Category: Cyber Security News

The deluge of bargain-priced ads that flooded social networks during Latin America’s “Hot Sale 2025” has now been traced to a sprawling Chinese-built malware operation that weaponizes thousands of convincingly branded storefronts to harvest payment credentials. First noticed by Mexican…

Read more →

The cybersecurity landscape has witnessed a dramatic escalation in pro-Russian hacktivist activities since the onset of 2025, with emerging alliances between established and newly formed groups launching increasingly sophisticated attacks against Western infrastructure. These cyber operations, driven by geopolitical tensions…

Read more →

Microsoft Corporation has confirmed a significant workforce reduction affecting approximately 9,000 employees, representing nearly 4% of its global workforce.  This strategic restructuring comes as the technology giant continues to navigate the complex landscape of artificial intelligence infrastructure investments while maintaining…

Read more →

Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems.  The vulnerabilities, designated CVE-2025-53109 and CVE-2025-53110, affect all versions prior to 0.6.3 and represent a significant…

Read more →

Penetration testing, also known as ethical hacking, is a critical process in cybersecurity aimed at identifying and addressing vulnerabilities within systems, networks, and applications. By simulating real-world attacks, penetration testing helps organizations uncover weaknesses before malicious actors can exploit them.…

Read more →

Windows Shortcut (LNK) files, traditionally used for creating quick access links to applications and files, have emerged as a prominent attack vector in the cybersecurity landscape. These seemingly innocuous files, identifiable by their small arrow icon overlay, are increasingly being…

Read more →

A newly disclosed critical vulnerability in Wing FTP Server has been assigned CVE-2025-47812 with a maximum CVSSv4 score of 10.0, allowing unauthenticated attackers to achieve complete server control.  The vulnerability, discovered by security researcher Julien Ahrens from RCE Security, affects…

Read more →

A significant security vulnerability discovered in the widely used Sudo utility has remained hidden for over 12 years, potentially exposing millions of Linux and Unix systems to privilege escalation attacks.  The vulnerability identified as CVE-2025-32462 allows unauthorized users to gain…

Read more →

CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild.  The vulnerability, designated CVE-2025-6554, affects the Chromium V8 JavaScript engine and has been added to CISA’s Known Exploited…

Read more →

A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in prison at Inner London Crown Court. The case represents a…

Read more →

A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices.  The vulnerability, designated CVE-2025-20309 with a maximum CVSS score of 10.0, affects Engineering Special releases and stems from…

Read more →

In 2025, cybersecurity is not just a technical requirement it’s a fundamental pillar of modern business resilience and digital trust. As organizations worldwide accelerate their digital transformation, move to hybrid and multi-cloud environments, and embrace remote workforces, the threat landscape…

Read more →

In today’s hyper-connected world, cyber threats are more advanced, persistent, and damaging than ever before. Organizations, regardless of their size or industry, face relentless attempts from hackers seeking to exploit vulnerabilities and gain unauthorized access to sensitive data. As we…

Read more →

A newly identified security vulnerability in the Cl0p ransomware group’s data exfiltration utility has exposed a critical remote code execution (RCE) flaw that security researchers and rival threat actors could potentially exploit.  The vulnerability, designated as GCVE-1-2025-0002, was published on…

Read more →

Cybercriminals have significantly escalated their use of PDF attachments as attack vectors, leveraging the trusted document format to impersonate major brands including Microsoft, DocuSign, Dropbox, PayPal, and Adobe in sophisticated phishing campaigns. These attacks exploit the widespread trust users place…

Read more →

A sophisticated new macOS malware campaign has emerged targeting Web3 and cryptocurrency platforms, employing advanced techniques rarely seen in Apple’s ecosystem. The malware, designated as NimDoor by security researchers, represents a significant evolution in macOS threats through its use of…

Read more →

A significant cybersecurity incident at Esse Health has compromised the personal and health information of approximately 263,000 patients, marking one of the most substantial healthcare data breaches of 2025. The Missouri-based healthcare provider discovered suspicious network activity on April 21,…

