A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The Sinobi Group, operating as a Ransomware-as-a-Service (RaaS) affiliate, successfully infiltrated corporate networks by exploiting SonicWall…
Category: Cyber Security News
Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season
As students and staff returned to campuses this August, a stark rise in cyber attacks against educational institutions has been observed worldwide. From January to July 2025, organizations in the education sector endured an average of 4,356 weekly attacks, marking…
Hackers Weaponize PDF Along With a Malicious LNK File to Compromise Windows Systems
Attackers have begun leveraging a seemingly innocuous PDF newsletter alongside a malicious Windows shortcut (LNK) file to infiltrate enterprise environments. The attack surfaced in late August 2025, targeting South Korean academic and government institutions under the guise of a legitimate…
Threat Actors Weaponizing Facebook Ads with Free TradingView Premium App Lures That Delivers Android Malware
Cybersecurity researchers have uncovered a sophisticated malvertising campaign on Meta’s Facebook platform in recent weeks that targets Android users with promises of a free TradingView Premium application. These deceptive ads mimic official TradingView branding and visuals, luring unsuspecting victims to…
Virustotal’s New Endpoint Provides Functionality Descriptions for Malware Analysts’ Code Requests
VirusTotal today unveiled Virustotal’s New endpoint, which receives code requests and returns a description of its functionality for malware analysts, a powerful addition to its Code Insight platform. Designed to streamline reverse engineering workflows, the new API endpoint pre-analyzes disassembled or decompiled…
Multiple Hikvision Vulnerabilities Let Attackers Inject Executable Commands
Hikvision has disclosed three significant security vulnerabilities affecting multiple versions of its HikCentral product suite that could enable attackers to execute malicious commands and gain unauthorized administrative access. The vulnerabilities, assigned CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247, were reported to…
DPRK IT Workers Using Code-Sharing Platforms to Secure New Remote Jobs
Over the past year, security researchers have observed a growing trend of North Korean–linked developers establishing credible-looking profiles on popular code-sharing platforms such as GitHub, CodeSandbox, and Gist. These accounts frequently host legitimate open-source projects alongside hidden payloads, allowing operators…
Google Confirms Potential Compromise of All Salesloft Drift Customer Authentication Tokens
Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to the service. The new findings from the Google Threat Intelligence Group (GTIG) indicate that the…
New Research With PoC Explains Security Nightmares On Coding Using LLMs
Security researchers have uncovered significant vulnerabilities in code generated by Large Language Models (LLMs), demonstrating how “vibe coding” with AI assistants can introduce critical security flaws into production applications. A new study reveals that LLM-generated code often prioritizes functionality over…
15 Best Identity & Access Management Solutions (IAM) in 2025
Effective Identity Management Solutions have become paramount in today’s interconnected world, where individuals interact with various online platforms and services. Identity management solutions refer to the processes, technologies, and policies implemented to ensure secure and appropriate access to digital resources…
TransUnion Hack Exposes 4M+ Customers Personal Information
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which…
New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware
A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques…
Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript
Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers. The security flaw was patched in version…
PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input
A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security. The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package…
How Adversary-In-The-Middle (AiTM) Attack Bypasses MFA and EDR?
Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape. Unlike traditional phishing attacks that merely collect static credentials, AiTM attacks actively intercept and manipulate communications between users and legitimate services in real-time,…
Nx Packages With Millions of Weekly Downloads Hacked With Credential Stealer Malware
A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft. The attack, dubbed “s1ngularity,” represents one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem…
Silver Fox APT Hackers Leveraging Vulnerable driver to Attack Windows 10 and 11 Systems by Evading EDR/AV
Emerging in mid-2025, a sophisticated campaign attributed to the Silver Fox APT has begun exploiting a previously unreported vulnerable driver to compromise modern Windows environments. This campaign leverages the WatchDog Antimalware driver (amsdk.sys, version 1.0.600), a Microsoft-signed component built on…
Hackers Exploit Microsoft Teams, Posing as IT Help Desk for Screen Sharing and Remote Access
A sophisticated phishing campaign has been identified, where threat actors impersonate IT helpdesk personnel through Teams’ external communication features, exploiting the platform’s default configuration to bypass traditional email security measures and gain unauthorized screen-sharing and remote-control capabilities. The attacks leverage…
Threat Actors Breach High Value Targets like Google in Salesforce Attacks – What Organizations Need to Know
The escalation of sophisticated cyberattacks targeting Salesforce environments has emerged as one of the most concerning trends in enterprise cybersecurity. As organizations increasingly rely on customer relationship management (CRM) platforms to store their most sensitive business data, threat actors have…
Weaponized ScreenConnect RMM Tool Tricks Users into Downloading Xworm RAT
In a sophisticated campaign uncovered during a recent Advanced Continual Threat Hunt (ACTH) by Trustwave’s SpiderLabs team, threat actors weaponized a legitimate remote management tool, ScreenConnect, to deploy the Xworm Remote Access Trojan (RAT) through a deceptive, multi-stage infection chain.…