Cybercriminals are increasingly exploiting generative artificial intelligence platforms to orchestrate sophisticated phishing campaigns that pose unprecedented challenges to traditional security detection mechanisms. The rapid proliferation of GenAI services has created a fertile ecosystem for threat actors who leverage these platforms…
Category: Cyber Security News
RingReaper Malware Attacking Linux Servers Evading EDR Solutions
A sophisticated new malware strain targeting Linux environments has emerged, demonstrating advanced evasion capabilities that challenge traditional endpoint detection and response systems. RingReaper, identified as a post-exploitation agent, leverages the Linux kernel’s modern asynchronous I/O interface to conduct covert operations…
Microsoft Releases Emergency Updates to Fix Windows Reset and Recovery Error
Microsoft has issued critical out-of-band updates on August 19, 2025, to address a significant issue affecting Windows reset and recovery operations following the deployment of the August 2025 security updates. The emergency patches resolve failures that prevented users from successfully…
Critical Namespace Injection Vulnerability in Kubernetes Capsule Let Attackers Inject Arbitrary Labels
A critical security vulnerability has been identified in Kubernetes Capsule v0.10.3 and earlier versions, allowing authenticated tenant users to inject arbitrary labels into system namespaces and bypass multi-tenant isolation controls. The vulnerability, tracked as GHSA-fcpm-6mxq-m5vv, was disclosed by security researcher…
Copilot Vulnerability Breaks Audit Logs and Access Files Secretly for Hackers
A significant security vulnerability has been discovered in Microsoft’s Copilot for M365 that allowed users, including potential malicious insiders, to access and interact with sensitive files without leaving any record in the official audit logs. After patching the flaw, Microsoft…
Scaly Wolf Attacking Organizations to Uncover Organizations’ Secrets
The cybersecurity landscape continues to witness sophisticated threat actors developing increasingly complex attack methodologies to infiltrate organizational networks and steal sensitive information. A recent investigation by security researchers has uncovered a persistent campaign orchestrated by the Scaly Wolf Advanced Persistent…
Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data
A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool…
CodeRabbit’s Production Servers RCE Vulnerability Enables Write Access on 1M Repositories
A critical remote code execution (RCE) vulnerability in CodeRabbit’s production infrastructure that provided unauthorized access to over one million code repositories, including private ones. The vulnerability, discovered in December 2024 and responsibly disclosed in January 2025, exploited the platform’s static…
Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware
Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s…
Hackers Exploiting Apache ActiveMQ Vulnerability to Gain Access to Cloud Linux Systems
A sophisticated campaign uncovered where adversaries are exploiting CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ, to compromise cloud-based Linux systems. In this case, attackers are patching the very vulnerability they exploited to maintain exclusive access and evade…
Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites
A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking…
0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others
A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can…
New GodRAT Weaponizing Screen Saver and Program Files to Attack Organizations
A sophisticated new Remote Access Trojan named GodRAT has emerged as a significant threat to financial institutions, leveraging deceptive screen saver files and steganographic techniques to infiltrate organizational networks. First detected in September 2024, this malware campaign has demonstrated remarkable…
New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials
A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed “Salty 2FA” has emerged as a significant threat to Microsoft 365 users across US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to bypass…
Chrome High-Severity Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical vulnerability that could allow attackers to crash the browser or execute arbitrary code on affected systems. The high-severity flaw, designated as CVE-2025-9132, affects Chrome’s V8 JavaScript engine…
Microsoft Teams “couldn’t connect” Error Following Recent Sidebar Update – Fix Released
Microsoft is in the process of deploying a fix for a service degradation issue affecting Microsoft Teams users globally, which presents a “couldn’t connect to this app” error upon launching the desktop and web applications. The problem, tracked under Microsoft…
New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities
A comprehensive security analysis has revealed alarming vulnerabilities affecting over 700 million users across multiple VPN applications, exposing critical flaws that compromise the very privacy and security these services promise to protect. Research conducted by cybersecurity experts from Arizona State…
New Research Unmask DPRK IT Workers Email Address and Hiring Patterns
Recent cybersecurity intelligence has exposed a sophisticated infiltration campaign orchestrated by North Korean state-sponsored threat actors, specifically the Jasper Sleet group, who have systematically penetrated Western organizations through fraudulent employment schemes. This operation, targeting primarily Web3, blockchain, and cryptocurrency companies,…
How Winning SOCs Always Stay Ahead of Threats
Despite the escalating danger of cybersecurity breaches, high-performing Security Operations Centers are able to maintain their resilience and prevent attacks. That’s what makes them essential for sustainable growth of businesses and organizations. But what enables powerful SOC teams to stay…
OpenAI Launches $4 ChatGPT Go Plan with Unlimited Access to GPT-5
OpenAI has unveiled ChatGPT Go, a budget-friendly subscription plan priced at just ₹399 per month (approximately $4 USD, GST included). The announcement, made today, positions the service as an accessible entry point to cutting-edge AI capabilities, including unlimited access to…