Variants of Chaos RAT Attacking Windows and Linux Systems to Steal Sensitive Data
Cybersecurity researchers have identified sophisticated new variants of Chaos RAT, a remote administration tool that has evolved from an open-source project into a formidable cross-platform malware threat targeting both Windows and Linux systems. Originally documented in 2022, this malware has…
ASUS Armoury Crate Vulnerability Let Attackers Escalate to System User on Windows Machine
A critical authorization bypass vulnerability in ASUS Armoury Crate enables attackers to gain system-level privileges on Windows machines through a sophisticated hard link manipulation technique. The vulnerability, tracked as CVE-2025-3464 with a CVSS score of 8.8, affects the popular gaming…
New KimJongRAT Stealer Using Weaponized LNK File to Deploy Powershell Based Dropper
A sophisticated evolution of the KimJongRAT malware family has emerged, demonstrating advanced techniques for credential theft and system compromise through weaponized Windows shortcut files and PowerShell-based payloads. This latest campaign represents a significant advancement from previous variants, incorporating both Portable…
Google Chrome 0-Day Vulnerability Exploited by APT Hackers in the Wild
A sophisticated attack campaign exploiting a Google Chrome zero-day vulnerability tracked as CVE-2025-2783, marking yet another instance of advanced persistent threat (APT) groups leveraging previously unknown security flaws to compromise high-value targets. The vulnerability, which enables sandbox escape capabilities, has…
Critical sslh Vulnerabilities Let Hackers Trigger Remote DoS Attacks
Two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port. The flaws tracked as CVE-2025-46807 and CVE-2025-46806 could be exploited remotely to trigger denial-of-service (DoS) attacks. The vulnerabilities affect sslh versions prior…
Kimsuky and Konni APT Groups Accounts Most Active Attacks Targeting East Asia
North Korean state-sponsored advanced persistent threat (APT) groups Kimsuky and Konni have emerged as the most prolific cyber threat actors targeting East Asian nations, according to the latest threat intelligence findings. In April 2025, these groups orchestrated the highest number…
Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents
A newly identified malware campaign orchestrated by the notorious Kimsuky group has been leveraging password-protected research documents to infiltrate academic networks and compromise sensitive systems. This sophisticated attack represents a significant evolution in social engineering tactics, exploiting the academic community’s…
New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script
Security researchers have uncovered a sophisticated malware campaign utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy multiple types of remote access trojans (RATs). The campaign, discovered in June 2025, involves a cluster of 16 open directories containing obfuscated…
Hackers Deliver Fileless AsyncRAT Using Clickfix Technique via Fake Verification Prompt
A sophisticated fileless malware campaign targeting German-speaking users has emerged, employing deceptive verification prompts to distribute AsyncRAT through the increasingly popular Clickfix technique. The malware masquerades as a legitimate “I’m not a robot” CAPTCHA verification, tricking victims into executing malicious…
XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users
A sophisticated cyber espionage campaign attributed to the XDSpy threat actor has recently been discovered exploiting a zero-day vulnerability in Windows shortcut files. This threat actor, which has operated largely undetected from 2011 until its initial discovery in 2020, has…
Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port
A significant spike was observed in exploitation attempts targeting CVE-2023-28771, a critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders. The coordinated attack campaign, observed on June 16, 2025, represents a concentrated burst of malicious activity…
Threat Actors Exploits OEM Permissions on Android Devices to Perform Privilege Escalation Attacks
Android users face a sophisticated security threat as malicious actors increasingly leverage legitimate system features to gain unauthorized access to devices. A concerning trend has emerged where attackers exploit Original Equipment Manufacturer (OEM) permissions to perform privilege escalation attacks, creating…
CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in targeted attacks against journalists. The vulnerability, tracked as CVE-2025-43200, affects multiple Apple…
Malicious Loan App on iOS & Google Play Store Infected 150K+ Users Devices
A malicious loan application masquerading as a legitimate financial service has infected over 150,000 iOS and Android devices before being removed from official app stores. The app, identified as “RapiPlata,” achieved a Top 20 ranking in the finance category on…
Water Curse Hacker Group Weaponized 76 GitHub Accounts to Deliver Multistage Malware
A sophisticated threat actor known as Water Curse has exploited the inherent trust in open-source software by weaponizing at least 76 GitHub accounts to distribute malicious repositories containing multistage malware. The campaign represents a significant supply chain risk, targeting cybersecurity…
Threat Actors Abuse Windows Run Prompt to Execute Malicious Command and Deploy DeerStealer
Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits Windows’ built-in Run prompt to deliver DeerStealer, a powerful information stealer designed to harvest cryptocurrency wallets, browser credentials, and sensitive personal data. The malicious operation represents a concerning evolution in…
Apache Tomcat Vulnerabilities Allow Authentication Bypass and DoS Attacks
Multiple critical security vulnerabilities affecting Apache Tomcat web servers, including two high-severity flaws enabling denial-of-service (DoS) attacks and one moderate-severity vulnerability allowing authentication bypass. These vulnerabilities, identified as CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, and CVE-2025-49125, impact millions of web applications worldwide running…
Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet
Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy the sophisticated Flodrix botnet malware. The attacks demonstrate how cybercriminals are rapidly weaponizing newly disclosed…
Microsoft Investigating Teams and Exchange Online Services Disruption Impacting Users
Microsoft experienced a significant service disruption affecting multiple Microsoft 365 services, including Teams and Exchange Online, impacting users globally whose requests were routed through the affected infrastructure. The company has confirmed that all services have now recovered following swift mitigative…
Gunra Ransomware Group Allegedly Leaks 40TB of Data from American Hospital
The Gunra ransomware group escalated its attack on American Hospital Dubai (AHD), a premier healthcare facility in Dubai, UAE, by releasing new evidence of a major cyberattack. The group claims to have leaked 40 terabytes of sensitive data, including personal…
Washington Post Journalists’ Microsoft Accounts Hacked in Targeted Cyberattack
The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal authorities examining evidence that suggests the involvement of a foreign government. The intrusion, discovered late…
Washington Post Journalists’ Microsoft Accounts Hacked in Targetetd Cyberattack
The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal authorities examining evidence that suggests the involvement of a foreign government. The intrusion, discovered late…
Microsoft Outlook Users Face Crashes When Creating New Emails, Temp Fix Issued
Enterprise users of classic Microsoft Outlook are experiencing application crashes when attempting to create or open new emails, according to a technical advisory released by Microsoft today. The issue, which primarily affects virtual desktop infrastructure (VDI) environments, has been escalated…
Darknet Market Archetyp Takedown by Authorities in Joint Action ‘Operation Deep Sentinel’
International law enforcement agencies have successfully dismantled one of the world’s largest darknet marketplaces, “Archetyp Market,” in a coordinated operation that resulted in multiple arrests across Europe and the seizure of millions in criminal assets. The operation, led by German…
Former GCHQ Intern Jailed for Seven Years After Copying Top Secret Files to Mobile Phone
A former GCHQ intern has been sentenced to seven-and-a-half years in prison after copying top secret data files onto his mobile phone and taking them to his home computer, creating what prosecutors described as a significant risk to national security.…
Katz Stealer Enhances Credential Theft Capabilities with System Fingerprinting and Persistence Mechanisms
A sophisticated new information-stealing malware known as Katz Stealer has emerged in 2025, demonstrating advanced credential theft capabilities combined with innovative persistence mechanisms that target popular applications like Discord. The malware-as-a-service (MaaS) platform represents a significant evolution in cybercriminal toolkits,…
Microsoft Purview DLP to Restrict Microsoft 365 Copilot in Processing Emails With Sensitive Labels
Microsoft has announced a significant enhancement to its data protection capabilities with the introduction of a new Data Loss Prevention (DLP) feature that will prevent Microsoft 365 Copilot from processing emails containing sensitivity labels. This development represents a crucial step…
Zoomcar Hacked – 8.4 Million Users’ Sensitive Details Exposed
Car-sharing giant Zoomcar Holdings, Inc. has disclosed a significant cybersecurity incident that compromised sensitive personal information of approximately 8.4 million users. The breach, discovered on June 9, 2025, represents one of the largest data exposures in the mobility sector, highlighting…
How PureVPN’s Password Manager Closes A Major Security Gap Hackers Exploit
Your passwords are more than just logins – they’re the gateway to your identity, finances, work, and private life. But here’s the truth: storing them in a password manager is no longer enough. Why? Because traditional password managers protect credentials…
Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation
In a sophisticated cybersecurity incident discovered on June 16, 2025, security researchers identified a malicious payload cleverly hidden within a JPEG image using a combination of steganography and modified Base64 encoding techniques. The malware, embedded after the file’s End Of…
46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks
A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable to complete account takeover attacks. The newly discovered flaw, designated CVE-2025-4123 and dubbed “The Grafana Ghost,” represents a significant threat to organizations…
