Cybersecurity researchers have uncovered a sophisticated multi-stage attack chain utilizing JScript to deliver dangerous malware payloads. The attack, which employs a complex obfuscation technique, ultimately delivers either XWorm or Rhadamanthys malware depending on the victim’s geographic location. This loader operates…
Category: Cyber Security News
Microsoft Asks Windows 11 Users Not to Delete Mysterious “inetpub” Folder
A seemingly empty folder appearing on Windows systems after recent security updates has raised concerns among users, but Microsoft confirms it’s an intentional security measure that should remain untouched. The directory, typically located at C:\inetpub, serves as a crucial component…
Newly Purchased Android Phones With Pre-installed Malware Mimic as WhatsApp
A sophisticated cryptocurrency theft operation has been uncovered where brand-new Android smartphones arrive with pre-installed malware masquerading as legitimate WhatsApp applications. Threat actors have infiltrated the supply chain of several Chinese smartphone manufacturers, embedding malicious code directly into system applications…
ChatGPT’s Image Generator Leveraged to Create Fake Passport
Researchers have recently discovered that OpenAI’s ChatGPT image generation feature can be manipulated to create convincing fake passports with minimal effort. This capability, introduced on March 25, 2025, for ChatGPT-4o and ChatGPT-4o mini models and made freely available to all…
New Update – Your Android Device To Restart Automatically If You Kept Idle
Google has introduced a significant security enhancement for Android devices that automatically reboots phones and tablets after extended periods of inactivity. This new auto-restart feature, included in the latest Google Play services update (version 25.14), represents an important step forward…
Microsoft Teams File Sharing Outage, Users Unable to Share Files
Microsoft Teams users encountered a significant disruption in file-sharing capabilities on Tuesday, April 15, 2025, as the company confirmed an ongoing investigation into the issue. The problem, which affects the ability to share files within the Teams platform, was first…
Insider Threats Surge as Hybrid Workforces Expand – What CISOs Need to Know
The rapid transition to hybrid work models has created unprecedented cybersecurity challenges, with insider threats emerging as a particularly concerning vector. As organizational boundaries dissolve and employees access sensitive systems across diverse networks and devices, the attack surface has expanded…
New Stealthy Malware ‘Waiting Thread Hijacking’ Technique Bypasses Modern Defenses
A sophisticated new malware technique known as “Waiting Thread Hijacking” (WTH) has emerged as a significant threat to cybersecurity defenses. This stealthy process injection method, revealed on April 14, 2025, represents an evolution of the classic Thread Execution Hijacking approach…
Hertz Data Breach – Customer Personal Information Stolen by Hackers
Hertz Corporation has confirmed a significant data breach affecting customers of its Hertz, Dollar, and Thrifty brands, where hackers exploited critical security vulnerabilities to access sensitive customer information. The company disclosed that unauthorized third parties acquired customer data after exploiting…
Securing Critical Infrastructure – Lessons From Recent Cyber Attacks
As we move further into 2025, the cybersecurity landscape continues to evolve with alarming sophistication, particularly in attacks targeting critical infrastructure. The surge in cyberattacks on essential systems like energy grids, water facilities, and communication networks demands a paradigm shift…
Google Groups File Attachment Restrictions Bypassed via Email Posting
A significant security vulnerability has been identified in Google Groups, allowing users to circumvent file attachment restrictions by simply sending emails to group addresses. This broken access control issue potentially impacts thousands of organizations that rely on Google Groups for…
Why Every CISO Needs a Crisis Communications Plan in 2025
In an era defined by escalating cyber threats and regulatory scrutiny, the role of the Chief Information Security Officer (CISO) has expanded far beyond technical oversight. By 2025, cyberattacks will not only test an organization’s technical defenses but also its…
Apache Roller Vulnerability Let Attackers Gain Unauthorized Access
A critical security vulnerability in Apache Roller has been discovered, allowing attackers to maintain unauthorized access to blog systems even after password changes. The vulnerability, CVE-2025-24859, has received the highest possible CVSS v4 score of 10, indicating severe risk to…
Why Security Leaders Are Turning to AI for Threat Detection
In today’s rapidly evolving digital landscape, cybersecurity threats are becoming increasingly sophisticated and harder to detect using traditional methods. Security leaders across industries are recognizing artificial intelligence as a transformative force in strengthening defensive capabilities. This paradigm shift is prompting…
100,000+ Installed WordPress Plugin Critical Vulnerability Exploited Within 4 Hours of Disclosure
A severe vulnerability in the popular WordPress plugin SureTriggers has been actively exploited within just four hours of its public disclosure on April 10, 2025. The critical authentication bypass flaw affects all versions of the plugin up to 1.0.78, which…
macOS Users Beware! Hackers Allegedly Offering Full System Control Malwares for Rent
A new concerning threat has emerged in the cybercriminal ecosystem targeting Apple users. A sophisticated macOS malware-as-a-service offering called “iNARi Loader” is being advertised on underground forums. This high-priced stealer represents an alarming evolution in the growing landscape of macOS-specific…
Samsung Galaxy S24 Vulnerability Let Create Arbitrary Files on Affected Installations
A significant vulnerability in Samsung Galaxy S24 devices that allows network-adjacent attackers to create arbitrary files on affected installations. The flaw, identified as CVE-2024-49421, was publicly announced on April 9, 2025, as part of the Pwn2Own competition findings. The vulnerability,…
Third-Party Risk Management – How to Build a Strong TPRM Program
In today’s interconnected business environment, organizations increasingly rely on third-party vendors, suppliers, and partners to deliver critical services and functions. While these relationships drive efficiency and innovation, they also introduce significant risks ranging from data breaches and operational disruptions to…
Hackers Leveraging Teams Messages to Execute Malware on Windows Systems
A new sophisticated attack campaign where cybercriminals are exploiting Microsoft Teams to deliver malware and maintain persistent access to corporate networks. The attacks, which represent an evolution in social engineering tactics, specifically target Windows systems through a novel technique that…
Stealthy Rootkit-Like Malware Known as BPFDoor Using Reverse Shell to Dig Deeper into Compromised Networks
A sophisticated backdoor malware known as BPFDoor has been actively targeting organizations across Asia, the Middle East, and Africa, leveraging advanced stealth techniques to evade detection. This Linux backdoor utilizes Berkeley Packet Filtering (BPF) technology to monitor network traffic at…