Cybersecurity researchers have observed a surge in deceptive sites masquerading as YouTube video download services to deliver Proxyware malware in recent weeks. Victims seeking to grab videos in MP4 format are redirected through ad pages that sporadically present a download…
Category: Cyber Security News
0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that…
Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware
A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms. By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation…
5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them
As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students,…
Beware of Website Mimicking Google Play Store Pages to Deliver Android Malware
A sophisticated Android malware campaign has resurfaced, exploiting deceptive websites that perfectly mimic legitimate Google Play Store application pages to distribute the notorious SpyNote Remote Access Trojan (RAT). This malicious operation targets unsuspecting users by creating static HTML clones of…
Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered
In late June 2025, a significant operational dump from North Korea’s Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware and thousands of stolen credentials. This leak offers an unprecedented window into the…
Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes
A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems. The Italian CRM solution,…
EDR vs MDR – What is the Difference and Which Solution Right for Your Organization?
As cybersecurity threats continue to evolve in complexity and sophistication, organizations face critical decisions about their security infrastructure. Two prominent approaches have emerged as frontrunners in enterprise security: Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR). While both solutions aim…
Hackers Can Exploit (eval) or (exec) Python Calls to Execute Malicious Code
A sophisticated obfuscation technique that threat actors are using to bypass detection systems and exploit Python’s eval() and exec() functions for malicious code execution. With over 100 supply chain attacks reported on PyPI in the past five years, these techniques…
Chinese Hacker Jailed for Deploying Kill Switch on Ohio-based Key Company’s Global Network
A Chinese national has been sentenced to four years in federal prison for orchestrating a sophisticated insider cyberattack against his former employer’s global network infrastructure. Davis Lu, 55, utilized his privileged access as a software developer to deploy destructive malware…
Arch Linux Confirms Week-Long DDoS Attack Disrupted its Website, Repository, and Forums
The Arch Linux Project has officially confirmed that its primary infrastructure services have been subjected to an ongoing distributed denial-of-service (DDoS) attack that has persisted for over a week. The attack severely impacted user access to critical resources, including the…
Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools
Over the past year, security teams have observed an uptick in adversaries leveraging native Windows Scheduled Tasks to maintain footholds in compromised environments. Unlike elaborate rootkits or zero-day exploits, these techniques exploit built-in system functionality, enabling threat actors to persist…
Microsoft Copilot Agent Policy Let Any Users Access AI Agents
Shortly after the May 2025 rollout of 107 Copilot Agents in Microsoft 365 tenants, security specialists discovered that the “Data Access” restriction meant to block agent availability is being ignored. Key Takeaways1. The “NoUsersCanAccessAgent” policy is bypassed, leaving some Copilot…
NIST Publish ‘Lightweight Cryptography’ Standard To Protect IoT Devices
The National Institute of Standards and Technology (NIST) has officially released NIST Special Publication 800-232, establishing the Ascon family of algorithms as the new standard for lightweight cryptography designed specifically for resource-constrained devices. Published in August 2025, this groundbreaking standard…
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete system compromise. The vulnerability, tracked as CVE-2025-26496 with a CVSS score of 9.6, affects multiple versions of both Tableau Server…
New macOS Installer Promising Lightning-fast Data Exfiltration Advertised on Dark Web
A newly discovered macOS stealer, dubbed Mac.c, has surfaced on darknet forums, offering lightning-fast data exfiltration for just $1,500 per month. Developed by the threat actor “mentalpositive,” Mac.c is advertised as a streamlined alternative to the established AMOS stealer, targeting…
Happy Birthday Linux! Powering Numerous Devices Across the Globe for 34 Years
On August 25, 2025, the world celebrates the 34th anniversary of Linux, marking one of the most significant milestones in computing history. What began as a humble hobby project by a 21-year-old Finnish student has evolved into the backbone of…
KorPlug Malware Unmasked – TTPs, Control Flow, IOCs Exposed
A sophisticated malware strain known as KorPlug has emerged as a significant threat in the cybersecurity landscape, employing advanced obfuscation techniques to evade detection and complicate analysis efforts. This malware represents a particularly concerning development due to its implementation of…
Hackers Leverage SendGrid in Recent Attack to Harvest Login Credentials
A sophisticated credential harvesting campaign has emerged, exploiting the trusted reputation of SendGrid to deliver phishing emails that successfully bypass traditional email security gateways. The attack leverages SendGrid’s legitimate cloud-based email service platform to create authentic-looking communications that target unsuspecting…
PoC Exploit & Vulnerability Analysis Released for Apple 0-Day RCE Vulnerability
A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click remote code execution flaw affecting Apple’s image processing infrastructure. The vulnerability, discovered in Apple’s implementation of JPEG Lossless Decompression within the RawCamera.bundle, allows attackers…