A critical security flaw in Salesforce OmniStudio has been discovered that allows unauthorized access to sensitive customer information stored in plain text format, potentially affecting thousands of organizations worldwide. The vulnerability exploits inadequate data encryption protocols within the platform’s digital…
Category: Cyber Security News
Firefox Patches Multiple Vulnerabilities That Could Lead to Browser Crash
Mozilla has released Firefox 139.0.4 to address critical security vulnerabilities that could potentially cause browser crashes and compromise user security. These high-impact vulnerabilities CVE-2025-49709 and CVE-2025-49710 exploit fundamental components of Firefox’s graphics rendering system and JavaScript engine, respectively, posing risks…
Microsoft Outlook Vulnerability Let Attackers Execute Arbitrary Code Remotely
A significant security vulnerability in the Microsoft Outlook email client could allow attackers to execute arbitrary code remotely, even if they require local access to trigger the exploit. The vulnerability, designated as CVE-2025-47176, was released on June 10, 2025, and…
Multiple Chrome Vulnerabilities Allow Attackers to Execute Malicious Code Remotely
Google has released an important security update for Chrome Desktop, addressing two high-severity vulnerabilities that could enable attackers to execute malicious code remotely on users’ systems. The Stable channel has been updated to version 137.0.7151.103/.104 for Windows and Mac, and…
New Report Warns of Internet is The Top Threat Source for Industrial Automation Systems
A comprehensive new cybersecurity assessment has revealed that internet connectivity poses the most significant threat to industrial control systems (ICS) worldwide, with malicious activities targeting critical infrastructure through web-based attack vectors reaching unprecedented levels. The latest quarterly threat landscape report…
Beware of Instagram Growth That Steals User Login Credentials & Send to Attacker Server
A sophisticated Python-based malware campaign has emerged targeting Instagram users desperate for social media growth, disguising itself as a legitimate follower-boosting tool while secretly harvesting login credentials. The malicious PyPI package, identified as “imad213,” presents itself professionally on GitHub with…
Threat Hunting 101 – Proactive Cybersecurity Strategies for Experts
Modern cybersecurity threats have evolved beyond traditional perimeter defenses, necessitating the adoption of proactive hunting methodologies that anticipate breach scenarios. This comprehensive guide explores advanced threat hunting strategies, technical frameworks, and practical implementation approaches that enable security professionals to identify…
Windows 11 Cumulative Updates KB5060842 Released with June Patch Tuesday
Microsoft has rolled out the June 2025 Patch Tuesday update for Windows 11, version 24H2, with the release of KB5060842 (OS Build 26100.4349). This security-focused update addresses critical vulnerabilities and includes enhancements from the previous preview update, KB5058499, released on…
KB5060999 – Microsoft Releases Windows 11 Cumulative Update for Enhanced Security
Microsoft has rolled out a new cumulative update, KB5060999, for Windows 11 versions 22H2 and 23H2, targeting Enterprise, Education, and all editions. This update, impacting OS Builds 22621.5472 and 22631.5472, focuses primarily on bolstering security for the Windows operating system.…
Blockchain Security – Protecting Decentralized Applications
Decentralized applications (DApps) have revolutionized blockchain technology by enabling trustless, transparent operations across various industries. However, with over $6 billion lost to security breaches in 2024 alone, protecting these applications has become paramount for developers and organizations. This comprehensive guide…
APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware
A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, which exploited a previously unknown zero-day vulnerability to target a major Turkish defense company and execute malware remotely. The attack leveraged CVE-2025-33053, a remote code execution vulnerability that…
Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products
Fortinet has released security updates addressing multiple vulnerabilities across its product portfolio, including FortiOS, FortiAnalyzer, FortiProxy, and FortiWeb systems. The cybersecurity company’s Product Security Incident Response Team (PSIRT) published advisories covering flaws ranging from privilege escalation to command injection vulnerabilities…
Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild – All Versions Affected
Microsoft has confirmed that a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation is being actively exploited by attackers in the wild, prompting an urgent security update as part of June 2025’s Patch Tuesday. The vulnerability,…
Hackers Continue to Leverage ConnectWise ScreenConnect Tool to Deploy Malware
Cybercriminals are intensifying their exploitation of ConnectWise ScreenConnect, a legitimate remote monitoring and management (RMM) tool, to deploy sophisticated malware campaigns targeting global financial organizations. This alarming trend represents a significant evolution in threat actor tactics, as attackers leverage digitally…
Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support
India’s Central Bureau of Investigation successfully dismantled a sophisticated transnational cybercriminal network that impersonated Microsoft technical support services, targeting vulnerable older adults primarily in Japan. The coordinated operation on May 28, 2025, involved raids across 19 locations throughout India, resulting…
How to Secure Kubernetes Clusters – A Cybersecurity Perspective
Kubernetes has become the de facto standard for container orchestration, but its complex architecture introduces numerous security challenges that organizations must address proactively. Securing a Kubernetes cluster requires a multi-layered approach encompassing control plane protection, robust authentication mechanisms, network segmentation,…
Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched
Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is currently being actively exploited, as well as another vulnerability that has…
APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware
A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, which exploited a previously unknown zero-day vulnerability to target a major Turkish defense company and execute malware remotely. The attack leveraged CVE-2025-33053, a remote code execution vulnerability that…
Phishing Defense Strategies – Advanced Techniques for Email Security
Modern phishing attacks have evolved far beyond simple deceptive emails, now incorporating AI-generated content, deepfake impersonation, and sophisticated social engineering techniques that bypass traditional security measures. Organizations face an unprecedented challenge as cybercriminals leverage artificial intelligence to create compelling phishing…
FortiOS SSL-VPN Vulnerability Let Attackers Access full SSL-VPN settings
Fortinet has disclosed a new security vulnerability affecting its FortiOS SSL-VPN web-mode that allows authenticated users to gain unauthorized access to complete SSL-VPN configuration settings through specially crafted URLs. The vulnerability, designated as CVE-2025-25250, was published today and affects multiple…