A critical zero-day vulnerability in Microsoft SharePoint servers has become a playground for threat actors across the cybercriminal spectrum, with attacks ranging from opportunistic hackers to sophisticated nation-state groups since mid-July 2025. On July 19, 2025, Microsoft confirmed that vulnerabilities…
Category: Cyber Security News
TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing…
First Known LLM-Powered Malware From APT28 Hackers Integrates AI Capabilities into Attack Methodology
The newly revealed LAMEHUG campaign signals a watershed moment for cyber-def: Russian state-aligned APT28 has fused a large language model (LLM) directly into live malware, allowing each infected host to receive tailor-made shell commands on the fly. By invoking the…
NoName057(16)’s Hackers Attacked 3,700 Unique Devices Over Last Thirteen Months
The pro-Russian hacktivist group NoName057(16) has orchestrated a massive distributed denial-of-service campaign targeting over 3,700 unique hosts across thirteen months, according to new research published on July 22, 2025. The group, which emerged in March 2022 shortly after Russia’s full-scale…
Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This marks a significant shift from the malware’s traditional distribution method through malicious shortcut (LNK) files,…
New AI-Powered Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy
WhoFi surfaced last on the public repository ArXiv, stunning security teams with a proof-of-concept that turns ordinary 2.4 GHz routers into covert biometric scanners. Unlike camera-based systems, this neural pipeline fingerprints the unique way a body distorts Wi-Fi channel state…
Splunk Details on How to Detect, Mitigate and Respond to CitrixBleed 2 Attack
CitrixBleed 2 (CVE-2025-5777) erupted in 2025 when researchers uncovered an out-of-bounds read in Citrix NetScaler ADC and Gateway that lets an unauthenticated request siphon memory straight from the appliance. The flaw is triggered by a malformed POST sent to /p/u/doAuthentication.do,…
Chinese Hackers Attacking Windows Systems in Targeted Campaign to Deploy Ghost RAT and PhantomNet Malwares
Threat researchers are warning of twin Chinese-nexus espionage operations—“Operation Chat” and “Operation PhantomPrayers”—that erupted in the weeks preceding the Dalai Lama’s 90th birthday, exploiting heightened traffic to Tibetan-themed websites to seed Windows hosts with sophisticated backdoors. By compromising a legitimate…
Metasploit Module Released For Actively Exploited SharePoint 0-Day Vulnerabilities
Researchers have developed a new Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are being actively exploited in the wild. The module, designated as pull request #20409 in the Metasploit Framework repository, addresses CVE-2025-53770 and CVE-2025-53771,…
SonicWall SMA 100 Vulnerabilities Let Attackers Execute Arbitrary JavaScript Code
Critical security vulnerabilities affecting SonicWall SMA 100 series SSL-VPN appliances that could allow remote attackers to execute arbitrary JavaScript code and potentially achieve code execution without authentication. The vulnerabilities affect SMA 210, 410, and 500v models running firmware version 10.2.1.15-81sv…
GitLab Security Update – Patch for Multiple Vulnerabilities in Community and Enterprise Edition
GitLab has released critical security patches addressing multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with versions 18.2.1, 18.1.3, and 18.0.5 now available for immediate deployment. The release includes fixes for six distinct security vulnerabilities, including…
Stealthy Backdoor in WordPress Plugins Gives Attackers Persistent Access to Websites
A sophisticated WordPress malware campaign has been discovered operating through the rarely monitored mu-plugins directory, giving attackers persistent access to compromised websites while evading traditional security measures. The malicious code, identified as wp-index.php, exploits WordPress’s “must-use plugins” functionality to maintain…
AWS Client VPN for Windows Vulnerability Let Attackers Escalate Privileges
Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow attackers to escalate privileges and execute malicious code with administrative rights. The vulnerability, tracked as CVE-2025-8069, affects multiple versions of the…
Google Launches OSS Rebuild to Strengthen Security of The Open-Source Package Ecosystems
Modern software supply-chains rely on millions of third-party components, making package repositories a lucrative for attackers. Over the past year, a string of high-profile compromises—from the xz-utils backdoor to the solana/webjs typosquatting incident—has shown how stealthy code can poison widely…
UNC3944 Attacking VMware vSphere and Enabling SSH on ESXi Hosts to Reset ‘root’ Passwords
UNC3944, a financially driven threat organization associated with “0ktapus,” “Octo Tempest,” and “Scattered Spider,” launched a sophisticated cyber campaign that used social engineering and hypervisor-level attacks to target VMware vSphere environments in the retail, airline, and insurance industries. Google Threat…
CISA warns of Google Chromium 0-Day Input Validation Vulnerability Exploited in Attacks
CISA has issued an urgent warning about a critical vulnerability in Google Chromium that threat actors are actively exploiting. The vulnerability, designated as CVE-2025-6558, poses a significant security risk to millions of users across multiple web browsers that utilize the…
Operation CargoTalon Attacking Russian Aerospace & Defense to Deploy EAGLET Implant
A sophisticated cyber espionage campaign dubbed “Operation CargoTalon” has emerged, specifically targeting Russia’s aerospace and defense sectors through carefully crafted spear-phishing attacks. The operation, which surfaced in late June 2025, employs a multi-stage infection chain designed to deploy the EAGLET…
New ACRStealer Abuses Google Docs and Steam for C2 Server Via DDR Technique
A sophisticated new variant of the ACRStealer information-stealing malware has emerged, demonstrating advanced evasion techniques and leveraging legitimate platforms for covert command-and-control operations. The malware, which has been actively distributed since early 2024, represents a significant evolution in cybercriminal tactics…
Threat Actor Mimo Attacking Magento CMS to Steal Card Details and Bandwidth Monetization
The cybersecurity landscape faces a new threat as the notorious Mimo threat actor, previously known for targeting Craft content management systems, has significantly evolved its operations to compromise Magento ecommerce platforms. This expansion represents a dangerous shift toward high-value targets…
Weaponized LNK File Disguised as Credit Card Security Email Steals User Data
Cybercriminals have evolved their social engineering tactics with a sophisticated malware campaign that exploits users’ trust in financial institutions. The latest threat involves a malicious LNK file masquerading as a credit card security email authentication popup, specifically targeting unsuspecting users…