Category: Cyber Security News

When most people think of DDoS attacks, they envision tsunami-like floods of traffic overwhelming servers. That’s the classic Layer 3/4 strategy brute force attacks meant to crash services by clogging up bandwidth. But over the last quarter, I’ve seen a…

Read more →

Security researchers have uncovered one of the largest credit card theft operations in recent history, with a sophisticated Phishing-as-a-Service (PhaaS) platform called “Darcula” responsible for stealing approximately 884,000 credit card details through a massive campaign that generated over 13 million…

Read more →

A sophisticated new attack method that disables endpoint security protection has been identified by security researchers, enabling threat actors to deploy ransomware undetected.  The technique, dubbed “Bring Your Own Installer,” was recently discovered by Aon’s Stroz Friedberg Incident Response team…

Read more →

A newly discovered vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to remotely crash servers with zero user interaction or authentication.  The flaw, which targets the UDP-based TFTP service at the WDS, could allow even low-skilled attackers to paralyze…

Read more →

Most executives still treat PCI DSS like paperwork something to file away after a quarterly scan. But that mindset is dangerous. PCI compliance isn’t just a checklist it’s a survival test. Every rule in PCI exists because someone got breached.…

Read more →

A sophisticated credential theft technique, identified as T1555.003 in the MITRE ATT&CK framework, has emerged as a significant threat to organizations worldwide.  This technique enables adversaries to extract usernames and passwords directly from web browsers, which commonly store these credentials…

Read more →

A critical vulnerability in Microsoft Telnet Server enables attackers to bypass authentication completely, potentially gaining administrator access without valid credentials. Organizations running legacy Windows systems are advised to take immediate action, as no official patch is available. The critical flaw,…

Read more →

A sophisticated cyber campaign targeting corporate human resources departments has been uncovered, with attackers exploiting the routine practice of opening job application attachments to deploy a dangerous backdoor. The financially motivated threat group Venom Spider is behind this campaign, sending…

Read more →

Security researchers have recently uncovered a sophisticated supply chain attack targeting ecommerce platforms through 21 widely-used applications. The backdoor, which remained dormant for six years after its initial injection between 2019 and 2022, has recently activated, providing attackers with complete…

Read more →

A sophisticated Remote Access Trojan (RAT) dubbed “RomCom” has emerged as a significant threat targeting UK organizations through their customer feedback portals. Cybersecurity experts have identified a coordinated campaign exploiting these seemingly innocuous feedback mechanisms to deliver the malware, which…

Read more →

In a sophisticated cyber espionage campaign, threat actors are actively targeting Indian government personnel using decoy documents referencing the recent Pahalgam attack. The malicious campaign, discovered in early May 2025, utilizes spear-phishing emails with attachments designed to exploit recipients’ interest…

Read more →

A data breach at Kelly & Associates Insurance Group (operating as Kelly Benefits) has exposed sensitive personal information of more than 410,000 individuals, significantly more than initially reported. The Maryland-based benefits administration and payroll solutions provider confirmed that cybercriminals infiltrated…

Read more →

A notorious ransomware group dubbed DragonForce has claimed responsibility for a series of cyber attacks targeting major UK retailers, with Co-op now confirming a significant data breach affecting its membership database. The attacks, which also targeted Marks & Spencer and…

Read more →

A sophisticated cyber intrusion targeting critical national infrastructure in the Middle East has been uncovered, with evidence pointing to an Iranian state-sponsored threat group. The attack, which persisted from May 2023 to February 2025, showcases advanced tactics and a concerning…

Read more →

A significant security lapse occurred at Elon Musk’s artificial intelligence company xAI, where a developer inadvertently leaked a private API key on GitHub that remained accessible for nearly two months.  The exposed credentials provided unauthorized access to private large language…

Read more →

MediaTek has released critical security patches addressing six significant vulnerabilities affecting a wide range of devices powered by their chipsets.  The vulnerabilities, disclosed in the company’s May 2025 Product Security Bulletin, impact smartphones, tablets, AIoT devices, smart displays, audio systems,…

Read more →

After more than two decades as a pioneer in internet-based calling and messaging, Skype has officially been retired by Microsoft as of May 5, 2025. The company is now urging all Skype users to migrate to Microsoft Teams, marking the…

Read more →

A sophisticated SS7 protocol vulnerability that enables unauthorized SMS interception and real-time phone tracking is now being offered for sale on underground forums, raising serious concerns about mobile network security worldwide.  The exploit, priced at $5,000, provides buyers with comprehensive…

Read more →

A surge in cyberattacks leveraging email input fields as a gateway to exploit a wide range of vulnerabilities, including Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and email header injection.  Email input fields are ubiquitous in modern web applications, used…

Read more →

Cryptocurrency exchange Kraken recently uncovered a sophisticated infiltration attempt by a North Korean hacker who applied for an engineering position at the company.  Instead of immediately rejecting the suspicious application, Kraken’s security team strategically advanced the candidate through multiple interview…

Read more →