A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks. The vulnerability, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” affects the second most widely used QUIC implementation globally, potentially impacting over 34%…
Category: Cyber Security News
APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task
A sophisticated cyber espionage campaign attributed to APT MuddyWater has emerged targeting Chief Financial Officers and finance executives across Europe, North America, South America, Africa, and Asia. The threat actors are deploying a multi-stage phishing operation that masquerades as legitimate…
Mozilla High Severity Vulnerabilities Enables Remote Code Execution
Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems. The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to…
Internet Archive Abused for Hosting Stealthy JScript Loader Malware
Security researchers have uncovered a novel malware delivery chain in recent weeks that leverages the Internet Archive’s legitimate infrastructure to host obfuscated payloads. The attack begins with a seemingly innocuous JScript file delivered via malspam, which in turn invokes a…
Warlock Ransomware Exploiting SharePoint Vulnerabilities to Gain Access and Steal Credentials
In recent weeks, the cybersecurity community has witnessed the rapid emergence of Warlock, a novel ransomware strain that weaponizes unpatched Microsoft SharePoint servers to infiltrate enterprise networks. Initial analysis reveals that threat actors exploit publicly exposed SharePoint instances via specially…
First Member of ‘Scattered Spider’ Hackers Group Sentenced to 10 Years
A 20-year-old Florida man, identified as a key member of the prolific cybercrime group “Scattered Spider,” was sentenced to 10 years in federal prison today. Noah Michael Urban of Palm Coast, Fla., was also ordered to pay approximately $13 million…
Hacker Charged in Connection with DDoS-for-Hire ‘Rapper Bot’ Scheme
Federal investigators have dismantled one of the world’s most powerful distributed denial-of-service (DDoS) botnets and charged its alleged administrator with orchestrating cyberattacks that targeted victims across more than 80 countries. Ethan Foltz, 22, of Eugene, Oregon, faces federal charges for…
FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure
The Federal Bureau of Investigation has issued a critical security alert regarding sophisticated cyber operations conducted by Russian Federal Security Service (FSB) Center 16, targeting networking infrastructure across the United States and globally. The threat actors have been exploiting vulnerable…
Kali Vagrant Rebuilt Released – Pre-configured DebOS VMs via Command Line
The Kali Linux team has announced a significant enhancement of its Vagrant image build process, streamlining development and simplifying deployment for users. In a move to unify its infrastructure, the team has transitioned from HashiCorp’s Packer to DebOS for generating…
Threat Actors Weaponize PDF Editor With New Torjan to Turn Device Into Proxy
Cybersecurity researchers have uncovered a sophisticated new threat campaign that leverages a seemingly legitimate PDF editor application to transform infected devices into residential proxies. The malicious software, distributed under the guise of productivity tools, represents an evolving approach by threat…
DragonForce Ransomware Attack Analysis – Targets, TTPs and IoCs
DragonForce represents a sophisticated and rapidly evolving ransomware operation that has emerged as a significant threat in the cybersecurity landscape since late 2023. Operating under a Ransomware-as-a-Service (RaaS) model, this group has demonstrated exceptional adaptability by leveraging leaked ransomware builders…
UNC5518 Group Hacks Legitimate Websites to Inject Fake Captcha That Tricks Users to Execute Malware
A sophisticated cybercrime operation has emerged, targeting unsuspecting internet users through a deceptive social engineering technique that exploits one of the web’s most trusted security mechanisms. Since June 2024, the financially motivated threat group UNC5518 has been systematically compromising legitimate…
New SHAMOS Malware Attacking macOS Via Fake Help Websites to Steal Login Credentials
A sophisticated malware campaign targeting macOS users has emerged between June and August 2025, successfully attempting to compromise over 300 customer environments through deceptive help websites. The malicious operation deploys SHAMOS, a variant of the notorious Atomic macOS Stealer (AMOS),…
New MITM6 + NTLM Relay Attack Let Attackers Escalate Privileges and Compromise Entire Domain
A sophisticated attack chain that combines MITM6 with NTLM relay techniques to achieve full Active Directory domain compromise. The attack exploits Windows’ default IPv6 auto-configuration behavior, allowing attackers to escalate from network access to Domain Admin privileges in minutes. Key…
CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits
CISA issued four comprehensive Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting serious vulnerabilities affecting critical infrastructure sectors including energy and manufacturing. These advisories detail exploitable vulnerabilities with CVSS scores ranging from 5.8 to 9.8, requiring immediate attention…
Microsoft VS Code Remote-SSH Extension Hacked to Execute Malicious Code on Developer’s Machine
A critical security vulnerability has been discovered in Microsoft’s VS Code Remote-SSH extension that allows attackers to execute malicious code on developers’ local machines through compromised remote servers. Security researchers have demonstrated how this attack, dubbed “Vibe Hacking,” exploits the…
New Loader Malware Dubbed ‘QuirkyLoader’ Delivering Infostealers and RATs
A sophisticated new malware loader called QuirkyLoader has emerged as a significant cybersecurity threat, actively distributing well-known infostealers and remote access trojans (RATs) since November 2024. The malware has demonstrated remarkable versatility in delivering multiple payload families, including Agent Tesla,…
Google Announces New Capabilities for Enabling Defenders and Securing AI Innovation
Google Cloud has unveiled a comprehensive suite of security enhancements at its Security Summit 2025, marking a significant evolution in enterprise AI security frameworks. The technology giant’s latest announcements, delivered by VP and GM Jon Ramsey, focus on two critical…
New PromptFix Attack Tricks AI Browsers to Run Malicious Hidden Prompts
A new attack vector called PromptFix exploits AI-powered browsers by embedding malicious instructions within seemingly innocent web content. The attack represents an evolution of traditional ClickFix scams, specifically designed to manipulate agentic AI systems rather than human users. The research,…
Russian Hackers Exploiting 7-Year-Old Cisco Vulnerability to Collect Configs from Industrial Systems
A Russian state-sponsored cyber espionage group designated as Static Tundra has been actively exploiting a seven-year-old vulnerability in Cisco networking devices to steal configuration data and establish persistent access across critical infrastructure networks. The sophisticated threat actor, linked to Russia’s…