Cybersecurity professionals constantly seek more effective penetration testing tools to stay ahead of threat actors and properly assess organizational defenses. A recent innovation in this field comes from security researchers who have developed a specialized agent for the Mythic framework…
Category: Cyber Security News
Zoom Workplace Apps Vulnerabilities Let Attackers Escalate Privileges
Zoom Video Communications disclosed multiple vulnerabilities affecting its Workplace Apps across various platforms, including Windows, macOS, Linux, iOS, and Android. These vulnerabilities pose significant risks such as privilege escalation, denial-of-service (DoS), and remote code execution, potentially allowing attackers to compromise…
Apache Superset Vulnerability Let Attackers Takeover Resource Ownership
Apache Superset, the popular open-source data visualization and business intelligence platform, has been found to have a significant security vulnerability. The vulnerability, CVE-2025-27696, allows authenticated users with read permissions to take over ownership of dashboards, charts, and datasets through improper…
Hackers Weaponize KeePass Password Manager to Deliver Malware & Steal Passwords
In a concerning development for cybersecurity professionals and everyday users alike, sophisticated threat actors have begun targeting KeePass, one of the most popular open-source password managers, to distribute malware and exfiltrate sensitive credentials. The campaign, which appears to have begun…
VMware Aria XSS Vulnerability Let Attackers Steal Access Token of Logged in User
Broadcom has released an urgent security advisory for a high-severity DOM-based Cross-Site Scripting (XSS) vulnerability affecting VMware Aria automation products. The vulnerability, tracked as CVE-2025-22249, could allow attackers to steal access tokens from logged-in users, potentially leading to unauthorized system…
Scattered Spider Attacking UK Retail Organizations in Supply Chain Attack
A sophisticated threat actor group known as Scattered Spider has expanded its targeting to UK retail organizations, leveraging advanced supply chain attack methodologies to compromise high-value targets. The financially motivated group, operating since May 2022, has evolved from primarily targeting…
Top 5 Takeaways from RSAC 2025: INE Security Alert
Comprehensive Training Platform Delivers Solutions for AI Security, Cloud Management, and Incident Response Readiness. Fresh from a high-impact presence at RSAC 2025, where INE Security welcomed thousands of visitors to its interactive booth at San Francisco’s Moscone Center, the global cybersecurity training…
Researchers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme
In a significant cybersecurity investigation, researchers have revealed an elaborate fraud scheme orchestrated by North Korean nationals who used stolen identities to secure remote IT positions at US-based companies and nonprofits. According to a December 2024 US indictment, fourteen North…
SAP May 2025 Patch Tuesday – Patch for Actively Exploited 0-Day & 15 Vulnerabilities
SAP’s May 2025 Security Patch Day includes an urgent update to the previously released emergency patch for a critical zero-day vulnerability (CVE-2025-31324) that continues to see active exploitation across multiple industries globally. The release includes 16 new Security Notes and…
North Korean Hackers Leveraging Academic Forum Invitation & Dropbox to Deliver Malware
In March 2025, a sophisticated spear phishing campaign attributed to the North Korean state-sponsored hacking group APT37 has been targeting activists focused on North Korean affairs. The attackers crafted convincing emails disguised as invitations to academic forums from a South…
PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security
A proof-of-concept (PoC) exploit has been released for a recently patched vulnerability in Apple’s macOS operating system, tracked as CVE-2025-31258. The flaw could allow malicious applications to break out of the macOS sandbox protection mechanism, potentially giving attackers access to…
F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands
F5 Networks has disclosed a high-severity command injection vulnerability (CVE-2025-31644) in its BIG-IP products running in Appliance mode. The vulnerability exists in an undisclosed iControl REST endpoint and BIG-IP TMOS Shell (tmsh) command, allowing attackers to bypass Appliance mode security…
Recurring Supply‑Chain Lapses Expose UEFI Firmware to Pre‑OS Threats
A disturbing pattern of security failures in the firmware supply chain continues to expose millions of devices to pre-OS threats, potentially undermining the foundation of computer security. Between 2022 and 2025, a series of critical security incidents involving leaked cryptographic…
Cobalt Strike 4.11.1 Released With Fix For ‘Enable SSL’ Checkbox
Fortra has released Cobalt Strike 4.11.1, an out-of-band update addressing critical issues discovered in their recent 4.11 release. This update, released on May 12, 2025, focuses primarily on resolving module stomping complications while also addressing issues with SSL certificate functionality…
Apple Security Update: Multiple Vulnerabilities in macOS & iOS Patched
Apple has released critical security updates for macOS Sequoia, addressing multiple vulnerabilities that could allow malicious applications to access sensitive user data. The update, macOS Sequoia 15.5, fixes eight major Important flaws that specifically target user privacy and data security…
Ransomware Wreaks Havoc on Businesses Struggling to Bolster Digital Security Measures
In an alarming trend that shows no signs of abating, ransomware attacks continue to devastate businesses worldwide as organizations struggle to strengthen their digital security infrastructure amid rising threats. Recent data reveals a record-breaking surge in attacks, with devastating financial…
Artificial Intelligence Fuels New Wave of Complex Cyber Attacks Challenging Defenders
The cybersecurity landscape is undergoing a seismic shift as artificial intelligence (AI) tools empower attackers to launch unprecedented deception, infiltration, and disruption campaigns. While AI-driven threat detection systems have advanced, cybercriminals now leverage generative AI, machine learning, and deepfake technologies…
Hackers Exploiting Output Messenger 0-Day Vulnerability to Deploy Malicious Payloads
Microsoft Threat Intelligence has identified a sophisticated cyber espionage campaign targeting Kurdish military entities in Iraq. The threat actor, known as Marbled Dust, has been exploiting a zero-day vulnerability in Output Messenger since April 2024 to collect sensitive user data…
Nitrogen Ransomware Exploits Antirootkit Driver File to Disable AV & EDR Tools
A new financially motivated threat, Nitrogen Ransomware, has rapidly emerged targeting the financial sector and beyond. While traces of this financially motivated ransomware date back to July 2023, security experts primarily track its organized campaigns from September 2024. Nitrogen primarily…
Hackers Arrested for Ransomware Attacks on Dutch Firms, Causing €4.5 Million in Damages
A 45-year-old foreign citizen, internationally wanted for serious cybercrimes, has been apprehended in the Republic of Moldova following a coordinated operation between Moldovan and Dutch law enforcement agencies. The suspect is believed to be responsible for multiple ransomware attacks that…