Read more →

A critical security vulnerability has been discovered in popular Integrated Development Environments (IDEs) that allows malicious actors to bypass trust verification systems and execute code on developer machines while maintaining the appearance of legitimate, verified extensions. The flaw affects some…

Read more →

You might think your security stack has things covered. But some threats are built specifically to slip through it quietly, without raising a single flag.  They don’t explode on arrival. They wait for someone to open a file, scan a…

Read more →

A sophisticated Android malware campaign targeting banking credentials and two-factor authentication codes has emerged as a significant threat to users across Central Asia, particularly in Uzbekistan. The malware, dubbed Qwizzserial, represents a dangerous evolution in mobile banking fraud, exploiting the…

Read more →

Cybercriminals have intensified their assault on poorly managed Linux SSH servers, deploying sophisticated proxy tools to establish covert network infrastructure. These attacks represent a shift from traditional malware deployment toward the strategic installation of legitimate networking tools for malicious purposes.…

Read more →

Microsoft is strengthening its cybersecurity arsenal with the introduction of Mail Bombing Detection in Microsoft Defender for Office 365, a sophisticated feature designed to combat the growing threat of email bombing attacks. We have already notified the implementation of Microsoft…

Read more →

The digital landscape is experiencing a fundamental transformation as artificial intelligence crawlers emerge as dominant forces across the global internet infrastructure. Recent analysis reveals that automated bots now account for approximately 30% of all worldwide web traffic, marking a significant…

Read more →

A newly discovered denial-of-service vulnerability in the ModSecurity Web Application Firewall (WAF) engine has security experts on high alert. The flaw, designated CVE-2025-52891, affects specific versions of mod_security2 and can be triggered by processing XML requests containing empty tags, potentially causing complete service…

Read more →

Microsoft Intune administrators are facing a critical issue where their carefully configured security baseline policy customizations are being lost during version updates, potentially leaving enterprise environments vulnerable to security gaps.  The Intune Support Team officially acknowledged this known issue on…

Read more →

A sophisticated Remote Access Trojan (RAT) campaign targeting Colombian organizations has emerged, employing advanced evasion techniques to establish persistent remote control over Windows systems. The malware, identified as DCRAT, represents a significant escalation in cyber threats against Latin American entities,…

Read more →

Microsoft has announced significant modifications to its popular Authenticator application, with critical features being discontinued in the coming months.  Starting July 2025, the autofill functionality within Microsoft Authenticator will cease operations, followed by the complete removal of password accessibility features…

Read more →

CISA has issued an urgent warning regarding two critical vulnerabilities in TeleMessage TM SGNL that threat actors are currently exploiting in active attack campaigns. The vulnerabilities, tracked as CVE-2025-48927 and CVE-2025-48928, pose significant security risks to organizations utilizing this communication…

Read more →

The International Criminal Court (ICC) has successfully detected and contained a sophisticated cybersecurity incident that targeted the judicial institution late last week.  This marks the second major cyber attack of this type against the ICC in recent years, highlighting the…

Read more →

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed comprehensive sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) services provider that enabled cybercriminal activities worldwide.  The action, announced July 1, 2025, targets the critical…

Read more →

A critical Remote Code Execution (RCE) vulnerability in Anthropic’s MCP Inspector tool, designated as CVE-2025-49596, has a severe CVSS score of 9.4.  This vulnerability represents one of the first critical security flaws found in Anthropic’s Model Context Protocol (MCP) ecosystem,…

Read more →

A severe arbitrary file deletion vulnerability has been discovered in the popular Forminator WordPress plugin, affecting over 600,000 active installations worldwide.  The vulnerability, assigned CVE-2025-6463 with a high CVSS rating of 8.8, allows unauthenticated attackers to delete critical system files,…

Read more →

As digital security and privacy demands evolve, users and businesses are increasingly seeking VPN alternatives that offer more robust protection, better scalability, and seamless remote access. While traditional VPNs remain popular, their limitations such as latency, complex management, and scalability…

