A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking…
Category: Cyber Security News
0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others
A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can…
New GodRAT Weaponizing Screen Saver and Program Files to Attack Organizations
A sophisticated new Remote Access Trojan named GodRAT has emerged as a significant threat to financial institutions, leveraging deceptive screen saver files and steganographic techniques to infiltrate organizational networks. First detected in September 2024, this malware campaign has demonstrated remarkable…
New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials
A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed “Salty 2FA” has emerged as a significant threat to Microsoft 365 users across US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to bypass…
Chrome High-Severity Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical vulnerability that could allow attackers to crash the browser or execute arbitrary code on affected systems. The high-severity flaw, designated as CVE-2025-9132, affects Chrome’s V8 JavaScript engine…
Microsoft Teams “couldn’t connect” Error Following Recent Sidebar Update – Fix Released
Microsoft is in the process of deploying a fix for a service degradation issue affecting Microsoft Teams users globally, which presents a “couldn’t connect to this app” error upon launching the desktop and web applications. The problem, tracked under Microsoft…
New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities
A comprehensive security analysis has revealed alarming vulnerabilities affecting over 700 million users across multiple VPN applications, exposing critical flaws that compromise the very privacy and security these services promise to protect. Research conducted by cybersecurity experts from Arizona State…
New Research Unmask DPRK IT Workers Email Address and Hiring Patterns
Recent cybersecurity intelligence has exposed a sophisticated infiltration campaign orchestrated by North Korean state-sponsored threat actors, specifically the Jasper Sleet group, who have systematically penetrated Western organizations through fraudulent employment schemes. This operation, targeting primarily Web3, blockchain, and cryptocurrency companies,…
How Winning SOCs Always Stay Ahead of Threats
Despite the escalating danger of cybersecurity breaches, high-performing Security Operations Centers are able to maintain their resilience and prevent attacks. That’s what makes them essential for sustainable growth of businesses and organizations. But what enables powerful SOC teams to stay…
OpenAI Launches $4 ChatGPT Go Plan with Unlimited Access to GPT-5
OpenAI has unveiled ChatGPT Go, a budget-friendly subscription plan priced at just ₹399 per month (approximately $4 USD, GST included). The announcement, made today, positions the service as an accessible entry point to cutting-edge AI capabilities, including unlimited access to…
North Korean Kimsuky Hackers Leveraged GitHub to Attack Foreign Embassies with XenoRAT Malware
A sophisticated espionage campaign targeting diplomatic missions in South Korea has exposed the evolving tactics of North Korean state-sponsored hackers. Between March and July 2025, threat actors linked to the notorious Kimsuky group conducted at least 19 spear-phishing attacks against…
MCDonald’s Free Nuggets Hack Leads to Expose of Confidential Data
A series of alarming vulnerabilities in McDonald’s digital infrastructure, from free food exploits to exposed executive data. What started as a simple app glitch developed into a months-long trial, culminating in the researcher, BobDaHacker, cold-calling the company’s headquarters while mentioning…
Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer
A sophisticated phishing campaign has emerged targeting enterprises with significant social media footprints, leveraging weaponized copyright infringement notices to deliver the evolved Noodlophile Stealer malware. This highly targeted threat represents a significant escalation from previous iterations, exploiting enterprises’ reliance on…
Microsoft Defender AI to Uncover Plain Text Credentials Within Active Directory
Microsoft has unveiled a groundbreaking AI-powered security feature that addresses one of cybersecurity’s most persistent vulnerabilities: plain text credentials stored in Active Directory (AD) free-text fields. The new posture alert in Microsoft Defender for Identity leverages artificial intelligence to detect…
Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise
Researchers have identified a significant surge in malicious HTTP scanning activities originating from approximately 2,200 compromised small business routers across multiple vendors. The campaign, which began escalating on July 30th, 2025, primarily targets Cisco Small Business RV series, Linksys LRT…
Lockbit Linux ESXi Ransomware Variant Evasion Techniques, File Encryption Process Uncovered
A sophisticated Linux ransomware variant targeting VMware ESXi infrastructure has emerged as a significant threat to enterprise virtualization environments. The Lockbit Linux ESXi ransomware represents a concerning evolution in the ransomware landscape, specifically engineered to compromise and encrypt virtual machine…
PyPI to Block Domains Resurrection Attacks by Blocking Access to 1800 Expired Domains
The Python Package Index (PyPI) has deployed a significant security enhancement to combat domain resurrection attacks, a sophisticated supply-chain attack vector that exploits expired domain names to compromise user accounts. Since early June 2025, the platform has proactively unverified over…
New Exploit for SAP 0-Day Vulnerability Allegedly Released in the Wild by ShinyHunters Hackers
Key Takeaways1. ShinyHunters publicly released exploits for critical SAP vulnerabilities.2. Unauthenticated attackers can achieve complete system takeover and remote code execution.3. Immediately apply SAP Security Notes 3594142 and 3604119. A working exploit targeting critical SAP vulnerabilities CVE-2025-31324 and CVE-2025-42999 has…
1.1 Million Users Data Exposed in Massive Allianz Life Data Breach
Allianz Life, a primary insurance provider, has fallen victim to a sophisticated social engineering attack that compromised the personal data of approximately 1.1 million customers in July 2025. The breach, which targeted the company’s Salesforce CRM platform, represents one of…
New Sni5Gect 5G Attack Sniffs Messages in Real-time and Injects Malicious Payloads
Cybersecurity researchers from Singapore University of Technology and Design have developed a new framework called Sni5Gect that can intercept and manipulate 5G network communications in real-time, posing significant new security risks to commercial mobile devices worldwide. The framework, presented at…