Category: Cyber Security News

Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and national security risks.  The app, which has been the top iOS download since January 25, 2025, transmits sensitive user data unencrypted to servers controlled by…

Read more →

Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin (UMP), which could allow attackers to exploit sensitive data through improper neutralization of HTML tags in web pages.  This vulnerability, identified as CVE-2025-22402, has been…

Read more →

In a groundbreaking case highlighting the intersection of technology and national security, a federal grand jury has indicted Linwei Ding, also known as Leon Ding, on four counts of theft of trade secrets.  The charges allege that Ding, a former…

Read more →

A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps Platform, a widely used software for security operations.  This flaw, rated with a CVSS score of 9.8, poses a critical threat, allowing remote attackers to…

Read more →

Hackers have begun leveraging the capabilities of DeepSeek and Qwen AI models to create sophisticated malware. These models, known for their advanced language processing capabilities, have attracted the attention of cybercriminals due to their potential for generating malicious content with…

Read more →

A recent security incident has revealed that over 3,000 publicly disclosed ASP.NET machine keys were exploited by hackers to execute remote code on IIS servers. This attack utilized ViewState code injection techniques, allowing malicious actors to gain unauthorized access and…

Read more →

Splunk, a leader in data analytics and cybersecurity solutions, has introduced a groundbreaking proof-of-concept honeypot system named DECEIVE (DECeption with Evaluative Integrated Validation Engine).  This AI-powered tool is designed to simulate high-interaction systems with minimal setup effort, offering organizations an…

Read more →

A critical vulnerability in the popular file archiving tool 7-Zip (CVE-2025-0411) has been actively exploited in the wild, primarily targeting Ukrainian organizations, added to CISA’s known exploited vulnerability database. This flaw allows attackers to bypass Windows’ Mark-of-the-Web (MoTW) security feature,…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413. This remote code execution (RCE) flaw, discovered by Check Point researcher Haifei…

Read more →

The National Security Agency (NSA) has launched Ghidra 11.3, the latest version of its open-source software reverse engineering (SRE) framework. The National Security Agency (NSA) has developed Ghidra, a cutting-edge Software Reverse Engineering (SRE) framework designed to analyze compiled code…

Read more →

Security analysts know the struggle: endless alerts, repetitive tasks, and not enough hours in the day. The volume of potential threats can be overwhelming, making efficient alert triage crucial for any Security Operations Center (SOC). The great news is that…

Read more →

Cybersecurity researchers at Palo Alto have recently uncovered a large-scale gift card scam campaign involving 276 stockpiled domains. The scam targets users by advertising free or discounted gift cards for popular services such as Google Play, Amazon, and Roblox, luring…

Read more →

Less than a month after its groundbreaking launch, Chinese artificial intelligence company DeepSeek has found itself at the center of a cybersecurity storm. The company, which debuted its first AI model, DeepSeek-R1, on January 20, 2025, has been grappling with…

Read more →

Threat actors have been leveraging the legitimate Remote Monitoring and Management (RMM) tool, ScreenConnect, to establish persistence in their cyberattacks. This trend shows the evolving tactics of hackers who exploit trusted software to gain unauthorized access to systems. ScreenConnect, now…

Read more →

A threat actor has allegedly obtained the login information for 20 million OpenAI accounts, including passwords and email addresses. This claim was made on an underground forum, where the actor provided a sample of the data and offered the full…

Read more →

A recent cybersecurity threat has emerged in the form of the Nova Stealer malware, a fork of the popular SnakeLogger stealer. This malware is being marketed on hacking forums under a Malware-as-a-Service (MaaS) model, making it accessible to a wide…

Read more →

Israeli spyware company Paragon Solutions has terminated its contract with Italy following allegations that its military-grade surveillance software, Graphite, was misused to target journalists and civil society members. The decision comes less than a week after WhatsApp revealed that the…

Read more →

Flesh Stealer has surfaced as a high-profile malware campaign targeting web browsers like Chrome, Firefox, Edge, and even messaging platforms like Signal and Telegram. Written in C# as a .NET executable, Flesh Stealer emerged in August 2024 and has been…

Read more →

The XE Group, a sophisticated cybercriminal organization active since at least 2013, has recently been involved in exploiting zero-day vulnerabilities to deploy malware and steal sensitive information. Initially known for credit card skimming and password theft, the group has shifted…

Read more →

A recently disclosed vulnerability in F5’s BIG-IP system has raised significant security concerns. Identified as CVE-2025-21091, this flaw allows remote, unauthenticated attackers to trigger a Denial-of-Service (DoS) attack by exploiting the Simple Network Management Protocol (SNMP) when SNMP v1 or…

Read more →