The digital frontlines of modern conflict have expanded dramatically in 2025, with state-sponsored hackers from China, Russia, North Korea, and Iran executing sophisticated attacks against energy grids, telecommunications networks, and transportation systems worldwide. These operations, often masked as routine cybercrime,…
Category: Cyber Security News
Top 5 WMIC Commands Used By Malware
Malware doesn’t need fancy tools to be dangerous. Sometimes, all it takes is WMIC, a quiet, native utility that’s still doing damage. In the past weeks, we’ve seen a consistent pattern in some ANY.RUN sandbox sessions: malware keeps reaching for…
Weaponized Google Calendar Invites Delivers Malicious Payload With Just One Character
A new attack vector where cybercriminals are weaponizing Google Calendar invites to deliver malware, using a sophisticated obfuscation technique involving just a single visible character that hides malicious code. This discovery highlights how threat actors are evolving their tactics to…
Critical Adobe Illustrator Vulnerability Let Attackers Execute Malicious Code
Adobe has released a critical security update for its popular design software Illustrator, addressing a severe vulnerability that could allow attackers to execute arbitrary code on targeted systems. The security bulletin details a heap-based buffer overflow vulnerability that affects multiple…
Entro Security and Wiz Announce Integration for Improved Non-Human Identity & Cloud Security
Entro Security, a pioneer in Non-Human Identity (NHI) and Secrets Security, and Wiz, a leading cloud security platform, have announced a strategic partnership that brings together Entro’s NHI security platform with Wiz’s Data Security Posture Management (DSPM) capabilities. Announced on…
Adobe Photoshop Vulnerability Let Attackers Execute Arbitrary Code
Adobe has released critical security updates for Photoshop on both Windows and macOS platforms after discovering multiple severe vulnerabilities that could allow attackers to execute arbitrary code on victims’ systems. The security bulletin addresses three critical flaws affecting Photoshop 2025…
Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File
Samsung has disclosed a critical security vulnerability (CVE-2025-4632) affecting its MagicINFO 9 Server platform, a widely deployed content management system used for digital signage across retail, transportation, healthcare, and corporate environments worldwide. The flaw allows unauthenticated attackers to write arbitrary…
Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition
Microsoft Security Response Center (MSRC) has released important security updates to address a critical vulnerability in Windows Remote Desktop Gateway (RD) service tracked as CVE-2025-26677 that could allow unauthorized attackers to trigger denial of service (DoS) conditions, potentially disrupting remote…
Researchers Detailed New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse
Cybersecurity experts have unveiled sophisticated techniques to identify potential abuse of Azure Managed Identities (MIs), addressing a critical but often overlooked security concern in cloud environments. Azure MIs streamline credential management by eliminating the need for manual secret handling, yet…
Outlook RCE Vulnerability Allows Attackers to Execute Arbitrary Code
Microsoft addressed a significant security flaw in its Outlook email client during the May 2025 Patch Tuesday, releasing fixes for 72 vulnerabilities across its ecosystem. Among these, CVE-2025-32705-a remote code execution (RCE) vulnerability in Microsoft Outlook has drawn attention due…
Earth Ammit Hackers Attacking Using New Tools to Attack Drones Used in Military Sectors
A sophisticated threat actor known as Earth Ammit has launched coordinated multi-wave attacks targeting drone supply chains, primarily in Taiwan’s military and satellite industries. The group, which security researchers have linked to Chinese-speaking APT groups, has executed two distinct campaigns…
Chinese Hackers Exploit SAP NetWeaver 0-Day Vulnerability To Attack Critical Infrastructures
In April 2025, security researchers identified a sophisticated campaign targeting critical infrastructure networks worldwide through a previously unknown vulnerability in SAP NetWeaver Visual Composer. The vulnerability, tracked as CVE-2025-31324, allows unauthenticated attackers to upload malicious files and gain remote code…
Smart Electric Vehicles Face Hidden Cyber Vulnerabilities Exposing Drivers to Risks
The rapid adoption of electric vehicles (EVs) has introduced unprecedented cybersecurity risks. Hackers exploit vulnerabilities in charging infrastructure, vehicle software, and grid connectivity to threaten driver safety, data privacy, and energy systems. Recent research reveals systemic weaknesses across the EV…
82,000+ WordPress Sites Exposed to Remote Code Execution Attacks
Critical vulnerabilities were identified in TheGem, a premium WordPress theme with more than 82,000 installations worldwide. Researchers identified two separate but interconnected vulnerabilities in TheGem theme versions 5.10.3 and earlier. When combined, these vulnerabilities create a dangerous attack vector that…
Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack
A sophisticated phishing operation exploiting compromised Indiana government sender accounts to distribute fraudulent TxTag toll collection messages. The campaign, which emerged this week, leverages the GovDelivery communications platform to lend legitimacy to the scam emails targeting unsuspecting recipients nationwide. Sophisticated…
Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network
Microsoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services (AD CS) that could allow attackers to perform denial-of-service attacks over a network. The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and…
Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files
Google Threat Intelligence has launched a new blog series aimed at empowering security professionals with advanced threat hunting techniques, kicking off with a deep dive into detecting malicious .desktop files on Linux systems. .desktop files, standard configuration files in Linux…
Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges
A newly disclosed security flaw in Microsoft Defender for Endpoint could allow attackers with local access to elevate their privileges to SYSTEM level, potentially gaining complete control over affected systems. The vulnerability, tracked as CVE-2025-26684, was patched as part of…
Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network
Microsoft’s May 2025 Patch Tuesday has addressed several critical vulnerabilities in Windows Remote Desktop services that could allow attackers to execute malicious code remotely. Security experts are urging users to apply these patches immediately to safeguard their systems against potential…
Microsoft Windows 11 Insider Preview Build 26200.5600 Released
Microsoft has rolled out Windows 11 Insider Preview Build 26200.5600 (KB5058493) to the Dev Channel, bringing a host of new features, improvements, and fixes for Windows Insiders. Announced by Amanda Langowski and Brandon LeBlanc, this update introduces enhanced Copilot+ PC…