Cisco Systems has issued a critical security advisory addressing a command injection vulnerability in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode. Designated as CVE-2025-20161, the flaw allows authenticated local attackers with administrative privileges to execute…
Category: Cyber Security News
New Wi-Fi Jamming Attack Disables Targeted Wi-Fi Devices Using RIS Technology
A major development in wireless security research has revealed a sophisticated Wi-Fi jamming technique capable of disabling individual devices with millimeter-level precision, leveraging emerging Reconfigurable Intelligent Surface (RIS) technology. Developed by researchers at Ruhr University Bochum and the Max Planck…
Authorities Arrested Hackers Behind 90 Data Leaks Worldwide
Authorities arrested a prolific hacker responsible for over 90 data breaches across 65 organizations in the Asia-Pacific region and 25 additional global targets. The cybercriminal, operating under aliases ALTDOS, DESORDEN, GHOSTR, and 0mid16B, exfiltrated 13 terabytes of sensitive data between…
Beware of Fake Job Interview Challenges Attacking Developers To Deliver Malware
A North Korea-aligned cybercriminal campaign dubbed DeceptiveDevelopment has been targeting freelance software developers through fake job interviews since early 2024. Posing as recruiters on platforms like LinkedIn, Upwork, and cryptocurrency-focused job boards, attackers lure victims with promising job opportunities or…
10 Best Network Security Solutions for Enterprise – 2025
Enterprises require robust network security solutions to protect against evolving cyber threats and ensure the safety of sensitive data. Leading solutions include Palo Alto Networks, Fortinet, Cisco Secure, and Check Point, among others. Palo Alto Networks excels with its AI-driven…
GitLab Vulnerabilities Let Attackers Bypass Security Controls & Execute Arbitrary Code
GitLab has issued a security advisory warning of multiple high-risk vulnerabilities in its DevOps platform, including two critical Cross-Site Scripting (XSS) flaws enabling attackers to bypass security controls and execute malicious scripts in user browsers. The vulnerabilities – tracked as…
LibreOffice Vulnerabilities Let Attackers Execute Malicious Files on Windows Systems
A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale, exposes users to potential remote…
23 Vulnerabilities in Black Basta’s Chat Logs Exploited in the Wild, Including PAN-OS, Cisco IOS, & Exchange
GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. These vulnerabilities span enterprise software, security appliances, and widely deployed web applications, with several critical flaws exploited…
Cisco Nexus Switches Vulnerability Lets Attackers Trigger DoS Condition
Cisco has released a security advisory addressing a vulnerability in its Nexus 3000 and 9000 Series Switches that could allow attackers to trigger a denial-of-service (DoS) condition. The vulnerability found in the health monitoring diagnostics of the switches could lead…
As a SOC/DFIR Team Member, How To Investigate Phishing Kit Attacks
Phishing kit attacks have become a pervasive threat in cybersecurity landscapes, lowering the barrier to entry for cybercriminals and enabling even low-skilled actors to launch sophisticated campaigns. These kits contain pre-built templates, data-harvesting scripts, and evasion tools designed to mimic…
Silent Killers Exploiting Windows Policy Loophole To Evade Detections & Deploy Malware
Check Point Research (CPR) has uncovered a sophisticated cyber campaign exploiting a Windows driver signing policy loophole to disable security tools and deploy malware across thousands of systems since June 2024. Attackers leveraged 2,500+ modified variants of the vulnerable Truesight.sys…
Threat Actor Allegedly Selling VMware ESXi 0-Day Exploit on Hacker Forum
A cybercriminal operating under the alias “Vanger” has surfaced on underground forums, offering a purported zero-day exploit targeting VMware ESXi hypervisors. The exploit claimed to enable virtual machine escape (VME), is being marketed at a steep price of $150,000. If…
Microsoft Entra ID DNS Resolution Failures Results in Authentication Issues
A critical DNS misconfiguration in Microsoft Entra ID (formerly Azure Active Directory) disrupted authentication services globally for nearly 90 minutes on February 25, 2025, affecting organizations relying on Seamless Single Sign-On (SSO) and Microsoft Entra Connect Sync. The outage stemmed…
GRUB2 Vulnerabilities Exposes Millions of Linux Systems to Cyber Attack
A critical set of 20 vulnerabilities in GRUB2, the ubiquitous bootloader underpinning most Linux distributions and Unix-like systems, has exposed millions of devices to potential secure boot bypass, remote code execution, and persistent firmware-level attacks. These flaws (CVSS scores up…
Genea IVF Clinic Breached – Thousand of Patient Data at Risk
Genea, one of Australia’s largest IVF providers, has confirmed that an unauthorized third party accessed its systems, potentially compromising sensitive patient data. The breach has left thousands of patients uncertain about their treatment schedules and medication plans, as critical digital…
MITRE Details New Framework OCCULT for Managing AI Security Threats
The MITRE Corporation has unveiled a groundbreaking evaluation framework designed to quantify the risks posed by large language models (LLMs) in offensive cyber operations (OCO). Dubbed OCCULT (Operational Evaluation Framework for Cyber Security Risks in AI), the methodology aims to…
Orange Communication Breached – Hackers Allegedly Claim Leak of 380,000 Emails
Orange Communication data breach was claimed by a threat actor using the pseudonym “Rey,” who was responsible for leaking 380,000 email records and sensitive corporate data on a dark web forum. The alleged breach, disclosed earlier this week, includes source…
New Phishing Attack Targeting Amazon Prime Users To Steal Login Credentials
A sophisticated phishing campaign targeting Amazon Prime users has emerged, leveraging counterfeit renewal notifications to harvest login credentials, payment details, and personal verification data. Discovered by the Cofense Phishing Defense Center (PDC) on February 18, 2025, the attack employs multi-stage…
Rsync Vulnerabilities Let Hackers Gain Full Control of Servers – PoC Released
Critical vulnerabilities in the Rsync file synchronization tool enable attackers to execute arbitrary code on vulnerable servers, exfiltrate sensitive data, and bypass critical security controls. The vulnerabilities affect Rsync version 3.2.7 and earlier, with proof-of-concept exploits already demonstrating remote code…
WordPress Plugin Vulnerability Exposes Millions of Websites to Script Injection Attacks
A critical security vulnerability in the Essential Addons for Elementor plugin (CVE-2025-24752) has put over two million WordPress websites at risk of cross-site scripting (XSS) attacks. The vulnerability discovered in the plugin’s handling of user inputs allowed attackers to inject…