20+ Malicious Apps on Google Play Actively Attacking Users to Steal Login Credentials
A sophisticated phishing operation involving more than 20 malicious applications distributed through the Google Play Store, specifically designed to steal cryptocurrency wallet credentials from unsuspecting users. The discovery, made by Cyble Research and Intelligence Labs (CRIL), reveals a coordinated campaign…
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data
A sophisticated malware campaign has emerged targeting the Python Package Index (PyPI) repository, with cybercriminals deploying weaponized packages designed to steal sensitive cloud infrastructure credentials and corporate data. The malicious package, identified as “chimera-sandbox-extensions,” represents a new breed of supply…
Hackers Can Hide Images in Text Data and Embeds Directly into DNS TXT Records
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system. This innovative technique, dubbed “dnsimg,” represents a novel approach to data…
North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials
North Korean advanced persistent threat (APT) groups have launched a sophisticated cyber campaign against Ukrainian government agencies, marking a significant departure from their traditional targeting patterns. This shift in focus represents a potentially strategic alignment with Russian interests, as North…
Threat Actors Using Fake Travel Websites to Infect Users’ PCs with XWorm Malware
A sophisticated cybercrime campaign has emerged targeting holiday travelers through meticulously crafted fake travel booking websites designed to mimic legitimate platforms like Booking.com. The operation, which gained significant momentum in the first quarter of 2025, represents an alarming evolution in…
Hackers Hijacked Discord Invite to Inject Malicious Links That Deliver AsyncRAT
Cybercriminals have developed a sophisticated attack campaign that exploits Discord’s invite system to distribute dangerous malware, including AsyncRAT remote access trojans and cryptocurrency-stealing software. The campaign leverages expired Discord invite codes and social engineering tactics to redirect unsuspecting users to…
Hackers Could Hide Images in Text Data and Embeds Directly into DNS TXT Records
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system. This innovative technique, dubbed “dnsimg,” represents a novel approach to data…
Google Massive Cloud Outage Linked to API Management System
Google Cloud experienced one of its most significant outages in recent history on June 12, 2025, when a critical failure in its API management system brought down dozens of services worldwide for up to seven hours. The incident affected millions…
Anubis Ransomware With Wipe Mode That Permanently Erases File With No Recovery Option
A new ransomware-as-a-service operation has emerged in the cyberthreat landscape, introducing a devastating capability that sets it apart from conventional ransomware families. Anubis ransomware combines traditional file encryption with a destructive “wipe mode” feature that permanently erases file contents, making…
IBM Backup Services Vulnerability Let Attackers Escalate Privileges
A critical security vulnerability in IBM Backup, Recovery, and Media Services for the i platform that could allow attackers to gain elevated privileges and execute malicious code with component-level access to the host operating system. The vulnerability, tracked as CVE-2025-33108,…
GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT
Cybersecurity researchers have uncovered a sophisticated campaign by the GrayAlpha threat actor group that leverages fake browser update pages to deploy advanced malware, including a newly identified custom PowerShell loader dubbed PowerNet. The operation, which has been active since at…
KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft
A significant security vulnerability has been discovered in KIA vehicles sold in Ecuador, potentially affecting thousands of cars and exposing them to sophisticated theft techniques. Independent hardware security researcher Danilo Erazo has identified that KIA-branded aftermarket keyless entry systems used…
LockBit’s Admin Panel Leak Exposes It’s Affiliates & Millions in Crypto
The cybersecurity world witnessed an unprecedented breach on May 7, 2025 when an anonymous threat actor known as “xoxo from Prague” successfully infiltrated LockBit’s administrative panel, replacing their Tor website with the message “Don’t do crime CRIME IS BAD xoxo…
Detecting Zero-Day Vulnerabilities in .NET Assemblies With Claude AI
Cybersecurity researchers have achieved a significant breakthrough in automated vulnerability detection by successfully leveraging Claude AI to identify zero-day exploits in .NET assemblies. This innovative approach combines artificial intelligence with reverse engineering techniques to discover previously unknown security flaws in…
Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services
A sophisticated cybercriminal enterprise known as VexTrio has orchestrated one of the most extensive WordPress compromise campaigns ever documented, hijacking hundreds of thousands of websites globally to operate massive traffic distribution systems (TDS) that funnel victims into elaborate scam networks.…
Windows 11 24H2 KASLR Broken Using an HVCI-Compatible Driver with Physical Memory Access
