Category: Cyber Security News

Security researchers uncovered critical zero-day vulnerabilities across major enterprise platforms during the second day of Pwn2Own Berlin 2025, earning a staggering $435,000 in bounties. The competition, hosted at the OffensiveCon conference, witnessed successful exploits against VMware ESXi, Microsoft SharePoint, Mozilla…

Read more →

Apple’s macOS Gatekeeper, a cornerstone of the operating system’s defense against malicious software, has undergone significant macOS Sequoia (15.0) updates to address emerging security challenges. These changes reflect Apple’s ongoing efforts to balance user freedom with robust protection against increasingly…

Read more →

Security Operations Centers (SOCs) and Managed Security Service Providers (MSSPs) operate at the forefront of cybersecurity, tasked with defending organizations against increasingly sophisticated threats. As adversaries refine their tactics, the need for continuous skill development, particularly through hands-on malware analysis training, has…

Read more →

As the Linux kernel continues to power everything from cloud infrastructure to embedded devices, its security remains critical. In 2025, patching strategies face unprecedented challenges: a 3,529% year-over-year increase in CVEs since 2024, sophisticated exploitation techniques targeting virtualization subsystems, and kernel-level attacks…

Read more →

A coordinated phishing campaign targeting Kuwait’s critical sectors has been exposed through a distinctive operational security lapse: the consistent reuse of SSH authentication keys across multiple attack servers. The campaign, which remains active as of May 2025, has deployed over…

Read more →

The Federal Bureau of Investigation (FBI) issued an urgent warning Thursday about an ongoing malicious campaign where cybercriminals are impersonating senior US officials through text messages and AI-generated voice calls. The sophisticated attack, which began in April 2025, primarily targets…

Read more →

In a significant setback for US cybercrime enforcement efforts, Russian hacker Andrei Tarasov has evaded extradition to the United States and successfully returned to his homeland, intelligence sources confirm. Tarasov, 33, known in cybercriminal circles by the aliases “Aels” and,…

Read more →

A recent investigation has uncovered a concerning case of espionage at one of America’s premier academic institutions, where a Chinese intelligence agent posed as a Stanford University student to gather sensitive research information. The agent, operating under the alias “Charles…

Read more →

A newly discovered class of vulnerabilities in Intel processors, termed Branch Predictor Race Conditions (BPRC), allows attackers to systematically extract sensitive data from the cache and random-access memory (RAM) of other users sharing the same hardware. Affecting all Intel processors…

Read more →

Cybersecurity experts have identified a concerning trend in the malware landscape as threat actors increasingly leverage fileless techniques to circumvent traditional security measures. A sophisticated PowerShell-based shellcode loader executing Remcos Remote Access Trojan (RAT) has emerged as the latest example…

Read more →

Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructure in the first quarter of 2025. This alarming figure, revealed in a comprehensive threat landscape…

Read more →

Multiple users and IT administrators are reporting that Microsoft’s latest security update KB5058379, released on May 13, 2025, is causing widespread issues with BitLocker recovery prompts and system boot failures. This mandatory Patch Tuesday update, which contains critical security fixes,…

Read more →

In April 2025, cybersecurity teams were starkly reminded of the stakes involved in patch management when Microsoft disclosed CVE-2025-29824, a zero-day privilege escalation flaw in the Windows Common Log File System (CLFS) driver. Exploited by ransomware groups to gain SYSTEM-level access,…

Read more →

Critical security flaws have been uncovered in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) solution, exposing organizations to the risk of unauthenticated remote code execution (RCE). The vulnerabilities, tracked as CVE-2025-4427 and CVE-2025-4428, have been…

Read more →

Mergers and acquisitions (M&A) have become a high-stakes battleground for cybersecurity risks, with 2024 witnessing a surge in regulatory scrutiny, sophisticated cyberattacks, and costly post-deal breaches. As global M&A activity rebounds to pre-pandemic levels, CISOs face unprecedented challenges in safeguarding…

Read more →

Apple’s macOS has experienced a concerning surge in zero-day vulnerabilities over the past six months, highlighting the need for robust security practices. Recent sophisticated attacks targeting businesses and individuals demonstrate that Apple’s relatively secure ecosystem remains vulnerable to determined threat…

Read more →

A lesser-known feature of Git, Dubbed “Commit Stomping,” this technique allows users to manipulate commit timestamps, potentially disguising malicious or unauthorized changes in a repository’s history. While not a bug or vulnerability, Commit Stomping exploits Git’s flexibility to rewrite the…

Read more →

The Jenkins project has issued a critical security advisory detailing vulnerabilities in five widely used plugins: Cadence vManager, DingTalk, Health Advisor by CloudBees, OpenID Connect Provider, and WSO2 Oauth. These flaws, ranging from medium to critical severity, could allow attackers…

Read more →

As container adoption rapidly accelerates across enterprises in 2025, security professionals are under increasing pressure to focus on securing Linux containers and protecting these ephemeral environments. Container security requires a multi-layered approach that addresses vulnerabilities throughout the container lifecycle –…

Read more →

SonicWall has issued a high-priority security advisory (SNWLID-2025-0010) revealing a critical Server-Side Request Forgery (SSRF) vulnerability in its SMA1000 Appliance Work Place interface. Tracked as CVE-2025-40595, the vulnerability carries a CVSS v3 score of 7.2, indicating a high-severity risk. Discovered…

Read more →