The notorious Chinese-speaking cyberespionage group APT41 has expanded its operations into new territories, launching sophisticated attacks against government IT services across Africa using advanced Windows administration modules. This represents a significant geographical expansion for the group, which has previously concentrated…
Category: Cyber Security News
New KAWA4096’s Ransomware Leverages Windows Management Instrumentation to Delete Shadow Copies
A sophisticated new ransomware strain named KAWA4096 has emerged in the cybersecurity landscape, showcasing advanced evasion techniques and borrowing design elements from established threat actors. Named after the Japanese word for “river,” this malicious software first surfaced in June 2025…
Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks
A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks. The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS…
Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers
A critical remote code execution vulnerability has been discovered in Lighthouse Studio, one of the most widely deployed yet relatively unknown survey software platforms developed by Sawtooth Software. The flaw, designated CVE-2025-34300, affects the Perl CGI scripts that power web-based…
HPE Warns of Aruba Hardcoded Credentials Allowing Attackers to Bypass Device Authentication
A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely. The vulnerability, tracked as CVE-2025-37103, stems from hardcoded login credentials embedded within the devices’ software, presenting a…
CoinDCX Hacked – $44.2 million Wiped off From the Platform
India’s second-largest cryptocurrency exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, resulting in approximately $44.2 million being stolen from the platform. This incident marks another significant cyberattack on India’s crypto infrastructure, coming exactly one year after the…
Microsoft Released Emergency Security Update to Patch Critical SharePoint 0-Day Vulnerability
Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. The vulnerabilities, assigned as CVE-2025-53770 and CVE-2025-53771, pose immediate risks to organizations running SharePoint infrastructure and require immediate remediation. Key…
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability
A critical container escape vulnerability has emerged in the NVIDIA Container Toolkit, threatening the security foundation of AI infrastructure worldwide. Dubbed “NVIDIAScape” and tracked as CVE-2025-23266, this flaw carries a maximum CVSS score of 9.0, representing one of the most…
New PoisonSeed Attack Let Attackers Trick Users into Scanning a QR Code with an MFA Authenticator
A sophisticated new attack technique compromises Fast IDentity Online (FIDO) key authentication by exploiting cross-device sign-in features. The PoisonSeed attack group has developed a method to downgrade FIDO key protections through adversary-in-the-middle (AitM) phishing campaigns that trick users into scanning…
New 7-Zip Vulnerability Enables Weaponized RAR5 File to Crash Your System
A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions…
New 7-Zip Vulnerability Enables Malicious RAR5 File to Crash Your System
A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions…
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More
It’s been a busy seven days for security alerts. Google is addressing another actively exploited zero-day in Chrome, and VMware has rolled out key patches for its own set of vulnerabilities. We’ll also break down the methods behind a new…
Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards
Two significant Grafana vulnerabilities that could allow attackers to redirect users to malicious websites and execute arbitrary JavaScript code. The vulnerabilities, identified as CVE-2025-6023 and CVE-2025-6197, affect multiple versions of Grafana, including 12.0.x, 11.6.x, 11.5.x, 11.4.x, and 11.3.x branches. Both…
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access
A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complete remote control over vulnerable systems without authentication. Eye Security, a Dutch cybersecurity firm, identified the active…
New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users
A sophisticated phishing campaign targeting organizations has emerged, exploiting the trusted reputation of Veeam Software through weaponized WAV audio files delivered via email. The attack represents an evolution in social engineering tactics, combining traditional phishing techniques with audio-based deception to…
Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware
A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing campaign has established an extensive infrastructure comprising more than 2,800 malicious domains specifically designed…
Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials
A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails impersonating TUSAŞ (Turkish Aerospace Industries). The malicious campaign distributes files disguised as contractual documents, specifically…
New QR Code Attack Via PDFs Evades Detection Systems and Harvest Credentials
A sophisticated phishing campaign dubbed “Scanception” has emerged as a significant threat to enterprise security, leveraging QR codes embedded in PDF attachments to bypass traditional email security measures and harvest user credentials. The attack represents a concerning evolution in social…
New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers
A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Tracked as CVE-2025-54309, the bug allows unauthenticated attackers to obtain full administrative…
Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs
The cybersecurity landscape continues to face significant threats from sophisticated information stealers, with Lumma emerging as one of the most prevalent and dangerous malware families targeting both consumer and enterprise environments. This malicious software systematically harvests enormous volumes of sensitive…