Category: Cyber Security News

Unified Threat Management (UTM) firewall is a comprehensive cybersecurity solution that integrates multiple security functions into a single platform or appliance. It is designed to simplify security management, reduce costs, and provide robust protection against a variety of cyber threats. UTM solutions are especially popular among…

Read more →

A widespread campaign targeting Microsoft Internet Information Services (IIS) servers to deploy the BadIIS malware, a tool used for search engine optimization (SEO) fraud and malicious content injection.  The campaign, attributed to the Chinese-speaking hacking group DragonRank, has affected over…

Read more →

The CISA has issued a warning regarding a critical remote code execution (RCE) vulnerability affecting Trimble Cityworks, a popular software solution for local government and public works asset management. The vulnerability, identified as CVE-2025-0994, allows an external actor to exploit…

Read more →

Hewlett Packard Enterprise (HPE) has disclosed a significant data breach involving its Office 365 email environment, attributed to the Russian state-sponsored hacking group known as Midnight Blizzard, also referred to as Cozy Bear or APT29. The breach, which began in…

Read more →

Meta Platforms, Inc. is facing serious allegations in a copyright infringement lawsuit, with plaintiffs claiming the tech giant used 81.7 terabytes of pirated books from shadow libraries to train its Llama AI models. The lawsuit, filed in the U.S. District…

Read more →

In recent weeks, ShadowServer has observed a significant rise in brute-force attacks targeting web login pages of edge devices, with honeypot data revealing up to 2.8 million IPs involved daily.  These attacks, primarily originating from Brazil, are aimed at devices…

Read more →

A recent phishing campaign has been targeting Facebook users with fake copyright infringement notices, aiming to steal their login credentials. This sophisticated scam has been sent to over 12,279 email addresses, primarily affecting enterprises across the EU, US, and Australia.…

Read more →

A new attack vector exploiting vulnerabilities in Kerberos delegation within Active Directory (AD) networks has been uncovered, posing significant risks to enterprise security.  This technique leverages the inherent weaknesses of Unconstrained Kerberos Delegation, a legacy feature that allows services to…

Read more →

Microsoft has released a critical security update for its Edge browser, addressing multiple vulnerabilities that could allow attackers to execute remote code and compromise user systems. Users are strongly urged to update their browsers immediately to mitigate potential risks. Four…

Read more →

In a concerning development for the machine learning community, researchers at ReversingLabs have identified malicious models on the popular Hugging Face platform. These models exploit vulnerabilities in the Pickle file serialization format, a widely used method for storing and sharing…

Read more →

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Aruba Networking ClearPass Policy Manager (CPPM), a widely used network access control solution.  These flaws, if exploited, could lead to arbitrary code execution, privilege escalation, and sensitive data exposure.…

Read more →

Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and national security risks.  The app, which has been the top iOS download since January 25, 2025, transmits sensitive user data unencrypted to servers controlled by…

Read more →

Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin (UMP), which could allow attackers to exploit sensitive data through improper neutralization of HTML tags in web pages.  This vulnerability, identified as CVE-2025-22402, has been…

Read more →

In a groundbreaking case highlighting the intersection of technology and national security, a federal grand jury has indicted Linwei Ding, also known as Leon Ding, on four counts of theft of trade secrets.  The charges allege that Ding, a former…

Read more →

A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps Platform, a widely used software for security operations.  This flaw, rated with a CVSS score of 9.8, poses a critical threat, allowing remote attackers to…

Read more →

Hackers have begun leveraging the capabilities of DeepSeek and Qwen AI models to create sophisticated malware. These models, known for their advanced language processing capabilities, have attracted the attention of cybercriminals due to their potential for generating malicious content with…

Read more →

A recent security incident has revealed that over 3,000 publicly disclosed ASP.NET machine keys were exploited by hackers to execute remote code on IIS servers. This attack utilized ViewState code injection techniques, allowing malicious actors to gain unauthorized access and…

Read more →

Splunk, a leader in data analytics and cybersecurity solutions, has introduced a groundbreaking proof-of-concept honeypot system named DECEIVE (DECeption with Evaluative Integrated Validation Engine).  This AI-powered tool is designed to simulate high-interaction systems with minimal setup effort, offering organizations an…

Read more →

A critical vulnerability in the popular file archiving tool 7-Zip (CVE-2025-0411) has been actively exploited in the wild, primarily targeting Ukrainian organizations, added to CISA’s known exploited vulnerability database. This flaw allows attackers to bypass Windows’ Mark-of-the-Web (MoTW) security feature,…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413. This remote code execution (RCE) flaw, discovered by Check Point researcher Haifei…

Read more →