Read more →

A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats.  The vulnerability, designated as CVE-2025-45080, affects version 1.23.36 of the YONO SBI: Banking & Lifestyle app…

Read more →

The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability,…

Read more →

A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging…

Read more →

The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on their own systems. Originally introduced by Proofpoint researchers in April 2024, this deceptive technique tricks…

Read more →

The escalating tensions between Iran and Israel have triggered an unprecedented surge in hacktivist cyber operations, with over 80 distinct groups launching coordinated attacks across 18 critical infrastructure sectors. Following Israeli airstrikes on Iranian military and nuclear facilities in June…

Read more →

A sophisticated phishing campaign leveraging the Snake Keylogger malware has emerged, exploiting legitimate Java debugging utilities to bypass security mechanisms and target organizations worldwide. The Russian-originated .NET malware, distributed through a Malware as a Service (MaaS) model, represents a significant…

Read more →

As attack vectors multiply and threat actors become increasingly sophisticated, security teams struggle to keep pace with the volume and complexity of modern cyber threats. SOCs and MSSPs operate in a high-stakes environment where every minute counts.  Main Challenges Of…

Read more →

Google Chrome for Android is on the verge of a major upgrade that could reshape how users consume online content. The browser is testing a new feature called AI Audio Overviews, which transforms any webpage into a podcast-style audio summary,…

Read more →

Linus Torvalds has released Linux kernel 6.16-rc4, marking another stable milestone in the development cycle despite what he describes as a “fairly large merge window.”  The latest release candidate continues the trend of maintaining stability while addressing critical issues across…

Read more →

A sophisticated cybercriminal network operating from Pakistan has constructed over 300 cracking websites since 2021, serving as distribution platforms for information-stealing malware that targets users seeking pirated software. This extensive operation represents one of the largest documented cases of coordinated…

Read more →

European law enforcement agencies have successfully dismantled a sophisticated cryptocurrency investment fraud network that laundered EUR 460 million in illicit profits from over 5,000 victims globally.  The coordinated operation, executed on June 25, 2025, represents one of the largest international…

Read more →

Microsoft is set to revolutionize user interaction with artificial intelligence agents and bots in Teams through a streamlined integration experience launching in June 2025.  The technology giant will deploy this enhanced agent engagement system to a randomized subset of users…

Read more →

The cybersecurity landscape continues to evolve as threat actors adapt their tactics to bypass modern security measures. A recently identified campaign by the Blind Eagle threat group, also known as APT-C-36, demonstrates how sophisticated attackers are leveraging readily available tools…

Read more →

A critical vulnerability that allows low-privileged attackers to decrypt Chrome’s AppBound Cookie Encryption, a security feature Google introduced in July 2024 to protect user cookies from infostealer malware.  The attack, dubbed C4 (Chrome Cookie Cipher Cracker), exploits a Padding Oracle…

Read more →

A critical remote code execution (RCE) vulnerability affecting Django web applications, demonstrating how seemingly benign CSV file upload functionality can be weaponized for complete server compromise.  Summary1. Django RCE exploit chains directory traversal with CSV parser abuse to compromise servers…

Read more →

North Korean state-sponsored remote IT workers have significantly evolved their infiltration tactics, incorporating artificial intelligence tools and sophisticated deception techniques to penetrate organizations worldwide. Since 2024, these highly skilled operatives have enhanced their fraudulent employment schemes by leveraging AI-powered image…

Read more →

The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers’ illicit revenue generation schemes that have defrauded American companies and funded the DPRK’s weapons programs. Summary1. The U.S.…

Read more →

CISA has issued an urgent warning regarding a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway products, designated as CVE-2025-6543.  Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June 30, 2025, threat actors are actively exploiting this…

Read more →

A critical security vulnerability in the widely used Linux Sudo utility has been disclosed, allowing any local unprivileged user to escalate privileges to root access.  Summary1. CVE-2025-32463 affects Sudo versions 1.9.14-1.9.17, enabling privilege escalation to root.2. Exploitation uses the chroot…

