Category: Cyber Security News

Cybersecurity company Zscaler has confirmed it fell victim to a widespread supply-chain attack that exposed customer contact information through compromised Salesforce credentials linked to marketing platform Salesloft Drift. The breach, disclosed on August 31, 2025, stems from a larger campaign…

Read more →

The telecommunications landscape is facing an unprecedented crisis as SIM swapping attacks surge to alarming levels, with the United Kingdom alone reporting a staggering 1,055% increase in incidents during 2024, jumping from just 289 cases in 2023 to nearly 3,000…

Read more →

A group claiming to be a coalition of hackers has reportedly issued an ultimatum to Google, threatening to release the company’s databases unless two of its employees are terminated. The demand, which appeared in a Telegram post, specifically named Austin…

Read more →

The Wireshark team has rolled out version 4.4.9, a maintenance release for the world’s most popular network protocol analyzer. This update focuses on stability and reliability, delivering a series of important bug fixes and enhancing support for several existing protocols.…

Read more →

Microsoft is issuing a direct call to its hardware partners, urging original equipment manufacturers (OEMs) to address configuration issues that prevent crucial USB-C troubleshooting notifications from functioning correctly in Windows 11. These built-in alerts are designed to enhance user experience…

Read more →

MediaTek today published a critical security bulletin addressing several vulnerabilities across its latest modem chipsets, urging device OEMs to deploy updates immediately.  The bulletin, issued two months after confidential OEM notification, confirms that no known in-the-wild exploits have been detected…

Read more →

A novel phishing campaign emerged in late August 2025 that specifically targeted hoteliers and vacation rental managers through malicious search engine advertisements. Rather than relying on mass email blasts or social media lures, attackers purchased sponsored ads on platforms such…

Read more →

A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely bypass authorization mechanisms.  This vulnerability arises from improper handling of the x-middleware-subrequest header within Next.js…

Read more →

In a significant security move, Microsoft announced on August 26, 2025, that it will require mandatory multifactor authentication (MFA) for all accounts signing in to the Azure portal and related administrative centers. The policy, first introduced in 2024, aims to…

Read more →

Security researchers have observed an unprecedented surge in domain registrations in recent months, closely tied to the upcoming 2026 FIFA World Cup tournament. These domains, often masquerading as legitimate ticketing portals, merchandise outlets, or live-stream platforms, serve as precursors to…

Read more →

You may have seen them in restaurants, cat-faced robots gliding between tables, delivering plates of food. These robots, many of them made by Pudu Robotics, the world’s largest commercial service robotics company, are part of a growing fleet of automated…

Read more →

Cybercriminals are increasingly exploiting legitimate email marketing platforms to launch sophisticated phishing campaigns, leveraging the trusted reputation of these services to bypass security filters and deceive victims. This emerging threat vector represents a significant evolution in phishing tactics, where attackers…

Read more →

macOS has long been recognized for its robust, integrated security stack, but cybercriminals are finding ways to weaponize these very defenses.  Recent incidents show attackers exploit Keychain, SIP, TCC, Gatekeeper, File Quarantine, XProtect, and XProtect Remediator to stealthily deliver malicious…

Read more →

Salesforce today unveiled its comprehensive Forensic Investigation Guide, equipping organizations with best practices, log analysis techniques, and automation workflows to detect and respond to sophisticated security breaches rapidly.  To reconstruct attack timelines and assess data exposure, the guide emphasizes three…

Read more →

Security researchers at Socket.dev uncovered a sophisticated supply chain attack in late August 2025 leveraging a malicious npm package named nodejs-smtp, which masquerades as the widely used email library nodemailer, boasting approximately 3.9 million weekly downloads. At first glance, nodejs-smtp…

Read more →

Microsoft has opened the Release Preview Channel to Windows Insiders for the forthcoming Windows 11, version 25H2 (Build 26200.5074) enablement package (eKB), offering an early look at this year’s annual feature update.  Insiders can now opt in via Windows Update’s…

Read more →

Apple appears to be laying the groundwork to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant push anticipated across the European Union. The move aligns with the company’s long-term strategy…

Read more →

A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative…

Read more →

Cybercriminals are exploiting Windows Defender Application Control (WDAC) policies to systematically disable Endpoint Detection and Response (EDR) agents, creating a dangerous blind spot in corporate security infrastructure. Real-world threat actors, including ransomware groups like Black Basta, have now adopted a…

Read more →

Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to…

Read more →