Check Point Software Technologies has announced the acquisition of Veriti Cybersecurity, marking a significant advancement in automated threat exposure management for enterprises facing increasingly sophisticated AI-driven cyber attacks. The transaction, expected to close by the end of Q2 2025, represents…
Category: Cyber Security News
How To Use Threat Intelligence Data From 15,000 Companies To Defend Yours
Threat intelligence is the cornerstone of proactive cyber defense, providing context to security events to prioritize response efforts. It’s about turning raw data into strategic insights that can be used to fortify network defenses against known and unknown threats. The…
Dutch Intelligence Exposes Russian “Laundry Bear” Hackers Behind Police Hack
Dutch intelligence services have identified a previously unknown Russian hacking group responsible for cyberattacks on multiple Dutch organizations, including a significant breach of the national police system in September 2024 that compromised work-related contact information of officers. The Netherlands General…
New Android Malware GhostSpy Let Attacker Take Full Control Over Infected Devices
A sophisticated new Android malware strain called GhostSpy has emerged as a significant threat to mobile device security, demonstrating advanced capabilities that allow cybercriminals to achieve complete control over infected smartphones and tablets. This web-based Remote Access Trojan (RAT) employs…
Windows 11 Notepad Gets AI Writer Using a Variant of ChatGPT or Microsoft’s AI Model
Microsoft has revolutionized its iconic Notepad application by introducing an AI-powered text generation feature called “Write,” marking a dramatic transformation for the minimalist text editor that has remained largely unchanged for decades. The new functionality, powered by a variant of…
Adidas Data Breach – Customer Data Exposed Via Third-Party Service Provider
German sportswear giant Adidas has confirmed a significant data breach involving customer contact information accessed through a compromised third-party customer service provider. The incident, disclosed on May 23, 2025, exposed contact details of consumers who had previously interacted with the…
GitHub MCP Server Vulnerability Let Attackers Access Private Repositories
A critical security vulnerability in the widely-used GitHub Model Context Protocol (MCP) server has been discovered, exposing users to sophisticated attacks that can compromise private repository data through malicious prompt injections. The vulnerability affects any agent system using the GitHub…
GIMP Image Editor Vulnerability Let Remote Attackers Arbitrary Code
Two critical security vulnerabilities discovered in the popular GIMP image editing software have been disclosed. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems. The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th,…
Google Ads Campaign Targets Developers with Malware via Fake Homebrew Site
Security researchers have revealed that a sophisticated malvertising campaign discovered last week has been targeting software developers through malicious Google advertisements that impersonate the popular Homebrew package manager. The attack demonstrates an evolution in cybercriminal tactics that exploit trusted verification…
New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting
A critical vulnerability in HTTP/2 protocol implementations that allows attackers to bypass web security protections and execute arbitrary cross-site scripting (XSS) attacks against major websites. At the Network and Distributed System Security (NDSS) Symposium 2025, Tsinghua University researchers presented their…
Weaponized Google Meet Page Tricks Users into Running PowerShell Malware
A sophisticated social engineering campaign that leverages fake Google Meet conference pages to trick users into manually executing malicious PowerShell commands, leading to system compromise through various information-stealing malware, including AsyncRAT, StealC, and Rhadamanthys. This emerging threat, known as “ClickFix,”…
Nova Scotia Power Confirms Ransomware Attack – 280k Customers Affected
Nova Scotia Power has officially confirmed it fell victim to a sophisticated ransomware attack that compromised sensitive customer data belonging to approximately 280,000 individuals. The Canadian utility disclosed on Friday that threat actors successfully infiltrated its network systems and published…
SharpSuccessor – A PoC For Exploiting Windows Server 2025’s BadSuccessor Vulnerability
A proof-of-concept exploit tool called SharpSuccessor that weaponizes the recently discovered BadSuccessor vulnerability in Windows Server 2025’s delegated Managed Service Account (dMSA) feature. The .NET-based tool, developed by Logan Goins, demonstrates how attackers with minimal Active Directory permissions can escalate…
Critical vBulletin Forum Vulnerability Let Attackers Execute Remote Code
A newly discovered vulnerability in vBulletin, one of the world’s most popular forum platforms, has exposed thousands of online communities to the risk of unauthenticated remote code execution (RCE). The flaw, present in vBulletin versions 5.x and 6.x running on…
FBI Warns of Silent Ransom Group Attacking Users Via Fake IT Calls
The Federal Bureau of Investigation has issued a critical warning about an increasingly sophisticated cybercriminal organization known as the Silent Ransom Group (SRG), which has been conducting targeted attacks against law firms and other organizations through deceptive IT support calls.…
ChatGPT Deep Research Now Integrates Dropbox & OneDrive to Pull Data
OpenAI has announced a significant expansion of ChatGPT’s deep research capabilities, introducing seamless integration with popular cloud storage platforms including Dropbox and Microsoft OneDrive. This development represents a major step forward in making artificial intelligence more accessible within existing enterprise…
Hard-Coded Telnet Credentials Leave D-Link Routers Wide Open to Remote Code Execution
A significant security flaw (CVE-2025-46176) has exposed thousands of D-Link routers to remote code execution attacks through hardcoded Telnet credentials embedded in firmware. The vulnerability affects DIR-605L v2.13B01 and DIR-816L v2.06B01 models, scoring 6.5 on the CVSS v3.1 scale with…
Vulnerability in Popular macOS App Cursor Allows Malware to Bypass Privacy Protections, Exposing User Data
A critical security vulnerability has been discovered in Cursor, a popular AI-powered code editor for macOS, that enables malicious software to circumvent Apple’s built-in privacy protections and access sensitive user data without proper authorization. The vulnerability exploits a misconfiguration in…
ChatGPT o3 Model Bypassed to Sabotage the Shutdown Mechanism
OpenAI’s latest large language model, ChatGPT o3, actively bypassed and sabotaged its own shutdown mechanism even when explicitly instructed to allow itself to be turned off. Palisade Research, an AI safety firm, reported on May 24, 2025, that the advanced…
Katz Stealer Attacking Chrome, Edge, Brave & Firefox to Steal Login Details
A sophisticated new credential-stealing malware known as Katz Stealer has emerged as a significant threat to users of popular web browsers, demonstrating advanced capabilities that allow it to bypass modern security protections and exfiltrate sensitive authentication data. This malware-as-a-service operation…