Linus Torvalds has officially announced the release of Linux kernel 6.14, the latest stable version of the open-source operating system kernel. Originally expected on Sunday, the release was pushed to Monday due to what Torvalds humorously described as “pure incompetence.” …
Category: Cyber Security News
New Phishing Attack Using Browser-In-The-Browser Technique To Attack Gamers
A sophisticated new phishing campaign has emerged targeting the gaming community, specifically Counter-Strike 2 players, using an advanced technique known as Browser-in-the-Browser (BitB). This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam…
Ingress NGINX Remote Code Execution Vulnerability Let Attacker Takeover Cluster
Researchers have uncovered a series of critical security vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively dubbed “IngressNightmare.” These flaws could allow unauthenticated attackers to execute remote code and gain complete control over vulnerable Kubernetes clusters. Ingress NGINX Remote…
Rilide Malware as Browser Extension Attacking Chrome & Edge Users to Steal Login Credentials
A sophisticated malware strain dubbed “Rilide” has emerged as a significant threat to Chrome and Edge browser users, operating as a deceptive browser extension designed to harvest login credentials. Security researchers have discovered this malware in active campaigns targeting corporate…
Developers Beware! Fake Coding Challenges Will Deploy FogDoor on Your System
A sophisticated malware campaign targeting software developers has emerged, leveraging fake coding challenges to infiltrate systems with a stealthy backdoor dubbed FogDoor. First identified in March 2025, this threat specifically targets Polish-speaking developers and job seekers through socially engineered GitHub…
Hackers Using Fake Semrush Ads to Steal Google Accounts Login Credentials
A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing a significant threat to digital marketers and SEO professionals. Cybercriminals have deployed numerous malicious advertisements that appear legitimate in Google search results, leveraging Semrush’s growing…
New Linux Kernel Rust Module Unveiled to Detect Rootkits
A groundbreaking security tool has emerged in the ongoing battle against sophisticated Linux malware. A new Rust-based kernel module designed specifically for detecting rootkits has been released, offering enhanced capabilities to identify these particularly elusive threats. The module represents a…
Hackers Could Drop Teams Malware via Browser’s Cache Smuggling
A novel attack vector combining browser cache exploitation and DLL proxying has emerged as a significant threat to organizations using Microsoft Teams and OneDrive. Dubbed Browser Cache Smuggling, this technique allows attackers to bypass traditional security defenses by leveraging browsers’ caching…
Operation Red Card – 300+ Cyber Criminals Arrested Linking to Multiple Hacking Activities
INTERPOL led a multi-national law enforcement operation dubbed “Operation Red Card,” which has resulted in the arrest of over 300 suspected cyber criminals. Operation Red Card, conducted from November 2024 to February 2025, targeted cross-border criminal syndicates responsible for mobile…
Pocket Card Users Under Attack Via Sophisticated Phishing Campaign
A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting…
Cloudflare Unveils AI Labyrinth a New Approach to Exhaust AI Crawlers and Other Bots
Cloudflare has launched AI Labyrinth, an innovative tool designed to combat unauthorized web-scraping bots by redirecting them into an endless maze of AI-generated content. Introduced on March 19, 2025, this free, opt-in feature marks a significant shift in bot mitigation…
WordPress Plugin Vulnerability Exposes 200k+ Sites to Code Execution Attacks
A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 active installations. The high-severity flaw, tracked as CVE-2025-26909 with a CVSS score of 9.6, allows unauthenticated attackers to exploit a Local File Inclusion (LFI) vulnerability that…
WordPress Plug-in Vulnerability Let Hackers Inject Malicious SQL Queries
A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and rewards systems on websites. The high-impact flaw, categorized as CVE-2024-13496 with a CVSS 3.1 score of 7.5, allowed unauthenticated attackers to inject malicious SQL queries that could…
FCC Conducting Investigation into Chinese Entities Placed on the Government’s Prohibited List
The Federal Communications Commission (FCC) has launched a sweeping investigation into nine Chinese technology and telecommunications companies that were previously placed on its Covered List, aiming to determine if these firms are evading U.S. restrictions. FCC Chairman Brendan Carr announced…
Clio – Real-Time Logging Tool With Locking, User Authentication, and Audit Trails
Clio has emerged as a revolutionary real-time logging solution developed by cybersecurity engineers at CyberLock Technologies in the evolving landscape of cybersecurity tools. Launched in January 2025, this sophisticated tool addresses critical gaps in traditional logging frameworks by providing comprehensive…
Critical Chrome Vulnerability Let Attackers Execute Arbitrary Code
Google has confirmed a critical security flaw in Chrome that affects billions of users across Windows, Mac, Linux, and Android platforms. The vulnerability, which could allow attackers to execute arbitrary code through specially crafted web pages, prompted an urgent update…
CleanStack – A Dual-Stack for Defending Against Memory Corruption Attacks
Memory corruption vulnerabilities remain a persistent threat to software systems, particularly those built using low-level languages like C/C++. These vulnerabilities can lead to devastating attacks, allowing malicious actors to execute arbitrary code or manipulate critical program data. Traditional protection mechanisms…
Millions of Internet-Connected Weight Machines Via API Endpoints
The fitness technology landscape has undergone a dramatic transformation. Millions of weight machines worldwide now connect to the internet through standardized API endpoints, creating an unprecedented ecosystem of smart fitness equipment. Industry analysts project this market will exceed $8 billion…
Four Faces of Hacker Group Behind 90 Data Breaches Worldwide Revealed
A lone cybercriminal masquerading as a hacker group has been unmasked as the entity behind more than 90 data breaches worldwide over a four-year period. The individual, who operated under four distinct aliases, ALTDOS, DESORDEN, GHOSTR, and Omid16B targeted companies…
Chinese Web Shell Whisperer Using Web Shells & Tunnels To Establish Persistence
A sophisticated threat actor dubbed “Weaver Ant,” Web Shell Whisperer has emerged from China, deploying advanced web shell payloads across critical infrastructure sectors worldwide. This persistent campaign, active since late 2024, targets vulnerable web applications and content management systems in…