Read more →

Endpoint management is now a cornerstone of modern IT operations, enabling organizations to secure, monitor, and optimize devices across diverse environments. As hybrid and remote work models continue to expand, the need for robust endpoint management tools is greater than…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Defense Cyber Crime Center, and National Security Agency, has issued an urgent warning regarding potential cyber attacks by Iranian-affiliated actors targeting U.S. critical infrastructure. Despite ongoing ceasefire…

Read more →

Google has issued an urgent security update for Chrome browser users worldwide, addressing a critical zero-day vulnerability that is actively being exploited by cybercriminals. The high-severity flaw, designated CVE-2025-6554, allows attackers to execute arbitrary code on affected systems through a…

Read more →

A sophisticated new phishing campaign has emerged, leveraging obsolete Windows file formats and advanced evasion techniques to distribute the notorious Remcos Remote Access Trojan. The attack chain employs DBatLoader as its primary delivery mechanism, utilizing a combination of User Account…

Read more →

Over 2,100 vulnerable Citrix NetScaler servers remain exposed to active exploitation, despite patches being available for critical vulnerabilities that allow attackers to bypass authentication mechanisms and steal session tokens. Cybersecurity firm ReliaQuest has issued warnings about active exploitation of two…

Read more →

Microsoft has released RIFT (Rust Identification and Function Tagging), a groundbreaking open-source tool designed to help cybersecurity analysts identify and analyze malware concealed within Rust binaries.  The cybersecurity community has witnessed a significant shift toward Rust-based malware development over the…

Read more →

Multiple critical vulnerabilities in D-Link router models could allow remote attackers to execute arbitrary code and gain unauthorized access to the network infrastructure.  The vulnerabilities affect all hardware revisions and firmware versions of the non-US DIR-816 models, which have now…

Read more →

Cybercriminals have launched a sophisticated campaign exploiting Facebook’s advertising platform to distribute malware and steal cryptocurrency wallet credentials, targeting users worldwide through deceptive Pi Network-themed advertisements. The malicious operation, which began on June 24, 2025, coincides with the Pi2Day celebration…

Read more →

Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest…

Read more →

Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attackers execute arbitrary Python with a single crafted POST request. Within hours of the public…

Read more →

Managed Security Service Providers (MSSPs) are specialized companies that deliver outsourced cybersecurity services to protect businesses from evolving cyber threats. These providers offer a range of services, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support. MSSPs help…

Read more →

Glasgow City Council has issued an urgent warning to residents about a sophisticated parking fine scam that has emerged amid ongoing cybersecurity concerns affecting the city’s digital infrastructure. The fraudulent scheme targets motorists through text messages and emails claiming they…

Read more →

Germany’s data protection authorities have escalated their scrutiny of Chinese artificial intelligence applications, with Berlin’s data protection commissioner Meike Kamp formally requesting Apple and Google to review and potentially remove DeepSeek from their respective app stores. The move, announced on…

Read more →

Malware analysis is a critical skill for cybersecurity professionals, threat hunters, and incident responders. With the growing sophistication of cyber threats, having access to reliable, free malware analysis tools is essential for dissecting, understanding, and mitigating malicious software. This article…

Read more →

Scattered Spider burst onto the cybersecurity stage in early 2022 as little more than a SIM-swapping crew, but by mid-2025 it had pivoted into a full-scale, financially motivated threat group leveraging advanced phishing toolkits to breach some of the world’s…

Read more →

A major security flaw affecting millions of Bluetooth headphones and earbuds has been discovered, allowing attackers to remotely hijack devices and spy on users without requiring any authentication or pairing.  The vulnerabilities, identified by cybersecurity researchers at ERNW, affect devices…

Read more →

DragonForce ransomware has emerged as one of the most sophisticated threats in the cybercriminal ecosystem, transforming from a hacktivist collective into a mature Ransomware-as-a-Service (RaaS) operation since its debut in December 2023. The group initially gained notoriety through ideologically driven…

Read more →

A comprehensive analysis of the global ransomware landscape has revealed that exploited vulnerabilities remain the dominant attack vector, accounting for 32% of all successful ransomware incidents targeting organizations worldwide. This marks the third consecutive year that vulnerability exploitation has topped…

