Category: Cyber Security News

A severe privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation has allowed any caller to track the physical location of O2 customers without their knowledge or consent.  The flaw leaked detailed location metadata and device identifiers during normal…

Read more →

Major telecommunications networks across Spain have gone down early on Tuesday, May 20, 2025, following a network update by Spanish telecommunications giant Telefónica. The outage has affected fixed-line infrastructure and mobile services nationwide, with particularly severe disruptions reported in Madrid,…

Read more →

While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these…

Read more →

Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after…

Read more →

A sophisticated phishing campaign linked to Tycoon2FA is actively targeting Microsoft 365 users by employing an unusual URL manipulation technique. The attack leverages malformed URL prefixes with backslash characters (https:\$$ instead of the standard forward slashes (https://) to bypass security…

Read more →

A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose…

Read more →

Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution.  The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding…

Read more →

A secrete investigation by Progressive International, Expose Accenture, and the Movement Research Unit, dubbed the “Accenture Files,” has unveiled the pivotal role of Accenture, the world’s largest consultancy firm, in fueling a global surge toward surveillance, exclusion, and authoritarianism. The…

Read more →

A sophisticated phishing campaign exploiting the popularity of Zoom meetings has emerged, targeting corporate users with fake meeting invitations that appear to come from colleagues. The attack uses social engineering tactics to create a sense of urgency, prompting victims to…

Read more →

In 2025, cybercriminals are raising the stakes by deploying sophisticated malware that bypasses traditional security measures, using advanced malware evasion techniques. Recent data shows that over 2,500 ransomware attacks were reported in just the first half of 2024, averaging more…

Read more →

In a concerning development for cybersecurity professionals worldwide, a sophisticated Chinese advanced persistent threat (APT) group known as Mustang Panda has intensified its espionage campaigns across Europe, primarily targeting governmental institutions and maritime transportation companies. The group has been leveraging…

Read more →

A sophisticated new variant of information-stealing malware has been identified in the wild, representing an evolution of the previously documented Sharp Stealer. The Hannibal Stealer, as researchers have dubbed it, demonstrates advanced evasion capabilities and comprehensive data theft functionality, presenting…

Read more →

Recent cybersecurity reports reveal a significant rise in infostealer malware attacks, with these stealthy threats now accounting for nearly a quarter of all cyber incidents, highlighting the importance of protecting against infostealers. As organizations struggle to defend against this growing…

Read more →

A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented…

Read more →

In today’s digital landscape, cybercrime has undergone a dramatic transformation. No longer limited to skilled hackers, cyberattacks are now available to anyone with internet access and cryptocurrency, thanks to the rise of Cybercrime-as-a-Service (CaaS). This model has democratized cybercrime, creating…

Read more →

Security researchers have discovered a new technique to bypass Kernel Address Space Layout Randomization (KASLR) in Windows 11, potentially weakening a critical security feature designed to prevent attackers from reliably locating kernel components in memory. KASLR works by loading the…

Read more →

A newly identified phishing campaign deploys the Remcos Remote Access Trojan (RAT) using DBatLoader, leveraging a User Account Control (UAC) bypass technique involving mock trusted directories to evade security controls.  The attack chain employs obfuscated .cmd scripts, Windows Living Off…

Read more →

A sophisticated malware campaign utilizing multiple layers of AutoIT code has been discovered targeting Windows systems. The attack begins with a seemingly innocent executable file named “1. Project” that initiates a complex infection chain designed to deploy a Remote Access…

Read more →

Web Application Firewalls (WAFs) have been a critical defense mechanism protecting web applications from malicious traffic and attacks such as SQL Injection and Cross-Site Scripting (XSS).  Traditionally, WAFs relied heavily on pattern matching techniques using regular expressions (regex) or string…

Read more →