Microsoft has discovered multiple critical vulnerabilities affecting widely used bootloaders including GRUB2, U-Boot, and Barebox. These security flaws potentially expose systems to sophisticated boot-level attacks that could compromise devices before operating systems even initialize, allowing attackers to gain persistent and…
Category: Cyber Security News
CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild. The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU)…
CrushFTP Vulnerability Exploited in Attacks Following PoC Release
Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code. Based on Shadowserver Foundation’s most recent monitoring data, approximately 1,512 unpatched instances remain vulnerable globally as…
Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks
Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks. These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms.…
Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals
Researchers have detected an alarming surge in malicious scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals. Over a 30-day period, nearly 24,000 unique IP addresses have attempted to access these critical security gateways, suggesting a coordinated effort to probe…
Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups
The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. Once considered a singular entity, Lazarus has evolved into a network of specialized subgroups with overlapping tactics,…
Cannon Printer Vulnerability Let Attackers Execute Arbitrary Code
Canon has issued a critical security advisory regarding a severe vulnerability detected in several of its printer drivers that could allow attackers to execute arbitrary code on affected systems. The flaw, identified as CVE-2025-1268, carries a high-severity CVSS base score…
Technical Analysis Published for OpenSSH’s Agent Forwarding RCE Vulnerability
Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH’s agent forwarding feature that was disclosed in July 2023. The Qualys Threat Research Unit discovered the vulnerability, which affected all OpenSSH…
New Ubuntu Security Bypasses Allow Attackers to Exploit Kernel Vulnerabilities
Three critical bypasses in Ubuntu Linux’s unprivileged user namespace restrictions allow local attackers to escalate privileges and exploit kernel vulnerabilities. These bypasses affect Ubuntu 23.10 and 24.04 LTS systems, where AppArmor-based protections were introduced to limit namespace misuse. While not…
Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System
Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform other malicious activities without authentication. Security…
CrushFTP Vulnerability Exploited to Gain Full Server Access
A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, which affects versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, received a CVSS score of…
ClickFake Interview – Lazarus Hackers Exploit Windows and macOS Users Fake Job Campaign
The Lazarus Group, a North Korean state-sponsored hacking collective, has launched a new campaign dubbed ClickFake Interview, targeting job seekers in the cryptocurrency industry. This malicious operation uses fake job interview websites to deploy a Go-based backdoor, known as GolangGhost,…
Earth Alux Hackers Employ VARGIET Malware to Attack Organizations
The cybersecurity landscape has been disrupted by Earth Alux, a China-linked advanced persistent threat (APT) group actively conducting espionage operations since the second quarter of 2023. Initially targeting the Asia-Pacific region, the group expanded its operations to Latin America by…
Hewlett Packard RCE Vulnerability Allows Attackers to Bypass Authentication and Execute Remote Commands
A critical unauthenticated remote code execution vulnerability (CVE-2024-13804) has been discovered in HPE Insight Cluster Management Utility (CMU) v8.2, enabling attackers to bypass authentication mechanisms and execute commands with root privileges on the backend server. This high-severity vulnerability affects a…
Microsoft Removes bypassnro.cmd in Windows 11 Insider To Stop Users from Installing OS Without MS Account
Microsoft has taken a decisive step in its latest Windows 11 Insider Preview Build 26200.5516 by removing the bypassnro.cmd script, effectively closing a loophole that allowed users to install Windows 11 without connecting to the internet or signing in with…
DarkCloud – An Advanced Stealer Malware Selling Via Telegram To Steal Data From Windows
DarkCloud is a sophisticated stealer malware that emerged in 2022, quickly positioning itself as one of the most prevalent threats in its category. This Windows-targeting malware has evolved significantly to extract sensitive information including browser data, FTP credentials, screenshots, keystrokes,…
Konni RAT Exploit Windows Explorer To Launches a Multi-Stage Attack in Windows
The notorious Konni RAT (Remote Access Trojan) has evolved to leverage a sophisticated Windows Explorer exploitation technique, enabling attackers to execute multi-stage attacks with enhanced stealth capabilities. This malware, historically linked to North Korean threat actors, has been observed targeting…
Threats Actors Hide Malware in WordPress Websites to Execute Code Remotely
Recent discoveries have uncovered a concerning trend where threat actors are strategically concealing malicious code within WordPress websites’ mu-plugins directory. This directory is particularly valuable for attackers as it loads automatically with WordPress, making detection and removal more challenging. The…
Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure
Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. These threat actors conducted financially-motivated and espionage operations throughout late 2024 and early…
Triton RAT Leveraging Telegram To Remotely Access & Control Systems
A sophisticated Python-based Remote Access Tool (RAT) named Triton has emerged as a significant threat, utilizing Telegram as its command and control infrastructure. This malware enables attackers to remotely access and control compromised systems, with particular emphasis on harvesting Roblox…