A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide. The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the…
Category: Cyber Security News
Apache Traffic Server Vulnerability Let Attackers Smuggle Requests
A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks. The vulnerability, tracked as CVE-2024-53868, affects multiple versions of this high-performance HTTP proxy server…
New Phishing Campaign Attacking Investors to Steal Login Credentials
A sophisticated phishing campaign has emerged targeting users of Monex Securities, one of Japan’s largest online brokerage platforms formed through the merger of Monex, Inc. and Nikko Beans, Inc. Since early April 2025, attackers have deployed a series of fraudulent…
Oracle Acknowledges Data Breach and Starts Informing Affected Clients
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking the second cybersecurity incident disclosed by the company in recent weeks. The breach, initially reported by a threat actor on Breachforums on March 20, 2025, has…
Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers
CISA warns of threat actors’ increasing adoption of the fast flux technique to evade detection and conceal malicious server infrastructures. As cybercriminal operations grow increasingly sophisticated, threat actors adopt advanced techniques like fast flux to mask malicious infrastructure, evade defensive measures, and…
Hunters International Overlaps Hive Ransomware Attacking Windows, Linux, and ESXi Systems
A sophisticated ransomware operation known as Hunters International emerged in October 2023, with strong evidence suggesting connections to the formerly dismantled Hive ransomware group. The initial attack was documented on October 13, 2023, when the group disclosed their first victim—an…
DarkCloud Stealer Attacking Organizations with Weaponized .TAR Archive to Steal Passwords
A sophisticated cyber campaign leveraging the DarkCloud information stealer has targeted Spanish organizations across multiple critical sectors since early April 2025. The malware, distributed via weaponized .TAR archives embedded in phishing emails, exploits billing-themed lures to compromise technology, legal, financial,…
New Web Skimming Attack Uses Legacy Stripe API to Validate Stolen Card Details
A sophisticated web skimming campaign that employs a novel technique leveraging Stripe’s legacy API to validate payment card details before exfiltration. This tactic ensures attackers collect only valid payment information, making their operation more efficient while reducing the chances of…
Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools
A highly sophisticated Russian threat actor known as Seashell Blizzard (also tracked as APT44, Sandworm, and Voodoo Bear) has been conducting extensive cyber operations against organizations worldwide. Linked to Russian Military Intelligence Unit 74455 (GRU), this adversary has targeted critical…
Qilin Operators Mimic ScreenConnect Login Page to Deliver Ransomware & Gain Admin Access
A sophisticated ransomware attack targeted Managed Service Providers (MSPs) through well-crafted phishing emails designed to appear as authentication alerts for their ScreenConnect Remote Monitoring and Management (RMM) tool. This attack resulted in the deployment of Qilin ransomware across multiple customer…
Operation HollowQuill Weaponizing PDF Documents to Infiltrate Academic & Government Networks
A sophisticated cyber espionage campaign dubbed “Operation HollowQuill” has been uncovered targeting academic institutions and government agencies worldwide through weaponized PDF documents. The operation employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, or government communiqués to…
AI-based Gray Bots Targeting Web Application, with Request of 17,000+ Per Hour
A new generation of sophisticated AI-powered Gray Bots has emerged, targeting web applications with unprecedented intensity. These bots utilize machine learning to mimic human behavior while generating over 17,000 requests per hour. Unlike traditional attacks, they adjust traffic patterns to…
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access
Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critical CVSS score of 9.8, allows remote attackers to hijack active SSL VPN sessions without requiring…
EvilCorp & RansomHub Working Together to Attack Organizations Worldwide
A dangerous partnership has emerged in the cybercriminal landscape, as EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has begun working with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This collaboration, identified through shared indicators of compromise (IOCs) and tactics,…
Cisco AnyConnect VPN Server Vulnerability Let Attacker Trigger DoS Condition
Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks. The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger denial of service (DoS) conditions…
Hackers Leveraging DeepSeek & Remote Desktop Apps to Deliver TookPS Malware
Cybersecurity experts have uncovered a sophisticated malware campaign that initially exploited the popular DeepSeek LLM as a lure but has now expanded significantly. In early March 2025, researchers identified malicious operations using DeepSeek as bait, but subsequent telemetry analysis has…
Hackers Actively Scanning for Juniper’s Smart Router With Default Password
Recent network monitoring data from SANS reveals a significant spike in targeted scans seeking to exploit default credentials in Juniper Networks’ Session Smart Router (SSR) platform. Security researchers have observed a massive coordinated campaign attempting to identify and compromise vulnerable…
Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control
A new sophisticated attack campaign targeting Apache Tomcat servers has emerged, with attackers deploying encrypted and encoded payloads designed to run on both Windows and Linux systems. The attack chain begins with brute-force attempts against Tomcat management consoles using commonly…
Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums
A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments. The malware advertisement, discovered on Thursday,…
New Malware Attacking Magic Enthusiasts to Steal Login Credentials
A sophisticated new malware campaign targeting the magic community has emerged. Dubbed “AbracadabraStealer,” this malware steals login credentials from magic forums, online shops, and streaming platforms where enthusiasts store payment information. The attackers have crafted a particularly deceptive operation that…