Category: Cyber Security News

An organization’s cyber security operation center (SOC) is a unit in charge of cyber threat prevention and mitigation.  Within this framework, several critical tasks imply gathering and analyzing data on threats, incidents and attacks. This process is usually referred to…

Read more →

A critical security flaw, identified as CVE-2025-21298, has been disclosed in Microsoft’s Windows Object Linking and Embedding (OLE) technology.  This zero-click vulnerability, which carries a CVSS score of 9.8, allows attackers to execute arbitrary code remotely by exploiting Microsoft Outlook…

Read more →

Hackers have increasingly been using HTTP client tools to orchestrate sophisticated account takeover attacks on Microsoft 365 environments. A staggering 78% of Microsoft 365 tenants have been targeted at least once by such attacks, highlighting the evolving tactics of threat…

Read more →

Google has released its February 2025 Android Security Bulletin, which addresses 47 vulnerabilities impacting Android devices. A notable issue is a patched Linux kernel vulnerability (CVE-2024-53104) that could enable attackers to execute remote code (RCE), granting unauthorized read/write access to affected systems.…

Read more →

Researchers at WatchTowr Labs have uncovered a critical security vulnerability in abandoned Amazon Web Services (AWS) S3 buckets that could enable attackers to hijack the global software supply chain. The research highlights how these neglected cloud storage resources could facilitate…

Read more →

A new cyberattack technique has emerged, enabling attackers to bypass Endpoint Detection and Response (EDR) systems while operating under a low-privileged standard user account.  Traditionally, EDR evasion requires elevated privileges, such as administrative or system-level access.  However, this innovative approach…

Read more →

Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue, allowing attackers to bypass authentication mechanisms via spoofing, escalating their privileges over a network. However, Microsoft has confirmed…

Read more →

A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2024-57004, has been discovered in Roundcube Webmail version 1.6.9.  This flaw allows remote authenticated users to upload malicious files disguised as email attachments, posing significant risks to individuals and organizations using the…

Read more →

U.S. prosecutors have charged Andean Medjedovic, a 22-year-old Canadian, with five counts of criminal indictment for allegedly orchestrating a sophisticated cryptocurrency theft.  Medjedovic is accused of exploiting vulnerabilities in the KyberSwap and Indexed Finance DeFi protocols, resulting in significant financial…

Read more →

Researchers unveiled a sophisticated malware campaign in a recent cybersecurity alert involving ValleyRAT, a Remote Access Trojan (RAT) frequently linked to the Silver Fox APT group. This threat has evolved with new delivery techniques, targeting key roles within organizations, particularly…

Read more →

Microsoft has issued a security advisory for CVE-2025-21396, a critical authentication bypass vulnerability that could allow attackers to spoof credentials and gain unauthorized access to Microsoft accounts. Cybersecurity experts are urging users and organizations to swiftly address this issue by…

Read more →

Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.  These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary…

Read more →

A recent cybersecurity threat has emerged in the form of AsyncRAT, a remote access trojan (RAT) that leverages Python and TryCloudflare for stealthy malware delivery. This sophisticated campaign involves a complex sequence of events, starting with phishing emails that deceive…

Read more →

A sophisticated web-skimming campaign targeting multiple websites, including the UK online store of electronics giant Casio (casio[.]co.uk). The attack, which exposed sensitive customer data, highlights ongoing vulnerabilities in e-commerce platforms and the evolving tactics of cybercriminals. The breach on casio.co.uk…

Read more →

A proof-of-concept (PoC) exploit code has been released for CVE-2025-21293, a critical Active Directory Domain Services Elevation of Privilege vulnerability. This vulnerability, discovered in September 2024 and patched in January 2025, has raised concerns due to its potential to allow…

Read more →

A sophisticated web-skimming campaign targeting multiple websites, including the UK online store of electronics giant Casio (casio[.]co.uk). The attack, which exposed sensitive customer data, highlights ongoing vulnerabilities in e-commerce platforms and the evolving tactics of cybercriminals. The breach on casio.co.uk…

Read more →

British Prime Minister Keir Starmer was reportedly the target of a sophisticated cyberattack by Russian-linked hackers in 2022, prior to his tenure as prime minister. The revelations, detailed in the newly published book “Get In: The Inside Story of Labour…

Read more →

2024 marked a record-breaking year for cybersecurity challenges as threat actors ramped up their exploitation of vulnerabilities. According to the latest findings from VulnCheck, 768 Common Vulnerabilities and Exposures (CVEs) were publicly reported as exploited in the wild for the…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign exploiting tax season to target financial organizations and individuals globally. The campaign involves phishing emails impersonating tax agencies and financial institutions, delivering malware and harvesting sensitive credentials. The malicious actors behind this…

Read more →

Researchers have identified critical vulnerabilities in MediaTek wireless LAN (WLAN) drivers that could potentially expose millions of devices to severe security risks.  These vulnerabilities, tracked under the Common Vulnerabilities and Exposures (CVE) identifiers CVE-2025-20631, CVE-2025-20632, and CVE-2025-20633, allow attackers to…

Read more →