Read more →

Looking for the best Android password managers in 2025? You’re in the right place. With growing online threats and more accounts than ever, using a reliable Android password manager is essential to protect your digital identity. Whether you’re storing credentials,…

Read more →

Zig Strike is a sophisticated offensive toolkit designed to bypass advanced security solutions, including Anti-Virus (AV), Next-Generation Antivirus (NGAV), and Endpoint Detection and Response (XDR/EDR) systems.  This open-source toolkit represents a significant evolution in red team capabilities, leveraging the modern Zig programming…

Read more →

A recent incident response investigation from THE DFIR report has revealed the sophisticated tactics employed by RansomHub ransomware operators in a coordinated attack campaign that compromised an entire corporate network through an exposed Remote Desktop Protocol (RDP) server. The attack,…

Read more →

Cybersecurity experts and federal authorities are sounding urgent alarms as the notorious Scattered Spider hackers have pivoted to targeting the aviation and transportation sectors, marking a dangerous escalation in their operations. The FBI has confirmed that the cybercriminal group, also…

Read more →

Managed Security Service Providers (MSSPs) are specialized companies that deliver outsourced cybersecurity services to protect businesses from evolving cyber threats. These providers offer a range of services, including 24/7 threat monitoring, incident response, vulnerability management, and compliance support. MSSPs help…

Read more →

Cybercriminals have discovered a new frontier for malware distribution by weaponizing TikTok’s massive user base and algorithmic reach. A sophisticated social engineering campaign has emerged that leverages AI-generated videos to trick users into downloading dangerous information-stealing malware disguised as software…

Read more →

The cyber-espionage landscape targeting Ukraine has witnessed a significant evolution with the transformation of GIFTEDCROOK malware from a rudimentary browser credential stealer into a sophisticated intelligence-gathering platform. Initially discovered as a basic infostealer in early 2025, this malware has undergone…

Read more →

A sophisticated cyber attack campaign targeting South Korean web servers has emerged, with threat actors deploying MeshAgent and SuperShell malware to compromise both Windows and Linux infrastructure. The multi-platform assault demonstrates an escalation in attack complexity, as adversaries leverage file…

Read more →

A sophisticated new malware campaign targeting Near Field Communication (NFC) payment systems has emerged as a significant global cybersecurity threat, transforming what began as a localized attack in Eastern Europe into a worldwide phenomenon. The malicious operation, first identified by…

Read more →

Microsoft has announced a significant enhancement to Teams that will automatically detect and set employees’ work locations based on their connection to organizational Wi-Fi networks.  This innovative feature, scheduled for general availability in early September 2025, represents a major advancement…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign exploiting the popularity of artificial intelligence tools to target Chinese-speaking users. The attack leverages fake installers masquerading as legitimate software downloads, including the popular AI chatbot DeepSeek, to deploy advanced persistent threats…

Read more →

A Kansas City man has admitted to infiltrating a nonprofit organization’s computer network using sophisticated hacking techniques in what authorities describe as an elaborate scheme to demonstrate cybersecurity vulnerabilities.  Nicholas Michael Kloster, 32, pleaded guilty on Wednesday to federal computer…

Read more →

Let’s Encrypt, the world’s largest certificate authority, announced its readiness to begin issuing SSL/TLS certificates for IP addresses through its production environment, marking a significant advancement in internet security infrastructure.  The certificates will be available exclusively under the organization’s short-lived…

Read more →

Cybercriminals have begun exploiting the widespread popularity of CapCut, the dominant short-form video editing application, to orchestrate sophisticated phishing campaigns targeting Apple ID credentials and credit card information. This emerging threat demonstrates how attackers strategically leverage trending applications to enhance…

Read more →

A sophisticated new malware campaign targeting macOS users has emerged, employing deceptive “Clickfix” tactics to distribute malicious AppleScripts designed to harvest sensitive user credentials and financial data. The campaign leverages typosquatted domains that closely mimic legitimate finance platforms and Apple…

