Google has officially promoted Chrome 137 to the stable channel for Windows, Mac, and Linux platforms, marking a significant milestone in browser security and artificial intelligence integration. The Chrome team announced the release on May 27, 2025, with the update…
Category: Cyber Security News
Researchers Dissected macOS ‘AppleProcessHub’ Stealer, TTPs & C2 Server Details Exposed
Security researchers have conducted an extensive analysis of a sophisticated macOS information stealer that emerged in mid-May 2025, revealing intricate attack mechanisms and command-and-control infrastructure details. The malware, dubbed ‘AppleProcessHub’ after its associated domain, represents a significant threat to macOS…
Zero Trust In The API Economy: New Frontiers In Identity-Based Access Control
APIs are the new highways of the internet. They’re fast, powerful, and make everything run until someone sneaks in and crashes the system. That’s the dilemma of the modern digital world: we’ve built an economy around APIs, but a lot…
Hackers Mimic OneNote Login to Steal Office365 & Outlook Credentials
A sophisticated phishing campaign targeting Italian and U.S. users through fake Microsoft OneNote login prompts designed to harvest Office 365 and Outlook credentials. The attack leverages legitimate cloud services and Telegram bots for data exfiltration, making detection significantly more challenging…
Microsoft Warns of Void Blizzard Hackers Attacking Telecommunications & IT Organizations
Microsoft Threat Intelligence has unveiled a sophisticated Russian-affiliated cyberespionage group dubbed “Void Blizzard” (also known as LAUNDRY BEAR) that has been conducting widespread attacks against telecommunications and IT organizations since April 2024. The threat actor has successfully compromised critical infrastructure…
Check Point Acquires Veriti for Automated Threat Exposure Management
Check Point Software Technologies has announced the acquisition of Veriti Cybersecurity, marking a significant advancement in automated threat exposure management for enterprises facing increasingly sophisticated AI-driven cyber attacks. The transaction, expected to close by the end of Q2 2025, represents…
How To Use Threat Intelligence Data From 15,000 Companies To Defend Yours
Threat intelligence is the cornerstone of proactive cyber defense, providing context to security events to prioritize response efforts. It’s about turning raw data into strategic insights that can be used to fortify network defenses against known and unknown threats. The…
Dutch Intelligence Exposes Russian “Laundry Bear” Hackers Behind Police Hack
Dutch intelligence services have identified a previously unknown Russian hacking group responsible for cyberattacks on multiple Dutch organizations, including a significant breach of the national police system in September 2024 that compromised work-related contact information of officers. The Netherlands General…
New Android Malware GhostSpy Let Attacker Take Full Control Over Infected Devices
A sophisticated new Android malware strain called GhostSpy has emerged as a significant threat to mobile device security, demonstrating advanced capabilities that allow cybercriminals to achieve complete control over infected smartphones and tablets. This web-based Remote Access Trojan (RAT) employs…
Windows 11 Notepad Gets AI Writer Using a Variant of ChatGPT or Microsoft’s AI Model
Microsoft has revolutionized its iconic Notepad application by introducing an AI-powered text generation feature called “Write,” marking a dramatic transformation for the minimalist text editor that has remained largely unchanged for decades. The new functionality, powered by a variant of…
Adidas Data Breach – Customer Data Exposed Via Third-Party Service Provider
German sportswear giant Adidas has confirmed a significant data breach involving customer contact information accessed through a compromised third-party customer service provider. The incident, disclosed on May 23, 2025, exposed contact details of consumers who had previously interacted with the…
GitHub MCP Server Vulnerability Let Attackers Access Private Repositories
A critical security vulnerability in the widely-used GitHub Model Context Protocol (MCP) server has been discovered, exposing users to sophisticated attacks that can compromise private repository data through malicious prompt injections. The vulnerability affects any agent system using the GitHub…
GIMP Image Editor Vulnerability Let Remote Attackers Arbitrary Code
Two critical security vulnerabilities discovered in the popular GIMP image editing software have been disclosed. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems. The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th,…
Google Ads Campaign Targets Developers with Malware via Fake Homebrew Site
Security researchers have revealed that a sophisticated malvertising campaign discovered last week has been targeting software developers through malicious Google advertisements that impersonate the popular Homebrew package manager. The attack demonstrates an evolution in cybercriminal tactics that exploit trusted verification…
New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting
A critical vulnerability in HTTP/2 protocol implementations that allows attackers to bypass web security protections and execute arbitrary cross-site scripting (XSS) attacks against major websites. At the Network and Distributed System Security (NDSS) Symposium 2025, Tsinghua University researchers presented their…
Weaponized Google Meet Page Tricks Users into Running PowerShell Malware
A sophisticated social engineering campaign that leverages fake Google Meet conference pages to trick users into manually executing malicious PowerShell commands, leading to system compromise through various information-stealing malware, including AsyncRAT, StealC, and Rhadamanthys. This emerging threat, known as “ClickFix,”…
Nova Scotia Power Confirms Ransomware Attack – 280k Customers Affected
Nova Scotia Power has officially confirmed it fell victim to a sophisticated ransomware attack that compromised sensitive customer data belonging to approximately 280,000 individuals. The Canadian utility disclosed on Friday that threat actors successfully infiltrated its network systems and published…
SharpSuccessor – A PoC For Exploiting Windows Server 2025’s BadSuccessor Vulnerability
A proof-of-concept exploit tool called SharpSuccessor that weaponizes the recently discovered BadSuccessor vulnerability in Windows Server 2025’s delegated Managed Service Account (dMSA) feature. The .NET-based tool, developed by Logan Goins, demonstrates how attackers with minimal Active Directory permissions can escalate…
Critical vBulletin Forum Vulnerability Let Attackers Execute Remote Code
A newly discovered vulnerability in vBulletin, one of the world’s most popular forum platforms, has exposed thousands of online communities to the risk of unauthenticated remote code execution (RCE). The flaw, present in vBulletin versions 5.x and 6.x running on…
FBI Warns of Silent Ransom Group Attacking Users Via Fake IT Calls
The Federal Bureau of Investigation has issued a critical warning about an increasingly sophisticated cybercriminal organization known as the Silent Ransom Group (SRG), which has been conducting targeted attacks against law firms and other organizations through deceptive IT support calls.…