Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s “Summarize this email” feature to display fabricated security warnings that appear…
Category: Cyber Security News
Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches
In today’s rapidly evolving digital landscape, the frequency and complexity of cyberattacks are increasing, making it crucial to stay informed about emerging threats. Our weekly newsletter serves as a vital resource, offering an overview of pertinent cybersecurity developments, expert analysis,…
GPUHammer – First Rowhammer Attack Targeting NVIDIA GPUs
Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses on the popular NVIDIA A6000 GPU with GDDR6 memory,…
WordPress GravityForms Plugin Hacked to Include Malicious Code
A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one…
OpenAI is to Launch a AI Web Browser in Coming Weeks
OpenAI is reportedly preparing to release an artificial intelligence-enhanced web browser within the coming weeks, marking the company’s latest expansion beyond its popular ChatGPT platform. The new browser will feature integrated AI agent capabilities designed to autonomously handle various online…
Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability
Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for…
AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control
A critical security vulnerability in AWS Organizations has been discovered that could allow attackers to achieve complete control over entire multi-account AWS environments through a mis-scoped managed policy. The flaw, identified in the AmazonGuardDutyFullAccess managed policy version 1, enables privilege…
Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service…
Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security
Microsoft has successfully eliminated high-privilege access vulnerabilities across its Microsoft 365 ecosystem as part of its comprehensive Secure Future Initiative, marking a significant milestone in enterprise security architecture. The technology giant’s Deputy Chief Information Security Officer for Experiences and Devices,…
Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data
The cybersecurity landscape is witnessing an alarming surge in macOS-targeted information-stealing malware, marking a significant shift from the traditional Windows-centric threat model. These sophisticated infostealers are rapidly evolving to exploit macOS environments with unprecedented precision, targeting valuable data including browser…
CISA Warns of CitrixBleed 2 Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical vulnerability in Citrix NetScaler ADC and Gateway products that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-5777, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with…
FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation
The Federal Bureau of Investigation’s Atlanta Field Office announced today the seizure of several major online criminal marketplaces that provided pirated versions of popular video games, dismantling a multi-million dollar piracy operation that caused an estimated $170 million in losses…
CISA Releases 13 New Industrial Control Systems Surrounding Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released thirteen critical Industrial Control Systems (ICS) advisories on July 10, 2025, highlighting significant vulnerabilities affecting major industrial automation vendors. This comprehensive security alert encompasses multiple attack vectors targeting essential infrastructure components,…
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors
Iranian state-sponsored threat actors have intensified their cyberattacks against critical infrastructure in the United States, with a dramatic 133% increase in malicious activity recorded during May and June 2025. The escalation coincides with heightened geopolitical tensions surrounding the recent Iranian…
IT Giant Ingram Micro Restores Operations Following Ransomware Attack
In a significant cybersecurity incident that underscored the persistent threat of ransomware attacks on global IT infrastructure, Ingram Micro Holding Corporation successfully restored its business operations after a four-day battle against malicious actors who infiltrated its internal systems. The attack,…
Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records
The cybersecurity landscape witnessed a significant breach in early 2025 when Arkana Ransomware emerged as a formidable threat actor, making its debut with a devastating attack on WideOpenWest (WOW!), a major U.S. internet service provider. The attack, which occurred in…
Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code
A critical security vulnerability in Fortinet’s FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication. The vulnerability, designated CVE-2025-25257, represents a significant threat to organizations using Fortinet’s web application firewall…
Critical D-Link 0-click Vulnerability Allows Remote Attackers to Crash the Server
A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. Tracked as CVE-2025-7206, the flaw resides in the router’s httpd binary and stems from improper handling…
New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities
A critical vulnerability in eSIM technology enables attackers to clone mobile subscriber profiles and hijack phone identities. AG Security Research revealed they broke the security of Kigen eUICC cards with GSMA consumer certificates, marking what they claim is the first…
Rockerbox Data Leak – 245,949 User Records Exposed Including SSNs and Driver’s Licenses
The Rockerbox breach burst onto the threat-intelligence radar in early July 2025 when an unencrypted, 286.9 GB cloud repository holding 245,949 highly sensitive records was found openly indexed on the internet. Investigators traced the trove to Rockerbox, a Dallas-based tax-credit…