A critical security vulnerability affecting multiple Ubiquiti UniFi Access devices could allow attackers to execute malicious commands remotely. The vulnerability, tracked as CVE-2025-27212, stems from improper input validation and has been assigned a maximum CVSS v3.0 base score of 9.8,…
Category: Cyber Security News
Sophos Intercept X for Windows Vulnerabilities Enable Arbitrary Code Execution
Three critical vulnerabilities in the Sophos Intercept X for Windows product family could allow local attackers to achieve arbitrary code execution with system-level privileges. Identified as CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, the flaws span registry permission misconfigurations, a weakness in the…
Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon
A sophisticated malware campaign targeting Ivanti Connect Secure VPN devices has been actively exploiting critical vulnerabilities CVE-2025-0282 and CVE-2025-22457 since December 2024. The ongoing attacks demonstrate advanced persistent threat techniques, deploying multiple malware families including MDifyLoader, Cobalt Strike Beacon, vshell,…
Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware
Emerging in late 2024 and surging throughout the first half of 2025, ClickFix has become a pervasive social-engineering vector in which threat actors trick users into executing malicious commands under the guise of “quick fixes” for common computer issues. Rather…
New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs
WAFFLED is a recently disclosed technique that evades leading Web Application Firewalls (WAFs) by targeting subtle parsing inconsistencies rather than tampering with the malicious payload itself. By mutating innocuous elements such as boundary delimiters in multipart/form-data, character sets in application/json,…
Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It
A critical security vulnerability in TeleMessageTM SGNL, an enterprise messaging system modeled after Signal, has been actively exploited by cybercriminals seeking to extract sensitive user credentials and personal data. The flaw, designated CVE-2025-48927, affects government agencies and enterprises using this…
CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits
CISA issued three significant Industrial Control Systems (ICS) advisories on July 17, 2025, addressing critical vulnerabilities affecting energy monitoring, healthcare imaging, and access control systems. These advisories highlight severe security flaws with CVSS v4 scores ranging from 8.5 to 8.7,…
Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains
In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Initially identified by unusual SMS-based phishing campaigns leveraging adversary-in-the-middle (AiTM) domains,…
Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role
A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications. The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active…
Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike
A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and…
Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier
Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN…
Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets
The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets…
4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities
Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. The flaws could allow attackers to bypass security controls, spoof their identity, access private networks, and…
Hackers Exploiting DNS Blind Spots to Hide and Deliver Malware
A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. This technique transforms the Internet’s Domain Name System into an unconventional file storage system, allowing attackers…
H2Miner Attacking Linux, Windows, and Containers to Mine Monero
The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux…
Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics
Iranian state-sponsored threat actors have significantly escalated their cyber operations, employing sophisticated artificial intelligence-enhanced phishing campaigns to target cybersecurity researchers and academic institutions across Western nations. The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound),…
UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks
Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April. The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations…
Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms
An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology firm in…
UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages
A sophisticated espionage campaign targeting multiple Asian jurisdictions has emerged, utilizing weaponized shortcut files and deceptive social engineering techniques to infiltrate high-value targets across China, Hong Kong, and Pakistan. The threat actor, designated UNG0002 (Unknown Group 0002), has demonstrated remarkable…
Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data
Emerging in mid-2023 as an apparent successor to Meiya Pico’s notorious MFSocket, the newly identified Android application Massistant has begun surfacing on confiscated handsets at Chinese border checkpoints and police stations. Unlike conventional spyware that relies on covert remote delivery,…