A recent phishing campaign has been uncovered by Netskope Threat Labs, highlighting a sophisticated technique where attackers exploit Webflow’s Content Delivery Network (CDN) and fake CAPTCHAs to steal sensitive financial information. This campaign, ongoing since the second half of 2024,…
Category: Cyber Security News
Hackers Exploited Palo Alto’s Firewall Vulnerability to Deploy RA World Ransomware
In a significant cybersecurity breach, attackers exploited a critical vulnerability in Palo Alto Networks’ PAN-OS firewall software (CVE-2024-0012) to deploy the RA World ransomware. The attack, which occurred in late 2024, targeted a medium-sized software and services company in South…
Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale
A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face in prioritizing vulnerability management. CVE-2022-47945…
Winnti Hackers Attacking Japanese Organizations With New Malware
The China-based Winnti Group has targeted Japanese organizations in a recent cyberattack campaign known as “RevivalStone,” in the manufacturing, materials, and energy sectors. This campaign, confirmed in March 2024, utilizes a new version of the Winnti malware with enhanced capabilities.…
Threat Actors Exploiting DeepSeek’s Popularity To Deploy Malware
The Chinese AI startup DeepSeek has gained significant attention in the global AI market with its open-source inference model, DeepSeek-R1. This model has been touted as a more cost-effective alternative to existing AI solutions, outperforming OpenAI’s GPT-o1. However, this newfound…
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems
Russian-backed hackers, specifically the Sandworm APT group (also known as APT44 or UAC-0145), have been using weaponized Microsoft Key Management Service (KMS) activators to infiltrate Windows systems in Ukraine. This campaign, which has been active since late 2023, exploits pirated…
RedNote App Vulnerability Allows Access to User Files on iOS & Android Devices
Critical vulnerabilities were uncovered in the popular Chinese social media app RedNote (also known as XiaoHongShu), which boasts over 300 million active users globally. These security flaws, present in both Android and iOS versions, expose users’ browsing activity, device metadata,…
Windows 11’s New Compression Formats Pose Security Risks with libarchive
Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z. This update aimed to enhance user convenience by enabling file management directly within File Explorer. However, the integration of…
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API
A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. The malware is part…
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques
Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors. Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from…
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource
Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs). Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts. …
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS
Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface. This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected…
Have I Been Pwned Likely to Ban Resellers Subscriptions
Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships. Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the…
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications
Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server…
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard’s Attacks
Microsoft Threat Intelligence has exposed a subgroup within the Russian state actor Seashell Blizzard, known as the “BadPilot campaign.” This subgroup has been conducting a multiyear operation to compromise Internet-facing infrastructure globally, expanding Seashell Blizzard’s reach beyond Eastern Europe. The…
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack
CrowdStrike has disclosed a high-severity vulnerability in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability, identified as CVE-2025-1146, originates from a validation logic error in the Transport Layer Security (TLS) connection routine. This…
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords
A massive 2.7 billion records containing sensitive user data, including Wi-Fi network names, passwords, IP addresses, and device identifiers, were exposed in a massive IoT security breach linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED,…
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely
Google has rolled out an urgent security update for Chrome, addressing four high-severity vulnerabilities that could allow attackers to execute malicious code or compromise user data. The update, Chrome version 133.0.6943.98/.99 for Windows/Mac and 133.0.6943.98 for Linux, targets critical flaws…
Palo Alto PAN-OS 0-Day Vulnerability Let Attackers Bypass Web Interface Authentication
Palo Alto Networks has disclosed a critical vulnerability (CVE-2025-010) in its PAN-OS software that could allow attackers to bypass authentication on the management web interface. This flaw, which has been assigned a CVSS Base Score of 8.8, poses a significant…
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool
An Advanced Persistent Threat (APT) is a sophisticated and stealthy cyberattack designed to gain unauthorized, long-term access to a target’s network. These attacks are meticulously planned and executed by highly skilled threat actors, often state-sponsored groups or organized crime syndicates,…