Category: Cyber Security News

The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories on April 1, 2025, highlighting significant vulnerabilities in critical infrastructure components.  These advisories, ICSA-25-091-01 and ICSA-24-331-04, address security flaws in Rockwell Automation and Hitachi Energy products…

Read more →

Sliver, a multi-platform Command & Control framework written entirely in Go, has gained significant traction in offensive security since its 2020 release. The framework provides red teams with powerful post-exploitation capabilities, but as its user base has expanded, detection has…

Read more →

Python has officially standardized a lock file format with the acceptance of PEP 751 marking a significant milestone for the Python packaging ecosystem. The new format, named pylock.toml, addresses long-standing issues with dependency management by providing a standardized way to…

Read more →

Ransomware has emerged as one of the most devastating cyberthreats facing organizations today, capable of bringing even thriving businesses to their knees within hours. As digital transformation accelerates across sectors, the attack surface for these malicious campaigns continues to expand,…

Read more →

Cybersecurity experts have identified a sophisticated phishing campaign specifically targeting taxpayers through their mobile devices. The attacks leverage the heightened anxiety of last-minute tax filers, creating a perfect storm for cybercriminals looking to harvest sensitive personal and financial information. These…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Apache Tomcat vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation in the wild.  The vulnerability, tracked as CVE-2025-24813, allows remote attackers to execute arbitrary…

Read more →

Cybersecurity researchers identified a sophisticated malware campaign leveraging a new variant of KoiLoader, a modular payload delivery system notorious for distributing information stealers like Koi Stealer. This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass…

Read more →

A sophisticated multi-stage attack where threat actors leverage Microsoft Teams to deliver malicious payloads, establishing persistence and remote access to corporate networks.  This new attack vector exploits Teams’ perceived security as an internal business application, allowing attackers to bypass traditional…

Read more →

A sophisticated cyber espionage campaign attributed to Iranian state-sponsored group APT34 (OilRig) has targeted Iraqi governmental entities and critical infrastructure sectors since late 2024, leveraging new malware variants designed to evade conventional security measures. The group, active since 2012, has…

Read more →

Threat hunting isn’t just a job — it’s an adventure. There’s a thrill in proactively chasing down adversaries who think they’ve outsmarted your defenses. It’s this blend of challenge, creativity, and impact that makes threat hunting not only fun but…

Read more →

A critical security flaw in Kentico Xperience CMS, a widely used enterprise content management system (CMS), has been uncovered. By exploiting a Cross-Site Scripting (XSS) vulnerability, attackers can execute remote code.  This vulnerability, tracked as CVE-2025-2748, affects versions of Kentico…

Read more →

Researchers from Xi’an Jiaotong University have introduced EncGPT, an AI-powered multi-agent framework that dynamically generates encryption and decryption rules. This innovation addresses critical challenges in communication security, balancing cost-efficiency and high-level encryption reliability. EncGPT leverages large language models (LLMs) to…

Read more →

VMware has issued a critical security advisory (VMSA-2025-0006) addressing a high-severity local privilege escalation vulnerability (CVE-2025-22231) in its Aria Operations platform. The flaw, rated 7.8 on the CVSSv3 scale, allows attackers with local administrative access to gain root-level control over…

Read more →

A critical security vulnerability in Plantronics Hub software enables attackers to escalate privileges through an unquoted search path weakness. Affecting versions 3.24.5 through 3.25.2, this vulnerability becomes particularly dangerous when installed alongside OpenScape Fusion for MS Office, which is often…

Read more →

HijackLoader, a sophisticated malware loader initially discovered in 2023, has evolved with new advanced modules designed to evade security detection and analysis. Also known as IDAT Loader and GHOSTPULSE, this modular malware not only delivers second-stage payloads but also employs…

Read more →

A significant data breach has hit Samsung Germany as threat actor “GHNA” has released 270,000 customer support tickets for free on hacking forums.  The breach, which occurred in March 2025, exposes extensive personal and transactional data from Samsung’s German operations…

Read more →

A high-severity security vulnerability (CVE-2025-1449) affecting its Verve Asset Manager product could allow attackers with administrative access to execute arbitrary commands.  The vulnerability, discovered in versions 1.39 and earlier, has been assigned a CVSS Base Score of 9.1 (v3.1), indicating…

Read more →

Penetration testing, also known as ethical hacking, is a critical process in cybersecurity aimed at identifying and addressing vulnerabilities within systems, networks, and applications. By simulating real-world attacks, penetration testing helps organizations uncover weaknesses before malicious actors can exploit them.…

Read more →

Check Point Software Technologies has confirmed a data breach following claims by threat actor CoreInjection on March 30th, 2025, but insists the incident is an “old, known and very pinpointed event” from December 2024 that had already been addressed.  The…

Read more →

Linux Lite 7.4 Final has officially been released and is now available for download. This latest iteration of the lightweight Linux distribution brings several GUI improvements, bug fixes, and code updates while maintaining its focus on user-friendly computing for both…

Read more →