In one of the largest coordinated law enforcement operations against online child exploitation, authorities have dismantled Kidflix, a major streaming platform for child sexual abuse material (CSAM) that had amassed 1.8 million users worldwide. The international operation codenamed “Operation Stream,”…
Category: Cyber Security News
10 Best Open-Source Blue Team Tools – 2025
Companies evaluate their cybersecurity posture and protect network infrastructure implementations by employing cybersecurity experts to undertake security assessments. The organization may engage penetration testers to conduct offensive attacks against the established security measures for the infrastructure. The company will concurrently…
Sophisticated QR Code Phishing Attack Targeting Microsoft 365 Users to Steal Logins
A new sophisticated phishing campaign leveraging QR codes to steal Microsoft 365 login credentials has emerged in the cybersecurity landscape. This attack represents a significant evolution in phishing tactics, combining social engineering with technical sophistication to bypass traditional email security…
WinRAR “Mark of the Web” Bypass Vulnerability Let Attackers Arbitrary Code
A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has been assigned a CVSS score…
Prince Ransomware – An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub
Cybersecurity experts observed the emergence of a concerning trend in which ransomware attacks leveraging malware created with an open-source tool called “Prince Ransomware.” This Go-language builder was freely available on GitHub, significantly lowering the technical barrier for attackers to launch…
Cisco Smart Licensing Utility Vulnerabilities Let Attackers Gain Admin Access
Two critical vulnerabilities were actively exploited in Cisco Smart Licensing Utility, potentially allowing attackers to gain administrative access to affected systems. Organizations running vulnerable software versions are urged to apply patches immediately as exploitation attempts continue to increase. According to…
Gootloader Malware Attacking Users Via Google Search Ads Using Weaponized Documents
The notorious Gootloader malware has reemerged with evolved tactics, now leveraging Google Search advertisements to target users seeking legal document templates. This sophisticated campaign specifically promotes “free” legal templates, primarily non-disclosure agreements, through sponsored search results that appear legitimate to…
ChatGPT Down For Thousands Of Users Worldwide – Latest Outage Updates
ChatGPT, the popular AI chatbot developed by OpenAI, experienced a significant outage on April 2, 2025. The outage impacted thousands of users globally and left many users unable to access the service. Users in India, the United States, and other…
New Outlaw Linux Malware Leveraging SSH Brute-Forcing & Corn Jobs to Maintain Persistence
Outlaw has emerged as a persistent Linux malware that continues to infect systems worldwide despite its relatively unsophisticated techniques. This malware has demonstrated remarkable longevity in the threat landscape by leveraging simple yet effective tactics such as SSH brute-forcing, strategic…
20,000 WordPress Sites Vulnerable to Arbitrary File Upload and Deletion Attacks
Critical security vulnerabilities discovered in a popular WordPress plugin have placed more than 20,000 websites at risk of complete site takeover. Security researchers identified two high-severity flaws in the WP Ultimate CSV Importer plugin that could allow even low-privileged users…
Apple Fined $162 Million by French Authorities for Mobile App Advertising Dominance
French antitrust regulators have imposed a €150 million ($162.4 million) fine on Apple for abusing its dominant market position through its App Tracking Transparency (ATT) framework, marking the first regulatory penalty specifically targeting this privacy control mechanism. The French Competition…
Google Cloud Platform Privilege Escalation Vulnerability Allows Access to Sensitive Data
A significant security vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to access private container images stored in Google Artifact Registry and Google Container Registry. The vulnerability, dubbed “ImageRunner,” has been fixed but highlights a concerning privilege…
Firefox 137 Released With Fix for Multiple High Severity Vulnerabilities
Mozilla has officially released Firefox 137, addressing multiple high-severity security vulnerabilities that could potentially allow remote attackers to execute arbitrary code, trigger denial of service conditions, or elevate privileges on affected systems. This critical security update, announced on April 1,…
Top Ten Passwords Used by Hackers to Attack the RDP Servers
The most common passwords hackers are using in attacks against Remote Desktop Protocol (RDP) services, highlighting critical vulnerabilities in many organizations’ security postures. The Specops research team analyzed 15 million passwords used in live attacks against RDP ports, revealing that…
Attackers Leveraging JavaScript & CSS to Steal User Browsing History
Web browsing history, a feature designed to enhance user convenience by styling visited links differently, has inadvertently become a privacy vulnerability exploited by attackers. While this functionality helps users navigate websites by visually distinguishing visited links, it also opens the…
Google Brings End-to-End Encryption for Gmail Business Users
Google has launched a new end-to-end encryption (E2EE) model for Gmail enterprise users, marking a significant advancement in email security that allows business customers to send fully encrypted emails to any recipient with minimal technical complexity. Announced on April 1,…
New Android Malware ‘Salvador Stealer’ That Phish & Steals Your Banking Details & OTPs
Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. This multi-stage malware masquerades as legitimate banking applications to trick users into revealing sensitive financial…
Multiple Chrome Vulnerabilities Let Attackers Execute Arbitrary Code
Google has rolled out a critical security update for Chrome 135 across all desktop platforms. The update addresses fourteen vulnerabilities, including high-severity flaws that could enable remote code execution. The stable channel update (135.0.7049.52 for Linux, 135.0.7049.41/42 for Windows/macOS) comes…
Channel Triggered Backdoor Attack in Wireless Channels Let Attackers Read Passwords
Cybersecurity researchers have uncovered a sophisticated new attack method that exploits wireless communication channels to create covert backdoors, enabling threat actors to capture sensitive credentials without detection. This technique, dubbed “Channel Triggered Backdoor Attack,” manipulates subtle variations in wireless signals…
Hackers Actively Targeting SonicWall, Zoho, F5 & Ivanti Systems to Exploit Vulnerabilities
A significant surge in cyberattacks targeting enterprise network appliances and remote access tools has put global organizations on high alert. On March 28, 2025, GreyNoise observed a 300% increase in malicious activity directed at SonicWall firewalls, Zoho ManageEngine platforms, F5…