A security researcher has published a detailed analysis demonstrating how Kernel Address Space Layout Randomization (KASLR) protections can be circumvented on Windows 11 24H2 systems through exploitation of an HVCI-compatible driver with physical memory access capabilities. The research, published by…
NIST Released 19 Zero Trust Architecture Implementations Guide – What’s New
The National Institute of Standards and Technology (NIST) has published a new resource to aid organizations in implementing zero trust architectures (ZTAs), a cybersecurity approach that assumes no user or device is inherently trustworthy. The guidance, titled Implementing a Zero…
Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files
Tenable, a prominent cybersecurity provider, has released version 10.8.5 of its Agent software to address three critical security vulnerabilities affecting Windows hosts running versions prior to 10.8.5. These flaws, identified as CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, could allow non-administrative users to…
AMOS macOS Stealer Hides in GitHub With Advanced Sophistication Methods
A sophisticated new variant of the AMOS macOS stealer has emerged, demonstrating unprecedented levels of technical sophistication in its distribution and obfuscation methods. The malware leverages GitHub repositories as distribution platforms, exploiting the platform’s legitimacy to bypass security measures and…
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply chain. Over the past year, threat actors have significantly escalated their attacks against Web3 developers by publishing malicious packages to…
China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure
Cross-strait tensions have escalated into a new domain as China and Taiwan engage in unprecedented mutual accusations of cyberwarfare targeting critical infrastructure systems. The diplomatic dispute has intensified following Taiwan President Lai Ching-te’s first year in office, during which both…
Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools
The penetration testing community has received a significant upgrade with the release of Kali Linux 2025.2, marking another milestone in the evolution of this essential cybersecurity platform. This latest version introduces groundbreaking smartwatch capabilities, a completely redesigned menu system, and…
Microsoft 365 Authentication Issues Disrupt User Access Across Multiple Regions
Microsoft 365 users across Asia Pacific, Europe, the Middle East, and Africa are experiencing significant authentication disruptions that are preventing administrators from adding multifactor authentication (MFA) sign-in methods to user accounts. The service degradation, which began affecting users on Friday,…
Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection
Despite sustained international pressure, sanctions, and public exposures over the past two years, the sophisticated Predator mobile spyware has demonstrated remarkable resilience, continuing to evolve and adapt its infrastructure to evade detection while maintaining operations across multiple continents. The mercenary…
New GitHub Device Code Phishing Attacks Targeting Developers to Steal Tokens
Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits GitHub’s OAuth2 device authorization flow to compromise developer accounts and steal authentication tokens. This emerging threat represents a significant evolution in social engineering tactics, leveraging legitimate GitHub functionality to…
Acer Control Center Vulnerability Let Attackers Execute Malicious Code as a Privileged User
A severe security vulnerability has been discovered in the Acer Control Center software, which could allow attackers to execute arbitrary code with system-level privileges. The vulnerability, identified in the ACCSvc.exe process, involves misconfigured Windows Named Pipe permissions that enable unauthenticated…
New SmartAttack Steals Sensitive Data From Air-Gapped Systems via Smartwatches
A sophisticated new attack method called “SmartAttack” that can breach supposedly secure air-gapped computer systems using smartwatches as covert data receivers. The groundbreaking research demonstrates how attackers can exploit ultrasonic frequencies to exfiltrate sensitive information from isolated networks, challenging traditional…
Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access
A critical spoofing vulnerability in Microsoft Defender for Identity (MDI) allows unauthenticated attackers to escalate privileges and gain unauthorized access to Active Directory environments. The vulnerability, designated as CVE-2025-26685, exploits the Lateral Movement Paths (LMPs) feature in the MDI sensor,…
PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
A proof-of-concept exploit published for CVE-2025-21420, a newly discovered elevation of privilege vulnerability affecting the Windows Disk Cleanup Tool (cleanmgr.exe). The vulnerability allows attackers to escalate privileges to SYSTEM level by exploiting improper link resolution mechanisms within the SilentCleanup scheduled…
New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change
A critical vulnerability that allows attackers to bypass AI-powered content moderation systems using minimal text modifications. The “TokenBreak” attack demonstrates how adding a single character to specific words can fool protective models while preserving the malicious intent for target systems,…
HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit
A significant security vulnerability in HashiCorp Nomad workload orchestrator that allows attackers to escalate privileges by exploiting the Access Control List (ACL) policy lookup mechanism. The vulnerability, tracked as CVE-2025-4922, affects both Community and Enterprise editions of Nomad across multiple…
Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware
The Fog ransomware group has evolved beyond conventional attack methods, deploying an unprecedented arsenal of legitimate pentesting tools in a sophisticated May 2025 campaign targeting a financial institution in Asia. This latest operation marks a significant departure from typical ransomware…
Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider
Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) systems. The attack represents a concerning evolution in ransomware tactics, where threat actors are leveraging trusted remote…
Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists
The advanced Graphite mercenary spyware, developed by Paragon, targets journalists through a sophisticated zero-click vulnerability in Apple’s iOS. At least three European journalists have been confirmed as targets, with two cases forensically verified. The spyware exploited a zero-day vulnerability in iOS…
PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers
A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub. The vulnerability, tracked as CVE-2025-33053, has reportedly been actively exploited by advanced persistent threat (APT) groups in targeted campaigns…
Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation
Cybersecurity researchers have uncovered a sophisticated malware campaign that leveraged an advanced JavaScript obfuscation technique to compromise hundreds of legitimate websites and redirect unsuspecting visitors to malicious content. The campaign, which infected over 269,000 webpages between March and April 2025,…
Google Cloud and Cloudflare Suffers Massive Widespread Outages
Two of the internet’s most critical infrastructure providers experienced significant service outages yesterday, disrupting millions of users worldwide as both Cloudflare and Google services suffered widespread failures within hours of each other. Cloudflare’s extensive service disruption began at approximately 18:19…
DragonForce Ransomware Group – The Rise of a Relentless Cyber Threat in 2025
The cybersecurity landscape has witnessed the emergence of increasingly sophisticated ransomware operations, with DragonForce standing out as a particularly concerning threat actor that has evolved from politically motivated attacks to large-scale financial extortion campaigns. DragonForce ransomware group launched in 2023…
Cloudflare Warns of DDoS Attacks Targeting Journalists and News Organizations
Cybersecurity firm Cloudflare has issued a stark warning about the escalating threat landscape facing independent media organizations worldwide, revealing that journalists and news outlets have become the primary targets of sophisticated distributed denial-of-service (DDoS) attacks. The company’s latest Project Galileo…
Threat Actors Exploiting Expired Discord Invite Links to Deliver Multi-Stage Malware
Cybercriminals have discovered a sophisticated new attack vector that exploits a critical flaw in Discord’s invitation system, allowing them to hijack expired invite links and redirect unsuspecting users to malicious servers hosting advanced malware campaigns. This emerging threat leverages the…
Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions
A critical command injection vulnerability in Palo Alto Networks PAN-OS operating system enables authenticated administrative users to escalate privileges and execute commands as the root user. Designated as CVE-2025-4231, this medium-severity vulnerability affects multiple versions of the company’s firewall operating…
OpenPGP.js Vulnerability Let Attackers Spoof Message Signature Verification
A critical vulnerability in the widely-used OpenPGP.js library has been discovered that allows attackers to forge digital signatures and deceive users into believing malicious content was legitimately signed by trusted sources. The flaw, designated CVE-2025-47934, represents a fundamental breach of…
Threat Actors Leverages DeepSeek-R1 Popularity to Attack Users Running Windows Devices
Cybercriminals have begun exploiting the surge in popularity of DeepSeek-R1, one of the most sought-after large language models currently available, to distribute a sophisticated new malware strain targeting Windows users. The malicious campaign uses the artificial intelligence chatbot’s growing demand…
Microsoft Outlook’s New Two-Click View for Encrypted Emails Protects You From Accidental Exposure
Microsoft is set to launch a significant security enhancement for Outlook users across multiple platforms. Starting April 2025, the company will roll out a new two-click verification feature for encrypted emails, requiring users to confirm their intent to access sensitive…
SoftBank DataBreach – 137,000 Users Personal Data Exposed From Third-party Service Provider
SoftBank Corporation, an investment holding company, disclosed a significant data breach affecting 137,156 mobile subscribers through compromised third-party infrastructure. The incident, which occurred in December 2024 but was only discovered in March 2025, represents a critical failure in vendor security…
