A sophisticated espionage campaign targeting diplomatic missions in South Korea has exposed the evolving tactics of North Korean state-sponsored hackers. Between March and July 2025, threat actors linked to the notorious Kimsuky group conducted at least 19 spear-phishing attacks against…
Category: Cyber Security News
MCDonald’s Free Nuggets Hack Leads to Expose of Confidential Data
A series of alarming vulnerabilities in McDonald’s digital infrastructure, from free food exploits to exposed executive data. What started as a simple app glitch developed into a months-long trial, culminating in the researcher, BobDaHacker, cold-calling the company’s headquarters while mentioning…
Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer
A sophisticated phishing campaign has emerged targeting enterprises with significant social media footprints, leveraging weaponized copyright infringement notices to deliver the evolved Noodlophile Stealer malware. This highly targeted threat represents a significant escalation from previous iterations, exploiting enterprises’ reliance on…
Microsoft Defender AI to Uncover Plain Text Credentials Within Active Directory
Microsoft has unveiled a groundbreaking AI-powered security feature that addresses one of cybersecurity’s most persistent vulnerabilities: plain text credentials stored in Active Directory (AD) free-text fields. The new posture alert in Microsoft Defender for Identity leverages artificial intelligence to detect…
Scans From Hacked Cisco Small Business Routers, Linksys and Araknis are at the Raise
Researchers have identified a significant surge in malicious HTTP scanning activities originating from approximately 2,200 compromised small business routers across multiple vendors. The campaign, which began escalating on July 30th, 2025, primarily targets Cisco Small Business RV series, Linksys LRT…
Lockbit Linux ESXi Ransomware Variant Evasion Techniques, File Encryption Process Uncovered
A sophisticated Linux ransomware variant targeting VMware ESXi infrastructure has emerged as a significant threat to enterprise virtualization environments. The Lockbit Linux ESXi ransomware represents a concerning evolution in the ransomware landscape, specifically engineered to compromise and encrypt virtual machine…
PyPI to Block Domains Resurrection Attacks by Blocking Access to 1800 Expired Domains
The Python Package Index (PyPI) has deployed a significant security enhancement to combat domain resurrection attacks, a sophisticated supply-chain attack vector that exploits expired domain names to compromise user accounts. Since early June 2025, the platform has proactively unverified over…
New Exploit for SAP 0-Day Vulnerability Allegedly Released in the Wild by ShinyHunters Hackers
Key Takeaways1. ShinyHunters publicly released exploits for critical SAP vulnerabilities.2. Unauthenticated attackers can achieve complete system takeover and remote code execution.3. Immediately apply SAP Security Notes 3594142 and 3604119. A working exploit targeting critical SAP vulnerabilities CVE-2025-31324 and CVE-2025-42999 has…
1.1 Million Users Data Exposed in Massive Allianz Life Data Breach
Allianz Life, a primary insurance provider, has fallen victim to a sophisticated social engineering attack that compromised the personal data of approximately 1.1 million customers in July 2025. The breach, which targeted the company’s Salesforce CRM platform, represents one of…
New Sni5Gect 5G Attack Sniffs Messages in Real-time and Injects Malicious Payloads
Cybersecurity researchers from Singapore University of Technology and Design have developed a new framework called Sni5Gect that can intercept and manipulate 5G network communications in real-time, posing significant new security risks to commercial mobile devices worldwide. The framework, presented at…
Palo Alto Networks Founder and CTO Retires After 20-Year Tenure
Palo Alto Networks announced a significant leadership transition as founder and Chief Technology Officer Nir Zuk steps down after two decades of pioneering cybersecurity innovation. The global cybersecurity leader has appointed longtime executive Lee Klarich as the new CTO and…
New Blue Locker Ransomware Attacking Oil & Gas Sector in Pakistan
Pakistan’s National Cyber Emergency Response Team (NCERT) has issued urgent warnings to 39 government ministries following a sophisticated ransomware campaign targeting the country’s critical infrastructure. The Blue Locker ransomware has successfully compromised Pakistan Petroleum Limited (PPL), the nation’s second-largest oil…
Threat Actors Weaponized Pirated Games to Bypass Microsoft Defender SmartScreen and Adblockers
Cybercriminals have successfully weaponized pirated gaming content to distribute sophisticated malware while bypassing popular security measures, including Microsoft Defender SmartScreen and widely-used adblockers. The campaign leverages trusted piracy platforms to deliver HijackLoader, a modular malware framework that has become increasingly…
Microsoft Confirms August Update Broken Reset and Recovery Options in Windows 11, 22H2, 23H2, and Others
Microsoft has officially confirmed that its August 2025 security update, known as KB5063709, is causing failures in key reset and recovery features across multiple versions of Windows. This issue, which emerged shortly after the update’s release on August 12, 2025,…
SSH Keys Are Crucial for Secure Remote Access but Often Remain a Blind Spot in Enterprise Security
Enterprise security strategies have evolved dramatically to address modern threats, yet SSH keys—critical cryptographic credentials that provide direct access to mission-critical systems—remain largely ungoverned and poorly managed across organizations. Despite their fundamental role in securing remote access to servers, cloud…
PipeMagic Malware Mimic as ChatGPT App Exploits Windows Vulnerability to Deploy Ransomware
A sophisticated malware campaign has been identified, utilizing PipeMagic, a highly modular backdoor deployed by the financially motivated threat actor Storm-2460. This advanced malware masquerades as a legitimate open-source ChatGPT Desktop Application while exploiting the zero-day vulnerability CVE-2025-29824 in Windows…
New ClickFix Attack Uses Fake BBC News Page and Fraudulent Cloudflare Verification to Trick Users
A sophisticated new cyberthreat campaign has emerged that combines impersonation of trusted news sources with deceptive security verification prompts to trick users into executing malicious commands on their systems. According to a Reddit post, the ClickFix attack masquerades as legitimate BBC news…
Hackers Exploit Cisco Secure Links to Evade Link Scanners and Bypass Network Filters
A sophisticated attack campaign uncovered where cybercriminals are weaponizing Cisco’s own security infrastructure to conduct phishing attacks. The attackers are exploiting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network filters…
CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks
CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant…
Crypto Developers Attacked With Malicious npm Packages to Steal Login Details
A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development…