The North Korean state-linked threat group Kimsuky has expanded its attack methods by distributing a dangerous mobile malware through weaponized QR codes, targeting users through sophisticated phishing sites that imitate package delivery services. Security researchers discovered the malicious campaign in…
Category: Cyber Security News
Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign
Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the group’s pattern of cyberattacks that began in March 2025 with the exploitation of CVE-2025-2783, a…
5 SOC Analyst Tips for Super-Fast Triage
Every extra minute spent guessing during triage puts your SOC at risk. When it’s unclear what a file does, whether it’s malicious, or how urgent it is, real threats slip through while time is wasted on noise. Fast triage depends on removing uncertainty early,…
Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges
Microsoft has confirmed a critical out-of-bounds vulnerability in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. The vulnerability, identified as CVE-2025-55681, resides in the dwmcore.dll component and impacts Windows 10, Windows…
Hackers Could Take Control of Car Dashboard by Hacking Its Modem
Modern vehicles are increasingly defined by their connectivity, transforming them into sophisticated IoT devices on wheels. While this digital evolution enhances the driving experience, it introduces severe security risks. A hypothetical scenario where a car dashboard is remotely hijacked to…
Chinese Hackers Using Custom ShadowPad IIS Listener Module to Turn Compromised Servers into Active Nodes
The group employs a custom ShadowPad IIS Listener module to transform compromised servers into a resilient, distributed relay network. This approach allows attackers to route malicious traffic through victim infrastructure, effectively turning hacked organizations into a mesh of command-and-control nodes.…
Microsoft Asks IT Admins to Contact for Fix Related to Windows IIS Failure Issues
Microsoft has confirmed that its December 2025 Windows security update (KB5071546, OS Build 19045.6691) is causing Message Queuing (MSMQ) failures, leading to widespread IIS site crashes. First reported on December 12 and last updated December 16, the problem manifests under…
CISA Warns of Gladinet CentreStack and Triofox Vulnerability Exploited in Attacks
CISA issued a critical warning regarding a hardcoded cryptographic key vulnerability affecting Gladinet CentreStack and Triofox file management solutions. The vulnerability, tracked as CVE-2025-14611, poses significant risks to organizations using these widely deployed enterprise file-sharing platforms. The flaw lies in…
New Research Reveals 90% of Parked Domains Now Deliver Malware, Scams, and Phishing Attacks
The cybersecurity threat landscape has shifted dramatically, and parked domains have become a primary weapon for delivering malware, scams, and phishing attacks to unsuspecting internet users. What was once considered a harmless domain monetization practice has transformed into a dangerous…
New Moonwalk++ PoC Shows How Malware Can Spoof Windows Call Stacks and Evade Elastic-Inspired Rules
A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique extends prior stack-spoofing research and reveals critical gaps in current endpoint detection strategies. The Evasion Challenge As…
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary remediation measures. This action reflects the vulnerability’s active exploitation in the…
Singularity Linux Kernel Rootkit with New Feature Prevents Detection
Singularity, a sophisticated Linux kernel rootkit designed for Linux kernel versions 6.x, has gained significant attention from the cybersecurity community for its advanced stealth mechanisms and powerful capabilities. This kernel module represents a concerning evolution in rootkit technology, offering multiple…
New GhostPoster Attack Leverages PNG Icon to Infect 50,000+ Firefox Users
A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within…
NVIDIA Isaac Lab Vulnerability Let Attackers Execute Malicious Code
A critical security update addressing a dangerous deserialization vulnerability in NVIDIA Isaac Lab, a component of the NVIDIA Isaac Sim framework. The flaw could allow attackers to execute arbitrary code on affected systems, prompting the company to take immediate action.…
Cellik Android Malware with One-Click APK Builder Let Attackers Wrap its Payload Inside with Google Play Store Apps
Cellik represents a significant evolution in Android Remote Access Trojan capabilities, introducing sophisticated device control and surveillance features previously reserved for advanced spyware. This newly identified RAT combines full device takeover with an integrated Google Play Store connection, allowing attackers…
Chrome Zero-Day Vulnerabilities Exploited in 2025 – A Comprehensive Analysis
Throughout 2025, Google patched an unprecedented wave of actively exploited zero-day vulnerabilities affecting its Chrome browser, patching a total of eight critical flaws that threatened billions of users worldwide. These vulnerabilities, all classified as high severity with CVSS scores averaging…
New GhostPoster Attack Leverages PNG Icon to Infect 50,000 Firefox Users
A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within…
BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls
In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass…
Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution
Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected…
APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators
A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been…