CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Citrix NetScaler systems, designated as CVE-2025-7775. This memory overflow vulnerability enables remote code execution (RCE) and has been actively exploited by malicious cyber actors, prompting immediate inclusion in…
Category: Cyber Security News
Underground Ransomware Gang With New Tactics Against Organizations Worldwide
Over the past year, the Underground ransomware gang has emerged as a formidable threat to organizations across diverse industries and geographies. First identified in July 2023, the group resurfaced in May 2024 with a Dedicated Leak Site (DLS), signaling a…
28,000+ Citrix Instances Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to…
Microsoft Teams Issue Blocks Users From Opening Embedded Office Documents
A widespread service issue is impacting Microsoft Teams users globally this Thursday, preventing many from opening embedded Microsoft Office documents within the collaboration platform. Reports began surfacing early this morning, with users expressing frustration over their inability to access essential…
NVIDIA NeMo AI Curator Enables Code Execution and Privilege Escalation
NVIDIA has issued a critical security bulletin addressing a high-severity vulnerability in its NeMo Curator platform that could allow attackers to execute malicious code and escalate privileges on affected systems. The vulnerability, designated CVE-2025-23307, affects all versions of NVIDIA NeMo…
IPFire Web-Based Firewall Interface Allows Authenticated Administrator to Inject Persistent JavaScript
A stored cross-site scripting (XSS) flaw identified in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as CVE-2025-50975, the vulnerability allows any authenticated administrator to inject persistent JavaScript into firewall rule parameters. Once stored, the payload executes automatically when another administrator…
How ClickFix and Multi-Stage Phishing Frameworks Are Breaking Enterprise Defenses
August 2025 has marked a significant evolution in cybercrime tactics, with threat actors deploying increasingly sophisticated phishing frameworks and social engineering techniques that are successfully bypassing traditional security defenses. Security researchers at ANY.RUN has identified three major campaign families that…
PoC Exploit Released for CrushFTP 0-day Vulnerability (CVE-2025-54309)
A weaponized proof-of-concept exploit has been publicly released targeting CVE-2025-54309, a severe authentication bypass vulnerability affecting CrushFTP file transfer servers. The flaw enables remote attackers to gain administrative privileges through a race condition in AS2 validation processing, circumventing authentication mechanisms…
28,000+ Citrix Servers Exposed to Active 0-Day RCE Vulnerability Exploited in the Wild
A critical zero-day remote code execution (RCE) vulnerability, tracked as CVE-2025-7775, is affecting over 28,000 Citrix instances worldwide. The flaw is being actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to…
New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands
A sophisticated global cybercrime campaign dubbed “ShadowCaptcha” has emerged as a significant threat to organizations worldwide, leveraging fake Google and Cloudflare CAPTCHA pages to trick victims into executing malicious commands. Discovered by researchers at the Israel National Digital Agency in…
Analysis of Apple’s ImageIO Zero-Day Vulnerability: Attacker Context and Historical iOS Zero-Click Similarities
Apple has issued emergency security updates across its entire ecosystem to address CVE-2025-43300, a critical zero-day vulnerability in the ImageIO framework that has been actively exploited in sophisticated targeted attacks. This represents the seventh zero-day vulnerability that Apple has patched in 2025, underscoring the…
CISA releases New ICS Advisories Surrounding Vulnerabilities and Exploits
CISA released three significant Industrial Control Systems (ICS) advisories on August 26, 2025, alerting organizations to critical vulnerabilities affecting widely-deployed automation systems. These advisories highlight severe security flaws across INVT Electric’s engineering tools, Schneider Electric’s Modicon controllers, and Danfoss refrigeration…
New BruteForceAI Tool Automatically Detects Login Pages and Executes Smart Brute-Force Attacks
BruteForceAI, an innovative penetration testing framework developed by Mor David, integrates large language models (LLMs) with browser automation to autonomously identify login forms and conduct sophisticated brute-force attacks. By combining AI-driven form analysis with evasion techniques and comprehensive logging, BruteForceAI…
Spotify Launches Direct Message Feature for Music Sharing, What are the Risks Associated?
Spotify today rolled out a native direct messaging feature, Messages, for both Free and Premium users aged 16+ in select markets on mobile. This long-awaited addition creates a dedicated in-app space to share tracks, podcasts, and audiobooks, supercharging word-of-mouth recommendations.…
New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression
A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits leveraging this vulnerability craft malicious archives containing specially constructed file names with relative paths. When…
DOGE Accused of Mimicking Country’s Social Security Info in Unsecured Cloud
A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment. Chief Data Officer Charles…
New ZipLine Campaign Attacks Critical Manufacturing Companies to Deploy In-memory Malware MixShell
In recent weeks, a sophisticated phishing operation known as the ZipLine campaign has targeted U.S.-based manufacturing firms, leveraging supply-chain criticality and legitimate-seeming business communications to deploy an advanced in-memory implant dubbed MixShell. This threat actor reverses traditional phishing workflows by…
New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access
A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his…
DOGE Accused of Creating Live Copy of the Country’s Social Security Information in Unsecured Cloud Environment
A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment. Chief Data Officer Charles…
Critical Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical use-after-free vulnerability (CVE-2025-9478) in the ANGLE graphics library that could allow attackers to execute arbitrary code on compromised systems. The vulnerability affects Chrome versions prior to 139.0.7258.154/.155…