The Apache Software Foundation has released Apache HTTP Server version 2.4.64, addressing eight critical security vulnerabilities that affected versions spanning from 2.4.0 through 2.4.63. This latest update resolves a range of issues, including HTTP response splitting, server-side request forgery (SSRF),…
Category: Cyber Security News
AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets
Advanced Micro Devices has disclosed a series of critical security vulnerabilities affecting multiple generations of its processor architectures, stemming from transient scheduler attacks that exploit speculative execution mechanisms. The vulnerabilities, identified through four distinct Common Vulnerabilities and Exposures (CVE) entries,…
Russian Basketball Player Arrested over Alleged Ransomware Attack Claims
A Russian professional basketball player has been arrested in France on charges of orchestrating one of the most extensive ransomware campaigns in recent history, targeting nearly 900 companies and federal institutions between 2020 and 2022. The case highlights the growing…
Windows 11’s New Black Screen of Death is Rolling Out for Users
Microsoft has begun rolling out a redesigned error screen interface as part of Windows 11 Build 26100.4762, introducing what users are calling the “new Black Screen of Death.” This update, released to the Release Preview Channel on July 10, 2025,…
10 Best Digital Forensic Investigation Tools – 2025
In today’s digital-first world, cybercrime is evolving rapidly, making digital forensic investigation tools indispensable for law enforcement, cybersecurity professionals, and corporate investigators. These tools empower experts to uncover, analyze, and present digital evidence from computers, mobile devices, cloud services, and…
Top 11 Best SysAdmin Tools in 2025
In today’s rapidly evolving IT landscape, system administrators (SysAdmins) are the backbone of organizational efficiency and security. The right tools not only streamline workflows but also ensure robust monitoring, automation, and troubleshooting. As infrastructures become increasingly hybrid and complex, the…
Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild
Researchers have observed widespread exploitation attempts targeting a critical memory disclosure vulnerability in Citrix NetScaler devices, designated as CVE-2025-5777 and dubbed “CitrixBleed 2.” This pre-authentication flaw enables attackers to craft malicious requests that leak uninitialized memory from affected NetScaler ADC…
Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack
A critical security vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 websites worldwide and potentially exposing them to complete site takeover attacks. The vulnerability, assigned CVE-2025-6691 with a CVSS score of 8.8, allows unauthenticated attackers to…
Laravel APP_KEY Vulnerability Allows Remote Code Execution – Hundreds of Apps Affected
A critical vulnerability in Laravel applications exposes APP_KEY configuration values, enabling attackers to achieve remote code execution (RCE). Collaborative research between GitGuardian and Synacktiv revealed that approximately 260,000 APP_KEYs have been exposed on GitHub since 2018, with over 600 applications…
New ZuRu Malware Variant Attacking macOS Users Via Weaponized Termius App
A sophisticated new variant of the macOS.ZuRu malware has emerged, targeting macOS users through a weaponized version of the popular Termius SSH client. This latest iteration, discovered in late May 2025, represents a significant evolution in the threat actor’s tactics,…
Android Packer Ducex Employs Serious Obfuscation Techniques and Detects Analysis Tools Presence
The cybersecurity landscape continues to evolve with increasingly sophisticated malware variants, and a recent discovery highlights the persistent threat posed by advanced Android packers. Security researchers have identified a highly complex packer dubbed “Ducex,” which serves as a delivery mechanism…
Hackers Stolen $500,000 in Crypto Assets by Weaponizing AI Extension
A sophisticated cybercrime operation has successfully stolen $500,000 in cryptocurrency assets from a Russian blockchain developer through a malicious extension targeting the Cursor AI integrated development environment. The attack, which occurred in June 2025, represents a concerning evolution in supply…
Multiple Schneider Electric Vulnerabilities Let Attackers Inject OS Commands
Schneider Electric has disclosed a critical set of six vulnerabilities affecting its EcoStruxure IT Data Center Expert software that could allow attackers to execute remote code and gain unauthorized system access. The vulnerabilities, discovered in versions 8.3 and prior, present…
Palo Alto Networks GlobalProtect Vulnerability Allows Root User Privilege Escalation
Palo Alto Networks has disclosed a critical security vulnerability in its GlobalProtect VPN application that enables locally authenticated users to escalate their privileges to root access on macOS and Linux systems, or NT AUTHORITY\SYSTEM on Windows machines. The vulnerability, classified…
Microsoft Exchange Online Service Down – Millions of Users Unable to Access Their Mailbox
Microsoft Exchange Online experienced a major global outage on July 10, 2025, preventing millions of users from accessing their mailboxes across multiple platforms. The incident, designated as EX1112414, began at 10:20 PM UTC on July 9 and continued affecting users…
SafePay Ransomware Leverages RDP and VPN for Intruding Into Organizations Network
A new ransomware threat has emerged as one of the most formidable adversaries in the cybersecurity landscape, demonstrating unprecedented growth and sophistication in its attack methodology. SafePay ransomware, which first appeared in 2024, has rapidly evolved from a relatively unknown…
US Sanction Key Threat Actors Linked With North Korea’s Remote IT Worker Scheme
The U.S. Treasury’s July 8 action against Song Kum Hyok and four Russia-based entities pulled back the curtain on a sophisticated malware-enabled revenue pipeline that has quietly bankrolled Pyongyang’s weapons programs for years. Investigators trace the campaign to Andariel, a…
Critical Linux Kernel’ Double Free Vulnerability Let Attackers Escalate Privileges
A severe double-free vulnerability has been discovered in the Linux kernel’s NFT (netfilter) subsystem, specifically within the pipapo set module. This critical security flaw allows unprivileged attackers to achieve local privilege escalation by exploiting kernel memory corruption through specially crafted…
INE Security Unveiled Enhanced eMAPT Certification
Cary, North Carolina, July 10th, 2025, CyberNewsWire Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing)…
Hackers Abused GitHub to Spread Malware Mimic as VPN
A sophisticated malware campaign has emerged exploiting the trusted GitHub platform to distribute malicious software disguised as legitimate tools. Threat actors have successfully weaponized the popular code repository to host and distribute the notorious Lumma Stealer malware, masquerading it as…