Category: Cyber Security News

Have I Been Pwned (HIBP) has incorporated 284 million email addresses compromised by information-stealer malware into its breach notification service. The data originates from a 1.5TB corpus of stealer logs dubbed “ALIEN TXTBASE”, marking one of the largest malware-related dataset…

Read more →

A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched and vulnerable to remote code execution (RCE) attacks. This flaw, with a CVSS score of 9.9, is categorized as a stack-based buffer overflow…

Read more →

DISA Global Solutions, a leading provider of employment screening services, has confirmed a massive data breach exposing sensitive information of approximately 3.3 million individuals.  The incident, classified as an external system breach (CVE pending), occurred between February 9 and April…

Read more →

A recent discovery has unveiled a sophisticated and fully undetected batch script capable of delivering the powerful malware families XWorm and AsyncRAT.  This script, which remained undetected on VirusTotal for over two days, employs advanced obfuscation techniques and leverages PowerShell…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on February 25, 2025, confirming that threat actors are actively exploiting a critical privilege escalation vulnerability in Microsoft’s Partner Center platform (CVE-2024-49035). The improper access control flaw, which…

Read more →

Cybersecurity companies are at the forefront of protecting digital systems, networks, and sensitive data from unauthorized access, malicious attacks, and other cyber threats. As technology continues to advance and the digital landscape expands, the importance of cybersecurity has grown exponentially.…

Read more →

A sophisticated malware campaign dubbed “GitVenom” has exploited GitHub’s open-source ecosystem to distribute malicious code through thousands of fraudulent repositories, targeting developers seeking automation tools, cryptocurrency utilities, and gaming hacks. The campaign, active since at least 2023, employs advanced social…

Read more →

A sophisticated threat cluster tracked as UAC-0212 has escalated efforts to compromise critical infrastructure systems in Ukraine, according to a recent advisory from CERT-UA (Government Computer Emergency Response Team of Ukraine). These attacks, active since July 2024, focus on energy,…

Read more →

A coordinated campaign involving at least 16 malicious Chrome extensions infected over 3.2 million users worldwide, leveraging browser security vulnerabilities to execute advertising fraud and search engine optimization manipulation. Discovered by GitLab Threat Intelligence in February 2025, these extensions, ranging…

Read more →

A recent study from a team of cybersecurity researchers has revealed severe security flaws in commercial-grade Large Reasoning Models (LRMs), including OpenAI’s o1/o3 series, DeepSeek-R1, and Google’s Gemini 2.0 Flash Thinking. The research introduces two key innovations: the Malicious-Educator benchmark…

Read more →

In an era where open-source collaboration drives software innovation, a sophisticated cyber campaign dubbed GitVenom has emerged as a critical threat to developers.  Security researchers have uncovered over 200 malicious GitHub repositories designed to distribute information stealers and remote access…

Read more →

A newly disclosed vulnerability in the GRUB2 bootloader’s read command (CVE-2025-0690) has raised concerns about potential Secure Boot bypasses and heap memory corruption in Linux systems.  Red Hat Product Security rates this integer overflow flaw as moderately severe. It could…

Read more →

In a transformative move for smartphone longevity, Qualcomm Technologies, Inc., and Google have announced a collaboration to enable eight years of Android software and security updates for devices powered by Snapdragon mobile platforms.  This initiative, targeting smartphones launching with the…

Read more →

A critical server-side request forgery (SSRF) vulnerability (CVE-2025-27090) has been identified in the Sliver C2 framework’s teamserver implementation, enabling attackers to establish unauthorized TCP connections through vulnerable servers. Affecting versions 1.5.26 through 1.5.42 and pre-release builds below commit Of340a2, this…

Read more →

A newly uncovered technique allows threat actors to bypass Microsoft Outlook’s spam filtering mechanisms, enabling the delivery of malicious ISO files through seemingly benign email links.  This vulnerability exposes organizations to increased risks of phishing and malware attacks, particularly when…

Read more →

Researchers have disclosed KernelSnitch, a novel side-channel attack exploiting timing variances in Linux kernel data structures, achieving covert data transmission rates up to 580 kbit/s and enabling website fingerprinting with 89% accuracy.  The attack targets four critical container types: fixed/dynamic…

Read more →

A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been identified in all versions of MITRE Caldera prior to commit 35bc06e, exposing systems to potential compromise via unauthenticated attackers.  The flaw resides in the dynamic compilation mechanism of Caldera’s Sandcat…

Read more →

Security researchers from MASSGRAVE have unveiled TSforge, a groundbreaking tool exploiting vulnerabilities in Microsoft’s Software Protection Platform (SPP) to activate every version of Windows from Windows 7 onward, including Office suites and add-ons. This exploit marks the first successful direct…

Read more →

Security researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated malware campaign distributing the LummaC2 information stealer disguised as a cracked version of Total Commander, a popular file management tool for Windows. The operation targets users seeking unauthorized…

Read more →

Event monitoring tools are software solutions designed to track, analyze, and manage events across various systems, applications, or environments. These tools are widely used in IT operations, security monitoring, application performance management, and even live event tracking. They help organizations…

Read more →