A serious vulnerability related to information exposure (CVE-2025-22234) impacts several versions of the spring-security-crypto package. The flaw enables attackers to determine valid usernames through timing attacks, undermining a key security feature designed to prevent user enumeration. The vulnerability affects Spring…
Category: Cyber Security News
Verizon DBIR Report – Small Businesses Emerges as Prime Targets for Ransomware Attacks
Verizon’s 2025 Data Breach Investigations Report (DBIR) has revealed a disturbing trend: small and medium-sized businesses (SMBs) have become disproportionately targeted by ransomware attacks. The comprehensive report, analyzing over 22,000 security incidents including 12,195 confirmed data breaches, found ransomware present…
Threat Actors Attacking Organization in Thailand to Deploy Ransomware
Thailand has emerged as a significant target for sophisticated ransomware attacks, with a dramatic 240% increase in cyber campaigns recorded in 2024 compared to the previous year. This surge reflects heightened geopolitical tensions and strategic interest in Thailand’s expanding digital…
SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells
A wave of targeted cyberattacks has exposed a previously unknown vulnerability in SAP NetWeaver, allowing attackers to deploy malicious JSP webshells and gain unauthorized access to enterprise systems, even those running the latest patches. In April 2025, security researchers at…
U.S. Secret Service Details on How to Spot a Credit Card Skimmer
The U.S. Secret Service Washington Field Office (WFO) has issued an advisory on identifying credit card skimming devices, calling this form of financial theft a “low-risk, high-reward crime that is on the rise across the country.” Following the recent Operation…
Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents
ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The security platform incorrectly flagged benign files as malicious, leading to their automatic submission to ANY.RUN’s public sandbox for analysis. As a result,…
Lazarus APT Attacking Organizations by Exploiting One-Day vulnerabilities
Cybersecurity experts have identified a sophisticated campaign by the North Korean state-sponsored Lazarus APT group targeting critical infrastructure and financial organizations worldwide. The threat actor has shifted tactics to exploit recently patched vulnerabilities—known as one-day vulnerabilities—before organizations can implement necessary…
Threat Actors Taking Advantage of Unsecured Kubernetes Clusters for Cryptocurrency Mining
In a troubling development for cybersecurity professionals, threat actors are increasingly targeting unsecured Kubernetes clusters to deploy cryptocurrency mining operations, leveraging the computational resources of victim organizations without their knowledge. These attacks exploit vulnerabilities in containerized environments, particularly focusing on…
Linux io_uring Security Blind Spot Let Attackers Stealthily Deploy Rootkits
A critical vulnerability exists in Linux’s security framework, revealing that many runtime security tools struggle to detect threats operating via the io_uring interface. This discovery exposes a critical gap in protection for Linux-based systems across cloud environments and data centers…
CISA Confirms Continued Support for CVE Program, No Funding Issues
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy due to funding shortages. CISA clarified that…
New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT
Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverages an older Microsoft Office vulnerability (CVE-2017-0199) to ultimately deliver AsyncRAT, a remote access trojan capable…
ToyMaker Hackers Compromised Multitude Hosts Using SSH & File Transfer Tools
In 2023, cybersecurity experts uncovered an extensive compromise in critical infrastructure enterprises by a sophisticated threat actor group. This initial access broker, dubbed “ToyMaker,” systematically exploited vulnerable internet-facing systems before deploying custom backdoors to extract credentials from victim organizations. Their…
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication. The flaw, discovered by a researcher “rainpwn” and officially disclosed on April 22, 2025, exposes…
Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue. The proof-of-concept exploit code has been released, enabling attackers to create administrator accounts by exploiting an internal…
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell
Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 2024, leveraged CVE-2025-0282 to deploy multiple malicious tools, including a custom malware called DslogdRAT and a…
NVIDIA NeMo Framework Vulnerability Let Attackers Execute Remote Code
There are three high-severity vulnerabilities in the NVIDIA NeMo Framework that could allow attackers to execute remote code, potentially compromising AI systems and leading to data tampering. The security flaws, identified as CVE-2025-23249, CVE-2025-23250, and CVE-2025-23251, each received a CVSS…
Critical Langflow Vulnerability Allows Malicious Code Injection – Technical Details Revealed
Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows. Designated as CVE-2025-3248, this high-severity vulnerability carries a CVSS score of 9.8, placing it in…
Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released
A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform. The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. The…
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433). The flaw, which carries a maximum CVSSv3.1 score of 10.0,…
Threat Actors Turn More Sophisticated & Exploiting Zero-Day Vulnerabilities – Google Warns
Cybersecurity defenders face increasingly sophisticated adversaries as threat actors continue evolving their methods to circumvent modern defense systems. According to the newly released M-Trends 2025 report, attackers are demonstrating enhanced capabilities to create custom malware ecosystems, identify and exploit zero-day…