The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Cybercriminals are actively exploiting two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, to deploy advanced persistent threats that enable…
Category: Cyber Security News
Luxury Jewelry Creator Tiffany Confirms Data breach – Hackers Stolen Users Personal Information
Luxury jewelry brand Tiffany and Company has confirmed a data breach that resulted in the theft of customers’ personal information. The company is in the process of sending out notification letters to affected individuals, detailing the scope of the incident…
HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks
A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1. Tracked as CVE-2025-59340 and rated Critical with…
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as CVE-2025-10035, this vulnerability permits an unauthenticated attacker who can deliver a forged license response signature to trigger Java deserialization of attacker-supplied objects,…
RDP vs SSH Comparison – Features, Protocols, Security, And Use Cases
Remote Desktop Protocol (RDP) and Secure Shell (SSH) have changed how organizations manage their IT systems. These tools allow employees to access and control their computers from anywhere, which helps teams work together better. By enabling secure connections to work…
Qilin Led Ransomware Attack Claimed to Compromised 104 Organizations in August
The ransomware threat landscape witnessed a dramatic shift in August 2025 as the Qilin group claimed responsibility for 104 separate attacks worldwide. Emerging earlier this year, Qilin quickly cemented its position through aggressive double-extortion tactics and a broad affiliate recruitment…
New Malware Loader ‘CountLoader’ Weaponized PDF File to Deliver Ransomware
In recent months, security teams have observed the emergence of a sophisticated malware loader, dubbed CountLoader, which leverages weaponized PDF files to deliver ransomware payloads. First detected in late August 2025, CountLoader is linked to multiple Russian-speaking cybercriminal groups, including…
Global Spyware Markets to Identify New Entities Entering The Market
The global spyware market continues its alarming expansion, with new research revealing the emergence of 130 additional entities spanning 46 countries between 1992 and 2024. This shadowy ecosystem of surveillance technologies has grown from 435 documented entities in the initial…
New iOS Video Injection Tool Bypasses Biometric Verification with Jailbroken iPhones
A sophisticated new attack tool targeting jailbroken iOS devices has emerged, representing a significant escalation in digital identity fraud capabilities. The discovery by iProov’s threat intelligence team reveals a highly specialized tool designed to perform advanced video injection attacks on…
Splunk Releases Guide to Detect Remote Employment Fraud Within Your Organization
Detecting remote employment fraud has become a critical priority for organizations striving to secure their digital onboarding processes and safeguard sensitive systems. In recent months, threat actors posing as legitimate hires have leveraged sophisticated tactics to bypass pre-hire screenings and…
UK Arrested 2 Scattered Spider Hackers Linked to London Transport System Breach
UK law enforcement has arrested two individuals linked to the notorious Scattered Spider cybercriminal group, including 19-year-old Thalha Jubair from London, who faces charges in connection with over 120 network intrusions that resulted in more than $115 million in ransom…
Russian Airline Suffered Cyberattack Website and Other Systems Affected
Krasnoyarsk Regional Airlines (KrasAvia) confirmed a sophisticated cyberattack that has rendered its primary online services inoperable. The breach targeted the airline’s web portal and associated back-end systems, including the Passenger Service System (PSS) and flight planning applications. As a result,…
New Phishing Attack Targets Facebook Users to Steal Login Credentials
A sophisticated phishing campaign has recently emerged, targeting Facebook users with carefully crafted emails designed to harvest login credentials. Attackers leverage the platform’s own external URL warning system to cloak malicious links, presenting URLs that appear legitimate while redirecting victims…
SolarWinds Releases Advisory on Salesloft Drift Security Incident
SolarWinds has released an advisory regarding a security incident involving the Salesloft Drift integration for Salesforce, which led to unauthorized data access. The company confirmed that its own systems were not impacted by the breach, but is treating the matter…
Russian Fake-News Network CopyCop Added 200+ New Websites to Targets US, Canada and France
The Russian covert influence network CopyCop has significantly expanded its disinformation campaign, establishing over 200 new fictional media websites since March 2025. This expansion represents a marked escalation in Russian information warfare efforts, targeting democratic nations with sophisticated artificial intelligence-driven…
GOLD SALEM Compromise Networks and Bypass Security Solutions to Deploy Warlock Ransomware
The cyberthreat landscape has witnessed the emergence of another sophisticated ransomware operation as GOLD SALEM, a new threat actor group also known as Warlock Group, has been actively compromising enterprise networks since March 2025. This emerging ransomware collective has successfully…
How to Radically Cut Response Time for Each Security Incident
When an incident happens, there’s no time to waste. SOC teams must react fast to protect their organization, and this requires more than expertise. Strong solutions tailored to the needs of businesses can make all the difference. The secret to…
Cloudflare API Outage Linked to React useEffect Bug Causes Service Overload and Recovery Failure
Cloudflare has published a detailed post-mortem explaining the significant outage on September 12, 2025, that made its dashboard and APIs unavailable for over an hour. The company traced the incident to a software bug in its dashboard that, combined with…
Windows 11 Notepad to Get AI Support for Free to Generate and Summarize Text
Microsoft is integrating free, on-device artificial intelligence capabilities into the classic Notepad application for Windows 11 users with Copilot+ PCs. The update introduces powerful text generation and editing tools, including “Summarize,” “Write,” and “Rewrite,” without requiring a subscription. The new…
Top 10 Best Model Context Protocol (MCP) Servers in 2025
In 2025, the Model Context Protocol (MCP) revolutionizes AI agent integration, making it seamless for tools, databases, and workflows to work harmoniously in enterprises and developer workspaces. Top MCP servers power next-generation automation and data-driven applications, connecting everything from cloud…