Category: Cyber Security News

A critical server-side request forgery (SSRF) vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to harvest user credentials and impersonate victims across multiple services, including Power Apps, Power Automate, Copilot Studio, and Copilot 365. The patched flaw posed severe…

Read more →

Cybersecurity experts have observed a significant increase in the use of the NetSupport Remote Access Trojan (RAT) in recent months, a malicious tool that allows attackers to gain full control over compromised systems. This surge in activity has been linked…

Read more →

QR codes have become an integral part of our digital lives, offering quick access to websites, services, and even payment systems. However, their widespread use has also made them a prime target for scammers. A new threat, known as “quishing,”…

Read more →

With the release of DeepSeek-V3 on December 25, 2024, the number of LLMjacking attacks in the cybersecurity space has significantly increased. Within hours of its launch, malicious actors had compromised the model, integrating it into OpenAI Reverse Proxy (ORP) systems…

Read more →

A recent analysis of over 1 million malware samples unveiled a trend where adversaries increasingly exploit the Application Layer of the Open System Interconnection (OSI) model to conduct stealthy Command-and-Control (C2) operations.  By leveraging trusted Application Layer Protocols, attackers are…

Read more →

GitHub has unveiled a groundbreaking update to its AI-powered coding assistant, GitHub Copilot, with the introduction of Agent Mode.  This new feature, available in preview for Visual Studio Code (VS Code) Insiders, empowers developers to autonomously complete complex coding tasks…

Read more →

Cisco has reportedly fallen victim to a significant data breach, with sensitive credentials from its internal network and domain infrastructure leaked online. The breach is allegedly linked to the Kraken ransomware group, which has published a dataset on its dark…

Read more →

Researchers have uncovered a critical flaw in the Linux kernel that could allow attackers to execute remote code.  The vulnerability, which had been inactive for seven years, was uncovered while conducting routine research on the Linux kernel’s TCP subsystem. This…

Read more →

A routine physical penetration test conducted by cybersecurity professionals took an unexpected turn when armed police arrested two security experts during a simulated breach at a corporate office in Malta. The incident involving miscommunication between the client and local authorities…

Read more →

In a significant shift in the ransomware landscape, payments to attackers have decreased by approximately 35% year-over-year. This decline is attributed to increased law enforcement actions, improved international collaboration, and a growing trend among victims to refuse ransom demands. Here…

Read more →

A cybersecurity enthusiast discovered the longest and most complicated passwords ever used by searching through a huge dataset of 31 million likely WPA WiFi passwords.  Typically, a password’s length and complexity directly affect its security. While diverse character sets prevent…

Read more →

Security researcher David Kennedy unveiled a novel attack technique known as “BYOTB” (Bring Your Own Trusted Binary) in a recent presentation at BSides London 2024, which leverages trusted binaries to bypass security measures and evade detection. This approach exploits the…

Read more →

Reverse engineering has long been a challenging yet essential process for cybersecurity professionals, software analysts, and researchers.  With the introduction of GhidrAssist, a cutting-edge plugin for the popular reverse engineering platform Ghidra, the process becomes significantly more streamlined and efficient. …

Read more →

A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2 library, specifically related to XML entities, to deceive the verification…

Read more →

A recently disclosed vulnerability in AnyDesk, a popular remote desktop software, identified as CVE-2024-12754, enables local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files.  This could potentially escalate their privileges to…

Read more →

Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving tactics of cybercriminals in leveraging legitimate tools for malicious purposes.…

Read more →

Linus Torvalds announced the release of Linux Kernel 6.14-rc2, the second release candidate in the 6.14 series. The release follows the usual weekly schedule and comes as a relatively small update, consistent with the overall size of the 6.14 kernel.…

Read more →

A critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players. The exploit, identified as a Remote Code Execution (RCE) vulnerability, allows attackers on the same…

Read more →

A global brute force attack campaign leveraging 2.8 million IP addresses actively targets edge security devices, including VPNs, firewalls, and gateways from vendors such as Palo Alto Networks, Ivanti, and SonicWall. The attack, first detected in January 2025, has been…

Read more →

Welcome to this week’s Cybersecurity Newsletter, which provides the latest updates and key insights from the ever-evolving field of cybersecurity. In the current fast-paced digital landscape, it is essential to remain informed. Our objective is to deliver the most pertinent…

Read more →