NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms. The update, detailed in a March 10, 2025 security bulletin, impacts…
Category: Cyber Security News
PHP XXE Injection Vulnerability Let Attackers Read Config Files & Private Keys
Security researchers have uncovered a sophisticated XML External Entity (XXE) injection vulnerability in PHP applications that could allow attackers to access sensitive configuration files and private keys. The vulnerability, discovered by researcher Aleksandr Zhurnakov, affects PHP applications using certain libxml…
Critical Windows Remote Desktop Services Vulnerability Lets Attackers Execute Malicious Code
Microsoft has released its March security update, addressing 57 vulnerabilities across its product range, including six critical flaws. Among the critical vulnerabilities are CVE-2025-24035 and CVE-2025-24045, both Remote Code Execution (RCE) vulnerabilities in Windows Remote Desktop Services (RDS). Each vulnerability…
CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data
The Cybersecurity and Infrastructure Security Agency (CISA) escalated its cybersecurity alert, by adding six critical Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, with four directly impacting the New Technology File System (NTFS). These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993,…
New Fully Undetected Anubis Malware Let Hackers Execute Remote Commands
A newly discovered Python-based backdoor called AnubisBackdoor is enabling threat actors to execute remote commands on compromised systems while completely evading detection by most antivirus solutions. Developed by the notorious threat group Savage Ladybug (also known as FIN7), this malware…
Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account
A disturbing trend of sophisticated attacks recently detected by researchers specifically designed to evade multi-factor authentication (MFA) protections. These advanced techniques, which exploit vulnerabilities in authentication workflows rather than the authentication factors themselves, have enabled attackers to gain unauthorized access…
New XCSSET Malware Attacking macOS Users With Enhanced Obfuscation
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects and executes when developers build these projects. This is the first known XCSSET variant since 2022, featuring enhanced obfuscation methods, updated…
Jaguar Land Rover Allegedly Hacked – Threat Actor Leaked 700 Internal Documents
A threat actor operating under the alias “Rey” has allegedly compromised the internal systems of Jaguar Land Rover (JLR), one of the United Kingdom’s most prominent automotive manufacturers, and leaked approximately 700 internal documents containing sensitive technical and operational data. …
Apache Camel Vulnerability Let Attackers Inject Arbitrary Headers – PoC Exploit Released
A critical security flaw in Apache Camel’s header validation mechanism allows attackers to execute arbitrary system commands by exploiting case-sensitive header injection. A POC released for CVE-2025-27636, this vulnerability impacts Apache Camel versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3, exposing systems using…
Google Warned Chromecast Owners Not to Hit Factory Reset
Google has issued an urgent advisory to owners of Chromecast 2nd Generation (2015) and Chromecast Audio devices, warning against factory resets as a global outage linked to an expired security certificate renders these devices inoperable. The company confirmed that it…
Beware! AI-Assisted Fake GitHub Repositories Steal Sensitive Data Including Login Credentials
A sophisticated malware campaign leveraging artificial intelligence to create deceptive GitHub repositories has been observed distributing SmartLoader payloads that ultimately deploy Lumma Stealer, a dangerous information-stealing malware. This operation exploits GitHub’s trusted reputation to bypass security defenses, targeting users seeking…
Telecom Giant NTT Admits Hackers Accessed 18,000 Corporate Customers Data
Japanese telecommunications conglomerate NTT Communications (NTT Com) disclosed this week that threat actors infiltrated its internal systems in February, compromising sensitive data belonging to 17,891 corporate clients globally. The breach, detected on February 5, marks the latest in a series…
Apache Pinot Vulnerability Let Attackers Bypass Authentication
A critical security vulnerability (CVE-2024-56325) in Apache Pinot, the open-source distributed OLAP datastore used by LinkedIn, Uber, and Microsoft for real-time analytics, allows unauthenticated attackers to bypass authentication controls and gain full system access. Rated 9.8 on the CVSS v3…
New Botnet Dubbed “Eleven11bot” Hacked 30,000 Webcams
A newly identified botnet, tracked as Eleven11bot, has compromised approximately 30,000 internet-connected devices—primarily security cameras and network video recorders (NVRs)—to launch distributed denial-of-service (DDoS) attacks against critical infrastructure. Discovered by Nokia Deepfield’s Emergency Response Team (ERT) on February 26, 2025,…
SolarWinds Web Help Desk Vulnerability Let Hackers Access Stored Passwords – PoC Released
A critical vulnerability in SolarWinds’ Web Help Desk software (CVE-2024-28989) allowed attackers to decrypt sensitive credentials, including database passwords and LDAP/SMTP authentication secrets, through cryptographic weaknesses in its AES-GCM implementation. Patched in version 12.8.5, the flaw stemmed from predictable encryption…
Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days
Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March update included fixes for: In addition to the…
Threat Actors Bypass Security Layers To Fuel SIM Swap Attacks
SIM swap attacks have emerged as a growing cybersecurity threat, with security researchers documenting a 38% increase in successful attacks during the first quarter of 2025. These sophisticated attacks involve criminals convincing mobile carriers to transfer a victim’s phone number…
Blind Eagle Hackers Leveraging Google Drive, Dropbox & GitHub To Bypass Security Defenses
A series of ongoing, targeted cyber campaigns by Blind Eagle (APT-C-36), one of Latin America’s most dangerous threat actors primarily targeting Colombia’s justice system, government institutions, and private organizations were recently unveiled by Check Point Research (CPR). The group has…
AI Turned As A Powerful Tool For Cybercriminals To Execute Attacks At High Speed
Artificial intelligence has emerged as a formidable weapon in the cybercriminal arsenal, enabling attacks with unprecedented precision, speed, and scale. Security experts warn that cybercriminals are increasingly leveraging automated AI systems to penetrate networks, steal data, and deploy intelligent viruses…
Google Details Microsoft’s Time Travel Debugging Framework Security Bugs
Mandiant researchers, part of Google’s cybersecurity division, have uncovered several critical security bugs in Microsoft’s Time Travel Debugging (TTD) framework. The findings reveal significant instruction emulation inaccuracies that could potentially compromise security analyses and incident response investigations, leading analysts to…