Category: Cyber Security News

Workday, a leading provider of enterprise cloud applications for finance and human resources, has confirmed it was the target of a sophisticated social engineering campaign that resulted in a data breach via a third-party Customer Relationship Management (CRM) platform. The…

Read more →

A threat actor operating under the alias “Chucky_BF” has posted a concerning advertisement on a well-known cybercrime forum, claiming to possess and sell a “Global PayPal Credential Dump 2025” containing over 15.8 million email and plaintext password pairs.  The dataset,…

Read more →

In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article…

Read more →

A significant security update rolled out by Microsoft with the Windows 11 24H2 (KB5063878) release is causing widespread issues for users, with reports surfacing that the update can render SSDs and HDDs inaccessible and may potentially corrupt user data. Last…

Read more →

As families across the country prepare for the return to school, cybercriminals are exploiting the seasonal rush with a fresh wave of sophisticated shopping scams. Leveraging peaks in online spending, scammers are deploying malicious campaigns that prey on unsuspecting users…

Read more →

In the week of August 11-17, 2025, the cybersecurity landscape was marked by critical updates from major vendors and a surge in sophisticated threats, underscoring the ongoing battle against digital vulnerabilities. Microsoft rolled out its Patch Tuesday updates on August…

Read more →

CISA in collaboration with international partners, has released comprehensive guidance, titled “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators,” to strengthen cybersecurity defenses across critical infrastructure sectors. The document emphasizes the critical importance of maintaining accurate operational…

Read more →

A newly discovered zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) solution allows attackers to bypass security measures, execute malicious code, and trigger a BSOD system crash, according to the Ashes Cybersecurity research. The vulnerability resides in a core…

Read more →

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from…

Read more →

A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems.  The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high…

Read more →

Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture.  The vulnerability allowed malicious websites to escape Chrome’s sandbox protection and execute arbitrary code on victim systems. …

Read more →

Security researchers have uncovered four serious vulnerabilities in ImageMagick, one of the world’s most widely used open-source image processing software suites, potentially exposing millions of users to security risks. The vulnerabilities, discovered by researcher “urban-warrior” and published three days ago,…

Read more →

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from…

Read more →

Researchers at Hunt.io have made a significant discovery in the cybersecurity field by obtaining and analyzing the complete source code of ERMAC V3.0. This advanced Android banking trojan targets over 700 financial applications worldwide. This unique insight into an active malware-as-a-service platform…

Read more →

F5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow remote attackers to launch denial-of-service attacks against corporate networks. The security flaw, designated CVE-2025-54500 and dubbed the “HTTP/2 MadeYouReset Attack,” was published on August 13,…

Read more →

A sophisticated social engineering campaign by the EncryptHub threat group that combines impersonation tactics with technical exploitation to compromise corporate networks. The Russian-linked cybercriminals are posing as IT support staff and using Microsoft Teams requests to establish remote access, ultimately…

Read more →

API, short for Application Programming Interface, is a mechanism that helps extract data from software applications and transfer it to other software or users using APIs. Communication through APIs is based on different requests and responses, and developers provide good…

Read more →

Cybersecurity researchers from watchTowr Labs have published a comprehensive technical analysis of a critical pre-authentication command injection vulnerability affecting Fortinet FortiSIEM systems, designated as CVE-2025-25256. The vulnerability carries a maximum CVSS score of 9.8 and has already been exploited in…

Read more →

Palo Alto Networks has published an extensive malware analysis tutorial detailing the dissection of a sophisticated .NET-based threat that delivers the Remcos remote access trojan (RAT). The malware’s emergence highlights a trend in which threat actors increasingly abuse legitimate development…

Read more →

A sophisticated threat campaign has emerged that leverages CrossC2, an unofficial extension tool that expands Cobalt Strike’s notorious capabilities beyond Windows systems to target Linux and macOS environments. Between September and December 2024, cybersecurity incidents involving this cross-platform malware have…

Read more →