Category: Cyber Security News

A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado Security Labs have analyzed this campaign, revealing both the technical…

Read more →

The Reserve Bank of India (RBI) has issued a directive requiring all banking institutions in the country to migrate their web presence to the new .bank.in domain by October 31, 2025.  This landmark cybersecurity initiative aims to create a more…

Read more →

British retail giant Marks & Spencer (M&S) has confirmed it is dealing with a significant cyber incident that has disrupted contactless payment systems and its Click and Collect service, leaving customers frustrated during the Easter holiday period.  The attack, which…

Read more →

Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Windows users. The attack exploits a well-known vulnerability to deploy FormBook, a dangerous malware variant designed…

Read more →

Zyxel Networks has released critical security patches to address two high-severity vulnerabilities in its USG FLEX H series firewalls that could potentially allow attackers to escalate privileges and gain unauthorized access to affected devices.  The security advisory, published on April…

Read more →

In an era where cyber threats evolve faster than defense mechanisms, Chief Information Security Officers (CISOs) must transition their leadership approach from response to resilience. The traditional focus on prevention and rapid response is no longer sufficient; resilience has emerged…

Read more →

A sophisticated backdoor targeting various large Russian organizations across government, finance, and industrial sectors has been uncovered during a cybersecurity investigation in April 2025. The malware, which masquerades as legitimate updates for ViPNet secure networking software, enables attackers to steal…

Read more →

In the face of relentless cyber threats and an ever-expanding digital attack surface, security leaders are under growing pressure to modernize their cybersecurity programs by leveraging AI in cybersecurity to enhance detection, response, and overall resilience. Artificial Intelligence (AI) has…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB.  These advisories, published on April 22, 2025, provide detailed information on security flaws, associated…

Read more →

In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…

Read more →

A sophisticated attack technique dubbed “Cookie-Bite” enables cybercriminals to silently bypass multi-factor authentication (MFA) and maintain persistent access to cloud environments. Varonis Threat Labs revealed that attackers leverage stolen browser cookies to impersonate legitimate users without requiring credentials, effectively rendering…

Read more →

A critical privilege-escalation vulnerability in Google Cloud Platform (GCP), dubbed “ConfusedComposer,” could have allowed attackers to gain elevated permissions to sensitive cloud resources.  The vulnerability, now patched, enabled attackers with minimal permissions to potentially gain control over a highly privileged…

Read more →

In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…

Read more →

Modern organizations rely on a sprawling network of third-party vendors, suppliers, and partners to drive innovation and operational efficiency. However, this interconnected ecosystem introduces significant cybersecurity risks. As attack surfaces expand, malicious actors increasingly target weaker links in the supply…

Read more →

A concerning new supply chain attack has emerged targeting Linux developers who work with Telegram’s bot ecosystem. Discovered in early 2025, several malicious npm packages have been masquerading as legitimate Telegram bot libraries to deliver SSH backdoors and exfiltrate sensitive…

Read more →

Cybersecurity experts have identified a sophisticated attack campaign exploiting Cloudflare’s tunnel infrastructure to distribute various remote access trojans (RATs). The infrastructure, which has demonstrated remarkable resilience since February 2024, serves as a distribution platform for malicious files and trojans that…

Read more →

In an era where online shopping has become second nature and eCommerce revenues are breaking new records every year, the trust between customer and vendor is more than just a matter of reputation it’s a matter of survival. That trust…

Read more →

A sophisticated Magecart attack campaign has been discovered targeting e-commerce platforms, employing heavily obfuscated JavaScript code to harvest sensitive payment information. This latest variant of Magecart skimming attacks exhibits advanced techniques for evading detection while seamlessly capturing credit card details…

Read more →

The Federal Bureau of Investigation (FBI) has issued an urgent warning about a sophisticated phishing campaign where cybercriminals impersonate Internet Crime Complaint Center (IC3) employees to defraud individuals. This new threat emerged in early April 2025, targeting victims through convincing…

Read more →

In Cybersecurity indicators, three powerful tools Indicators of Compromise (IOCs), Indicators of Behavior (IOBs), and Indicators of Attack (IOAs) are helping organizations detect threats early and respond more effectively. These indicators offer crucial insights into malicious activity, empowering security teams…

Read more →