A critical authentication vulnerability known as nOAuth abuse has emerged as a severe threat to Microsoft Entra ID integrated SaaS applications, enabling attackers to achieve complete account takeover with minimal technical complexity. The vulnerability exploits fundamental flaws in how application…
Category: Cyber Security News
Microsoft Teams New Feature Enables Admins to Manage Certified M365 Apps for Enhanced Security
Microsoft has announced a significant security enhancement for Microsoft Teams administrators, introducing a new feature that enables bulk management of Microsoft 365-certified applications through rule-based controls. This development, identified under Microsoft 365 Roadmap ID 485712, represents a major advancement in…
Cisco Identity Services Engine RCE Vulnerability Allows Remote Command Execution as Root User
Two critical security vulnerabilities in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could allow unauthenticated remote attackers to execute arbitrary commands on affected systems with root privileges. The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, both carry…
Cybercriminals Abuse LLM Models to Aid in Their Criminal Hacking Activities
The cybersecurity landscape has witnessed a concerning evolution as threat actors increasingly leverage artificial intelligence technologies to enhance their malicious operations. Large Language Models (LLMs), which have revolutionized legitimate applications across industries, are now being systematically exploited by cybercriminals to…
Threat Actors Weaponize ChatGPT, Cisco AnyConnect, Google Meet, and Teams to Attacks SMB’s
The cybersecurity landscape for small and medium-sized businesses has undergone a dramatic transformation in 2025, with threat actors increasingly exploiting the widespread adoption of artificial intelligence and collaboration tools to execute sophisticated attacks. The emergence of AI-powered platforms like ChatGPT…
25-Year-Old British National Believed To Be IntelBroker Charged
Federal prosecutors in the Southern District of New York have filed criminal charges against Kai West, a 25-year-old British national allegedly operating under the notorious hacker alias “IntelBroker.” The comprehensive complaint reveals a sophisticated cybercriminal operation that has caused approximately…
Chinese Hackers Deploying Pubload Malware by Weaponizing Tibetan Community Lures & Filenames
A sophisticated cyberattack campaign targeting the Tibetan community has emerged, with China-aligned threat actors deploying advanced malware through carefully crafted social engineering tactics. The campaign exploits culturally significant events and documents to lure victims into downloading malicious software, representing a…
Surge in Attacks Targeting MOVEit Transfer Systems – 100+ Unique IPs Used by Attackers
Researchers observed a significant increase in malicious scanning activity targeting MOVEit Transfer systems observed with over 682 unique IP addresses participating in coordinated reconnaissance and exploitation attempts over the past 90 days. The surge represents a significant shift from baseline…
CISA Warns of Vulnerabilities in ControlID iDSecure Software Allowing Authentication Bypass
CISA has issued a high-priority security advisory warning organizations about critical vulnerabilities in ControlID’s iDSecure On-premises vehicle control software. Released on June 24, 2025, the advisory highlights three severe security flaws that could allow attackers to bypass authentication mechanisms and…
IBM i Vulnerability Allows Let Attackers Escalate Privileges
A critical security vulnerability affecting multiple versions of IBM i that could allow attackers to escalate privileges through an unqualified library call in IBM Facsimile Support for i. The vulnerability, tracked as CVE-2025-36004, carries a high CVSS base score of…
Researchers Manipulated Windows Registry Using a C++ Program
Researchers demonstrated sophisticated Windows Registry manipulation techniques using a C++ program designed for red team operations. The research highlights critical vulnerabilities in how Windows systems handle registry modifications and presents both offensive capabilities and defensive strategies for cybersecurity professionals. Windows…
Androxgh0st Botnet Operators Exploiting US University For Hosting C2 Logger
The Androxgh0st botnet has significantly expanded its operations since 2023, with cybercriminals now compromising prestigious academic institutions to host their command and control infrastructure. This sophisticated malware campaign has demonstrated remarkable persistence and evolution, targeting a diverse range of vulnerabilities…
TeamFiltration Pentesting Tool Weaponized to Hijack Microsoft Teams, Outlook, and Other Accounts
A sophisticated cyberattack campaign has weaponized a legitimate penetration testing framework to compromise thousands of Microsoft cloud accounts across hundreds of organizations worldwide. The malicious operation, designated UNK_SneakyStrike, leverages TeamFiltration, a popular cybersecurity tool originally designed for Office 365 security…
CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks
CISA has issued a critical warning regarding a Fortinet FortiOS vulnerability that poses significant risks to network security infrastructure. On June 25, 2025, CISA added CVE-2019-6693 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that this hard-coded credentials flaw is…
Firefox 140 Released With Fix for Code Execution Vulnerability – Update Now
Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution. The update patches twelve distinct security flaws ranging from memory safety issues to platform-specific vulnerabilities affecting both desktop and…
Realtek Vulnerability Let Attackers Trigger DoS Attack via Bluetooth Secure Connections Pairing Process
A significant security vulnerability has been identified in Realtek’s RTL8762E SDK v1.4.0 that allows attackers to exploit the Bluetooth Low Energy (BLE) Secure Connections pairing process to launch denial-of-service attacks. The vulnerability, discovered in the RTL8762EKF-EVB development platform, stems from…
Five Hackers Behind Notorious Data Selling Platform BreachForums Arrested
French authorities have dismantled a major cybercrime operation, arresting five hackers who operated BreachForum, one of the world’s largest marketplaces for stolen data, in coordinated raids across France. French police initially suspected the cybercriminals operating BreachForum were Russian or hiding…
New BRAODO Stealer Campaign Abuses GitHub To Host Payloads And Evade Detection
Security researchers at ANY.RUN have uncovered a new malware campaign delivering the BRAODO Stealer, which relies on public GitHub repositories to host and stage its payloads. This campaign employs multiple evasion techniques and scripting layers to complicate detection and analysis,…
New Malware Spotted in The Wild Using Prompt Injection to Manipulate AI Models Processing Sample
Cybersecurity researchers have discovered a groundbreaking new malware strain that represents the first documented attempt to weaponize prompt injection attacks against AI-powered security analysis tools. The malware, dubbed “Skynet” by its creators, was anonymously uploaded to VirusTotal in early June…
Multiple Brother Devices Vulnerabilities Open Devices for Hacking
A comprehensive security research investigation has unveiled eight critical vulnerabilities affecting 742 printer and multifunction device models across four major manufacturers. The discovery, stemming from a zero-day research project conducted by cybersecurity firm Rapid7, exposes severe security flaws in Brother…