A significant development in the cybercriminal landscape occurred on May 20, 2025, when the VanHelsing ransomware-as-a-service (RaaS) operation publicly released its source code after an alleged former developer attempted to sell it on the RAMP cybercrime forum. Security researchers have…
Category: Cyber Security News
3 Ways MSSPs Can Boost Security Operations With Malware Sandbox
Managed Security Service Providers (MSSPs) face constant pressure to deliver accurate detection, fast response, and efficient training without overloading their teams. With cyberattacks becoming more complex and evasive, the right tools can make all the difference. Let’s explore how fully…
SideWinder APT Hackers Exploiting Old Office Flaws to Deliver Malware Bypassing Detections
In a sophisticated campaign targeting high-level government institutions across South Asia, the SideWinder Advanced Persistent Threat (APT) group has been leveraging years-old Microsoft Office vulnerabilities to deliver malware while evading detection. The threat actors are specifically targeting organizations in Sri…
LockBit Internal Data Leak Exposes Payload Creation Patterns & Ransom Demands
In May 2025, the cybersecurity community was granted an unprecedented glimpse into the operations of one of the world’s most notorious ransomware groups when LockBit themselves fell victim to a data breach. The leaked information, made available via a Tor…
Extracting Credentials from Microsoft Deployment Toolkit Shares – Red Teaming
Microsoft Deployment Toolkit (MDT) shares, an often-overlooked infrastructure component, can be a goldmine of credentials for attackers. A new report published by TrustedSec highlights how red teams can easily extract domain administrator credentials from misconfigured MDT deployments, potentially leading to…
Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server
Atlassian has released its May 2025 Security Bulletin, disclosing eight high-severity vulnerabilities affecting multiple Data Center and Server products. The security flaws, discovered through the company’s Bug Bounty program, penetration testing, and third-party library scans, could expose enterprise systems to…
100+ Malicious Chrome Extensions Attacking Users to Exfiltrate Login Credentials & Execute Remote Code
A sophisticated campaign involving more than 100 malicious Chrome browser extensions has been discovered targeting users worldwide since February 2024. These malicious extensions employ a deceptive dual-functionality approach, appearing to work as advertised while secretly connecting to attacker-controlled servers to…
Teen Hacker Admits Guilt in Major Cyberattack on PowerSchool
A 19-year-old Massachusetts college student has agreed to plead guilty to a series of federal charges stemming from a sophisticated cyberattack and extortion scheme targeting PowerSchool, the leading student information system provider for K-12 schools in North America. The breach,…
Kettering Health Suffers System Wide Outage Following Ransomware Attack
Kettering Health, a major hospital network operating 14 medical centers across Ohio, confirmed Tuesday it has fallen victim to a ransomware attack that triggered a comprehensive technology failure across its facilities. The cyberattack, which occurred on May 20, 2025, has…
Hackers Could Abuse Google Cloud Platform to Execute Malicious Commands
Security researchers have uncovered a sophisticated attack vector that allows threat actors to exploit serverless computing services offered by Google Cloud Platform (GCP) to execute malicious commands. The vulnerability, dubbed “function confusion,” enables attackers to leverage package installation scripts within…
Hackers Created Fake Version of AI Tool to Attack 6 Million Users
In a sophisticated cyberattack campaign uncovered in early 2025, threat actors created counterfeit versions of popular AI image generation platform Kling AI to deliver malware to unsuspecting users. Kling AI, which has amassed over 6 million users since its June…
Lexmark Printer Vulnerability Allows Attackers to Execute Arbitrary Code
A critical security vulnerability has been identified in numerous Lexmark printer models that could allow attackers to execute arbitrary code remotely. Designated as CVE-2025-1127, this critical flaw affects the embedded web server in various Lexmark devices and poses significant risks…
Palo Alto GlobalProtect Vulnerability Enables Malicious Code Execution – PoC Released
Palo Alto Networks has disclosed a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-0133, affecting the GlobalProtect gateway and portal features of its PAN-OS software. The flaw enables execution of malicious JavaScript in authenticated Captive Portal user browsers when victims…
New Microsoft O365 Phishing Attack Uses AES & Malicious npm Packages to Steal Login Credentials
A sophisticated phishing campaign targeting Microsoft Office 365 users has emerged, combining several advanced techniques to evade detection and harvest credentials. The attack, identified in early April 2025, leverages encrypted HTML files, content delivery networks (CDNs), and malicious npm packages…
Multiple Foscam X5 IP Camera Vulnerabilities Let Attackers Execute Arbitrary Code
Multiple vulnerabilities in Foscam X5 IP cameras allow remote attackers to execute arbitrary code without authentication. The flaws, disclosed on May 21, 2025, affect the UDTMediaServer component in Foscam X5 version 2.40 and prior firmware releases. Despite repeated attempts to…
Hazy Hawk Exploits Organizations’ DNS Gaps to Abuse Cloud Resources & Deliver Malware
Security researchers have identified a sophisticated threat actor named “Hazy Hawk” that’s hijacking abandoned cloud resources from high-profile organizations worldwide to distribute scams and malware. Active since at least December 2023, the group exploits DNS misconfigurations to take control of…
More_Eggs Malware Exploits Job Application Emails to Deliver Malicious Payloads
The More_Eggs malware, a sophisticated JavaScript backdoor operated by the financially motivated Venom Spider (also known as Golden Chickens) threat group, has emerged as a significant threat to corporate environments. This backdoor is particularly concerning as it’s distributed through a…
Kimsuky APT Group Uses Using Powershell Payloads to Deliver XWorm RAT
A sophisticated campaign by the Kimsuky Advanced Persistent Threat (APT) group has been identified, utilizing elaborate PowerShell payloads to deliver the dangerous XWorm Remote Access Trojan (RAT). This North Korean-linked threat actor has evolved its tactics, leveraging heavily obfuscated PowerShell…
New RedisRaider Campaign Attacking Linux Servers by Abusing Redis Configuration
A new sophisticated Linux cryptojacking campaign called RedisRaider has emerged, targeting vulnerable Redis servers across the internet. This aggressive malware exploits misconfigured Redis instances to deploy cryptocurrency mining software, effectively turning compromised systems into digital mining farms for the attackers.…
Securing iCloud Accounts – Best Practices for iPhone Users
As iPhones become the central hub for personal and professional life, Apple’s iCloud service has grown indispensable for millions of users. iCloud seamlessly syncs photos, contacts, documents, and backups across devices, but this convenience also makes it a prime target…