Category: Cyber Security News

Over the summer of 2025, a novel malware family emerged following the public disclosure of the LOSTKEYS implant. This new strain was rapidly weaponized in a series of highly targeted campaigns against policy advisors, non-governmental organizations, and dissidents. Leveraging a…

Read more →

Over the past several months, cybersecurity researchers have observed a surge of fraudulent Chrome extensions masquerading as legitimate WhatsApp Web automation tools. These 131 rebranded clones, each presenting as distinct offerings, share an identical codebase designed to automate bulk messaging…

Read more →

Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP…

Read more →

A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading…

Read more →

Amazon Web Services (AWS), the world’s largest cloud computing provider, has officially marked a widespread outage in its US-EAST-1 region as resolved, following nearly a full day of cascading failures that disrupted services for millions worldwide. The incident, which began…

Read more →

A persistent campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with attackers deploying over 30,000 new IP addresses daily to exploit timing-based vulnerabilities. This coordinated effort, linked to a global botnet, has seen unique IPs surge past 500,000 since September…

Read more →

The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS. The flaw, tracked as CVE-2025-9242, stems from an out-of-bounds write vulnerability in the IKEv2 implementation, potentially allowing remote attackers to execute arbitrary code…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on October 20, 2025, highlighting a severe vulnerability CVE-2025-33073 in Microsoft’s Windows SMB Client. Dubbed an improper access control flaw, this vulnerability tracked under CVE details yet to be…

Read more →

A Reddit poster detailed how reinstalling Windows 11 unexpectedly encrypted two of their backup drives with BitLocker, locking away 3TB of irreplaceable data without any prior setup. The incident, shared onReddit, highlights the risks of Microsoft’s automatic encryption feature in…

Read more →

A widespread Amazon Web Services (AWS) outage on Monday disrupted operations for millions of users worldwide, knocking out access to everything from streaming giants to social media platforms and financial apps. The incident, which began early in the morning, affected…

Read more →

A critical zero-click vulnerability in Dolby Digital Plus (DDP) audio decoding software has been disclosed, allowing attackers to execute malicious code remotely via seemingly innocuous audio messages. Google Project Zero’s Ivan Fratric and Natalie Silvanovich have identified an out-of-bounds write…

Read more →

A proof-of-concept (PoC) exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), enabling unauthenticated attackers to execute remote code with SYSTEM privileges on affected servers. Dubbed CVE-2025-59287 and assigned a CVSS v3.1 score of…

Read more →

Canva, the popular graphic design platform, is reeling from a widespread outage that has rendered its services inaccessible to millions of users worldwide. As of 19:16 AEDT (02:46 IST), the platform’s status page reports “significantly increased error rates” impacting nearly…

Read more →

A new tool called DefenderWrite exploits whitelisted Windows programs to bypass protections and write arbitrary files into antivirus executable folders, potentially enabling malware persistence and evasion. Developed by cybersecurity expert Two Seven One Three, the tool demonstrates a novel technique…

Read more →

A high-severity vulnerability in the Pluggable Authentication Modules (PAM) framework was assigned the identifier CVE-2025-8941. This vulnerability stems from the heart of Linux operating systems, enabling attackers with local access to exploit symlink attacks and race conditions for full root…

Read more →

WatchGuard has disclosed a critical out-of-bounds write vulnerability in its Fireware OS, enabling remote unauthenticated attackers to execute arbitrary code via IKEv2 VPN connections. Designated CVE-2025-9242 under advisory WGSA-2025-00015, the flaw carries a CVSS 4.0 score of 9.3, highlighting its…

Read more →

Microsoft’s latest security update has rendered USB keyboards and mice inoperable within the Windows Recovery Environment (WinRE). Released on October 14, 2025, as KB5066835 for OS Build 26100.6899, the patch affects Windows 11 versions 24H2 and 25H2, as well as…

Read more →

Volkswagen Group has issued a statement addressing claims by the ransomware group 8Base, which alleges it has stolen and leaked sensitive data from the automaker. The German carmaker maintains that its core IT infrastructure remains unaffected; however, the company’s vague…

Read more →

Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS). The breach, first highlighted by the notorious Clop ransomware group, underscores the growing risks facing…

Read more →

Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft. This method exploits trusted Microsoft infrastructure, making the attacks…

Read more →