Read more →

A critical pre-authentication denial of service vulnerability was identified as CVE-2025-6709, affecting multiple versions of MongoDB Server across its 6.0, 7.0, and 8.0 release branches.  Summary1. MongoDB CVE-2025-6709 allows unauthenticated attackers to crash servers (CVSS 7.5).2. Malicious JSON payloads with…

Read more →

Microsoft is retiring one of computing’s most recognizable error messages after nearly four decades. The iconic Blue Screen of Death (BSOD) that has haunted Windows users since the 1980s will be replaced with a streamlined Black Screen of Death as part…

Read more →

A sophisticated cyber attack targeting critical national infrastructure in the Middle East has revealed how threat actors are leveraging Windows Task Scheduler to maintain persistent access to compromised systems. The attack involves a malicious variant of the Havoc framework, a…

Read more →

A sophisticated new social engineering technique called ClickFix has exploded across the cyberthreat landscape, experiencing an unprecedented surge of 517% between the second half of 2024 and the first half of 2025. This alarming growth has propelled ClickFix to become…

Read more →

Since 2018, the advanced persistent threat group APT-C-36, commonly known as Blind Eagle, has emerged as a formidable cyber adversary targeting critical sectors across Latin America. This sophisticated threat actor has demonstrated persistent focus on Colombian organizations, launching coordinated attacks…

Read more →

Mitsubishi Electric has disclosed a critical authentication bypass vulnerability affecting 27 different air conditioning system models, potentially allowing remote attackers to gain unauthorized control over building HVAC systems. The vulnerability, tracked as CVE-2025-3699, carries a maximum CVSS score of 9.8,…

Read more →

WhatsApp has unveiled a groundbreaking new feature that leverages artificial intelligence to help users quickly navigate their unread messages.  The messaging platform announced on June 25, 2025, the introduction of Message Summaries, an AI-driven tool designed to provide instant overviews…

Read more →

A sophisticated spear-phishing campaign targeting Israeli cybersecurity experts and computer science professors has emerged amid escalating tensions between Iran and Israel. The Iranian threat group Educated Manticore, widely associated with the Islamic Revolutionary Guard Corps’ Intelligence Organization, has launched precision…

Read more →

A sophisticated phishing campaign affecting more than 70 organizations by exploiting Microsoft 365’s Direct Send feature. This novel attack method allows threat actors to spoof internal users and deliver phishing emails without ever needing to compromise an account, bypassing traditional…

Read more →

A significant security vulnerability in Hewlett-Packard Enterprise OneView for VMware vCenter (OV4VC) platform that could allow attackers with limited access to escalate their privileges to administrative levels.  The vulnerability, tracked as CVE-2025-37101, affects all versions of the software prior to…

Read more →

A sophisticated Iranian cyber espionage campaign has resurfaced with renewed intensity, targeting high-profile figures through meticulously crafted spear-phishing operations that impersonate major email providers including Google, Outlook, and Yahoo. The campaign, attributed to the threat actor known as Educated Manticore,…

Read more →

The cybersecurity landscape has witnessed a significant evolution in malware sophistication, with threat actors increasingly leveraging legitimate programming frameworks for malicious purposes. A recent development has emerged involving the weaponization of .NET assemblies through advanced obfuscation techniques, marking a concerning…

Read more →

CISA has issued an urgent warning regarding a critical path traversal vulnerability affecting D-Link DIR-859 routers that is being actively exploited in the wild.  The vulnerability, designated as CVE-2024-0769, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June…

Read more →

A critical authentication vulnerability known as nOAuth abuse has emerged as a severe threat to Microsoft Entra ID integrated SaaS applications, enabling attackers to achieve complete account takeover with minimal technical complexity. The vulnerability exploits fundamental flaws in how application…

Read more →

Microsoft has announced a significant security enhancement for Microsoft Teams administrators, introducing a new feature that enables bulk management of Microsoft 365-certified applications through rule-based controls.  This development, identified under Microsoft 365 Roadmap ID 485712, represents a major advancement in…

Read more →