Category: Cyber Security News

Eric Council Jr., a 26-year-old man from Huntsville, Alabama, was sentenced on May 16, 2025, to 14 months in federal prison followed by three years of supervised release for his role in the high-profile hacking of the U.S. Securities and…

Read more →

Ivanti has disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) solution. When chained together, these vulnerabilities allow attackers to execute unauthenticated remote code.  Security researchers have confirmed active exploitation in the wild, with the Shadowserver Foundation tracking nearly…

Read more →

Cyber attacks continue to plague organizations worldwide, with a staggering 67% of businesses reporting they faced at least one attack in the past year, according to the newly released Hiscox Cyber Readiness Report 2024. This marks the fourth consecutive annual…

Read more →

A sophisticated hacking group known as UNC3944, which previously targeted major UK retail organizations, has pivoted its operations toward US-based companies, according to newly published research from Google Cloud. The threat actor, which overlaps with public reporting on the group…

Read more →

As organizations transition to modern management with Microsoft Intune, migrating BitLocker recovery key management from Configuration Manager (ConfigMgr) to Intune is a critical step, especially in hybrid scenarios with co-managed, Entra-Hybrid-Joined devices. This in-depth guide provides a practical, step-by-step approach…

Read more →

Conor Brian Fitzpatrick, the 22-year-old former administrator of cybercrime marketplace BreachForums, will forfeit nearly $700,000 to settle a civil lawsuit related to a healthcare data breach.  This is a rare instance of a threat actor directly facing financial penalties for…

Read more →

Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors exploited a known vulnerability in unpatched Atlassian Confluence servers to deploy ransomware. The intrusion, which occurred in June 2024, leveraged CVE-2023-22527 – a template injection vulnerability-to gain initial access…

Read more →

A sophisticated supply chain compromise briefly turned the trusted VMware administration tool RVTools into a malware delivery vector on May 13, 2025. The attack leveraged a compromised installer to deploy Bumblebee, a dangerous malware loader with potential for ransomware staging…

Read more →

As cybercriminals become ever more sophisticated, any organization’s greatest vulnerability is its firewalls or software, not its people. Social engineering attacks, which manipulate human psychology rather than exploit technical flaws, are now responsible for most data breaches worldwide. In 2024,…

Read more →

Cybersecurity experts have identified a sophisticated multi-stage malware named Skitnet (also known as Bossnet) that employs advanced stealth techniques to execute payloads and maintain persistent system access. First appearing on underground forums in April 2024, Skitnet is actively sold as…

Read more →

Significant vulnerabilities uncovered in Volkswagen’s connected car app that exposed sensitive personal information and complete service histories of vehicles worldwide.  The flaws disclosed allowed unauthorized access to user data through simple exploits requiring only a vehicle’s VIN number, which is…

Read more →

CISA to remove standard cybersecurity alerts and advisories from its website. On May 12, 2025, CISA announced it would no longer post routine cybersecurity updates to its “Cybersecurity Alerts & Advisories” webpage, instead shifting to distribution exclusively through social media platforms…

Read more →

Advanced Persistent Threats (APTs) represent one of the most formidable challenges facing enterprises today, emphasizing the critical need for effective detection and response strategies for enterprises in the ever-evolving digital landscape. These sophisticated, stealthy, and targeted cyberattacks are orchestrated by…

Read more →

In the ever-evolving cybersecurity landscape, fileless malware has emerged as one of the most dangerous threats organizations face in 2025. Unlike traditional malware that leaves traces on hard drives, fileless attacks operate entirely within a computer’s memory, making them exceptionally…

Read more →

A sophisticated malware strain called ModiLoader (also known as DBatLoader) has emerged as a significant threat to Windows users, specifically targeting individuals through carefully crafted phishing campaigns. The malware, discovered in recent attacks, employs a multi-stage infection process that ultimately…

Read more →

Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers to execute malicious code on users’ systems.  The vulnerabilities affect multiple versions of the popular web browser and require immediate attention from…

Read more →

Security researchers successfully exploited multiple zero-day vulnerabilities in Windows 11, VMware ESXi, and Mozilla Firefox during the final day of Pwn2Own Berlin 2025, demonstrating sophisticated attack techniques that netted $383,750 in rewards.  The event concluded with a record-breaking total payout…

Read more →

A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems to local privilege escalation attacks.  Tracked as CVE-2025-4802 and publicly disclosed on May 16, 2025, this vulnerability could allow attackers to execute arbitrary code by…

Read more →

Delegated Managed Service Accounts (dMSAs), introduced in Windows Server 2025, represent Microsoft’s latest innovation in secure service account management.  While designed to enhance security by preventing traditional credential theft attacks like Kerberoasting, security researchers have uncovered potential abuse vectors that…

Read more →

A critical vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) that could allow attackers to execute malicious code on affected systems remotely. The vulnerability, tracked as CVE-2025-21297, was disclosed by Microsoft in their January 2025 security updates and has since…

Read more →