Category: Cyber Security News

Microsoft has unveiled a significant update to Windows 11, enhancing the Start menu with seamless integration for both Android and iPhone devices.  This feature, previously exclusive to Android users, now extends to iPhone owners, allowing them to access their phone’s…

Read more →

A sophisticated cyberespionage campaign, tracked as CL-STA-0048, has been identified targeting government and telecommunications networks in South Asia. The attackers exploited vulnerabilities in public-facing servers running Microsoft IIS, Apache Tomcat, and MSSQL to gain unauthorized access and exfiltrate sensitive data.…

Read more →

The North Korean state-sponsored hacking group Lazarus has been implicated in a sophisticated supply chain attack targeting developers through malicious Node Package Manager (NPM) packages. Security researchers have identified the package, postcss-optimizer, as a key vector for delivering malware to…

Read more →

A sophisticated cyberattack has compromised over 10,000 WordPress websites, delivering cross-platform malware to unsuspecting users. The campaign exploits outdated WordPress versions and plugins, redirecting visitors to fake browser update pages that deploy malicious software targeting both macOS and Windows systems.…

Read more →

A new implementation of Kerberos relaying over HTTP has been unveiled, leveraging multicast poisoning to exploit vulnerabilities in Active Directory environments. The research, published by Quentin Roland, builds on previous work by cybersecurity expert James Forshaw, demonstrating how attackers can…

Read more →

The notorious Lazarus Group, a North Korean state-sponsored Advanced Persistent Threat (APT), has been implicated in a large-scale cyberattack campaign dubbed “Operation Phantom Circuit.” This operation involves embedding malicious backdoors into legitimate software packages, targeting developers and organizations worldwide. The…

Read more →

A new variant of the SystemBC Remote Access Trojan (RAT) has emerged, explicitly targeting Linux-based systems. Known for its stealth capabilities, this malware is designed to infiltrate corporate networks, cloud servers, and IoT devices, posing a significant threat to internal…

Read more →

DeepSeek AI has announced that its latest AI model, DeepSeek R1, now relies on Huawei’s Ascend 910C chip for inference tasks in a bold move that could ripple through the tech industry. This shift comes after the model was initially…

Read more →

A critical Remote Code Execution (RCE) vulnerability was discovered in the Lightning AI platform, a widely used tool for AI development. The flaw, which has since been patched, allowed attackers to gain root access by exploiting a hidden URL parameter.…

Read more →

A critical security vulnerability has been identified in TeamViewer Clients for Windows, allowing attackers with local access to escalate their privileges to the system level.  The flaw, tracked as CVE-2025-0065, affects versions of TeamViewer Full Client and Host prior to…

Read more →

OPNsense, the widely recognized open-source firewall and routing platform, celebrates its 10th anniversary with the release of version 25.1, codenamed “Ultimate Unicorn.”  This milestone release introduces significant upgrades, including enhanced security zone configurations, a redesigned user interface, and the integration…

Read more →

Microsoft has officially announced the integration of DeepSeek R1, an AI model, into its Azure AI Foundry platform and GitHub.  This move positions DeepSeek R1 among over 1,800 models, including frontier, open-source, and task-specific AI solutions.  The integration aims to…

Read more →

Cybercriminals have been exploiting vulnerabilities in the Remote Desktop Protocol (RDP) to gain unauthorized access to Windows systems and remotely control web browsers. This method not only compromises individual machines but also poses a significant threat to enterprise networks. RDP,…

Read more →

Cybercriminals recently exploited Google’s g.co subdomain to carry out a meticulously crafted scam over a vishing call. The incident was chronicled by Zach Latta, founder of Hack Club, who nearly fell victim to the attack. His account sheds light on…

Read more →

Cybercriminals are increasingly exploiting vulnerabilities in government websites to carry out phishing campaigns, leveraging the inherent trust users place in official domains. A recent report by Cofense Intelligence shows that how attackers are weaponizing .gov top-level domains (TLDs) across multiple…

Read more →

A security vulnerability in DeepSeek, a prominent Chinese AI startup, exposed a publicly accessible ClickHouse database containing highly sensitive information, including over a million lines of log streams. The breach, which included chat logs, API keys, backend details, and operational…

Read more →

Microsoft 365 users worldwide encountered significant disruptions today as multiple services, including the Microsoft 365 Admin Center, reported degradation or complete inaccessibility. The issue, first noted around 18:45 GMT, has left many users unable to access key services, with some…

Read more →

A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices. The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16. …

Read more →

Researchers have uncovered two critical vulnerabilities in Apple’s custom silicon chips, dubbed SLAP (Speculative Load Address Prediction) and FLOP (False Load Output Predictions).  These flaws, found in Apple’s A- and M-series processors, expose sensitive user data such as credit card…

Read more →

The state-sponsored threat actors are increasingly exploiting Google’s AI-powered assistant, Gemini, to enhance their cyber operations.  While generative AI tools like Gemini hold immense potential for innovation and productivity, their misuse by advanced persistent threat (APT) groups and information operations…

Read more →