CyberEYE RAT Disable Windows Defender Using PowerShell and Registry Manipulations
A sophisticated new Remote Access Trojan known as CyberEYE has emerged as a significant threat to Windows systems, demonstrating advanced capabilities to completely disable Windows Defender through a combination of PowerShell commands and registry manipulations. This modular, .NET-based malware leverages…
Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller
Microsoft has resolved a critical bug in Windows Server 2025 that caused Active Directory Domain Controllers to improperly manage network traffic after system restarts, resulting in service disconnections and application failures. The comprehensive patch, identified as KB5060842, was deployed on…
Don’t Click ‘Unsubscribe’ Links Blindly It May Leads to Loss of Credentials
A sophisticated cyber threat campaign leveraging malicious unsubscribe links has emerged as a significant security concern, targeting unsuspecting email users across the globe. This deceptive attack vector exploits users’ natural desire to clean up their inboxes, transforming what appears to…
Multiple GitLab Vulnerabilities Allow Attackers to Achieve Complete Account Takeover
A series of critical security vulnerabilities across GitLab Community Edition (CE) and Enterprise Edition (EE) platforms that could enable attackers to achieve complete account takeover and compromise entire development infrastructures. The company released emergency patch versions 18.0.2, 17.11.4, and 17.10.8…
OneLogin AD Connector Vulnerabilities Exposes Authentication Credentials
A comprehensive security investigation has revealed critical vulnerabilities in OneLogin’s Active Directory (AD) Connector service that exposed authentication credentials and enabled attackers to impersonate legitimate users across enterprise environments. The vulnerabilities, which affect OneLogin’s widely-used identity and access management platform,…
Palo Alto Networks PAN-OS Vulnerability Let Attacker Run Arbitrary Commands as Root User
A newly disclosed command injection vulnerability in Palo Alto Networks’ PAN-OS operating system poses significant security risks to enterprise firewall infrastructures worldwide. The vulnerability, catalogued as CVE-2025-4230, enables authenticated administrators with command-line interface (CLI) access to execute arbitrary commands with…
Threat Actors Allegedly Selling MaaS Botnet on Hackers Forums
Threat actors are allegedly offering the complete source code of a sophisticated Malware-as-a-Service (MaaS) botnet for sale. This advanced malicious framework represents a significant escalation in cybercriminal capabilities, leveraging legitimate enterprise-grade technologies and blockchain integration to create a highly resilient…
Trend Micro Apex One Vulnerability Allow Attackers to Inject Malicious Code
Multiple critical security vulnerabilities in the Trend Micro Apex One enterprise security platform could enable attackers to inject malicious code and escalate privileges on affected systems. The company released emergency patches on June 9, 2025, to address five distinct vulnerabilities tracked under…
New Account Takeover Campaign Leverages Pentesting Tool to Attack Entra ID User Accounts
A sophisticated account takeover campaign has emerged, exploiting a legitimate penetration testing framework to compromise Microsoft Entra ID environments across hundreds of organizations worldwide. The malicious activity, which began intensifying in December 2024, demonstrates how cybercriminals are increasingly weaponizing security…
Threat Actors Weaponizing Bat Files to Deliver Quasar RAT
Cybersecurity researchers have identified a sophisticated new campaign where threat actors are leveraging Windows batch files to deliver the notorious Quasar Remote Access Trojan (RAT). This attack vector represents a concerning evolution in malware distribution tactics, as attackers continue to…
Windows SMB Client Zero-Day Vulnerability Exploited Using Reflective Kerberos Relay Attack
A critical zero-day vulnerability affecting Windows systems that allows attackers to achieve privilege escalation through a novel Reflective Kerberos Relay Attack. The vulnerability, designated CVE-2025-33073, was patched by Microsoft on June 10, 2025, as part of their monthly Patch Tuesday…
Hackers Attacking Apache Tomcat Manager From 400 Unique IPs
A significant coordinated attack campaign targeting Apache Tomcat Manager interfaces, with threat actors leveraging approximately 400 unique IP addresses in a concentrated attack that peaked on June 5, 2025. The attack represents a substantial increase in malicious activity, with observed…
Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums
A sophisticated new threat platform, Nytheon AI, has emerged, which combines multiple uncensored large language models (LLMs) built specifically for malicious activities. The platform, discovered by Cato CTRL, is being actively promoted on popular hacking forums, including XSS and various…
CISA Releases Guide to Protect Network Edge Devices From Hackers
CISA and international cybersecurity partners have released a comprehensive suite of guidance documents aimed at protecting critical network edge devices from increasingly sophisticated cyberattacks. This coordinated effort, involving cybersecurity authorities from nine countries, including Australia, Canada, the United Kingdom, and…