Category: Cyber Security News

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting…

Read more →

Cloudflare has launched AI Labyrinth, an innovative tool designed to combat unauthorized web-scraping bots by redirecting them into an endless maze of AI-generated content.  Introduced on March 19, 2025, this free, opt-in feature marks a significant shift in bot mitigation…

Read more →

A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 active installations.  The high-severity flaw, tracked as CVE-2025-26909 with a CVSS score of 9.6, allows unauthenticated attackers to exploit a Local File Inclusion (LFI) vulnerability that…

Read more →

A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and rewards systems on websites.  The high-impact flaw, categorized as CVE-2024-13496 with a CVSS 3.1 score of 7.5, allowed unauthenticated attackers to inject malicious SQL queries that could…

Read more →

The Federal Communications Commission (FCC) has launched a sweeping investigation into nine Chinese technology and telecommunications companies that were previously placed on its Covered List, aiming to determine if these firms are evading U.S. restrictions.  FCC Chairman Brendan Carr announced…

Read more →

Clio has emerged as a revolutionary real-time logging solution developed by cybersecurity engineers at CyberLock Technologies in the evolving landscape of cybersecurity tools. Launched in January 2025, this sophisticated tool addresses critical gaps in traditional logging frameworks by providing comprehensive…

Read more →

Google has confirmed a critical security flaw in Chrome that affects billions of users across Windows, Mac, Linux, and Android platforms.  The vulnerability, which could allow attackers to execute arbitrary code through specially crafted web pages, prompted an urgent update…

Read more →

Memory corruption vulnerabilities remain a persistent threat to software systems, particularly those built using low-level languages like C/C++. These vulnerabilities can lead to devastating attacks, allowing malicious actors to execute arbitrary code or manipulate critical program data. Traditional protection mechanisms…

Read more →

The fitness technology landscape has undergone a dramatic transformation. Millions of weight machines worldwide now connect to the internet through standardized API endpoints, creating an unprecedented ecosystem of smart fitness equipment.  Industry analysts project this market will exceed $8 billion…

Read more →

A lone cybercriminal masquerading as a hacker group has been unmasked as the entity behind more than 90 data breaches worldwide over a four-year period. The individual, who operated under four distinct aliases, ALTDOS, DESORDEN, GHOSTR, and Omid16B targeted companies…

Read more →

A sophisticated threat actor dubbed “Weaver Ant,” Web Shell Whisperer has emerged from China, deploying advanced web shell payloads across critical infrastructure sectors worldwide. This persistent campaign, active since late 2024, targets vulnerable web applications and content management systems in…

Read more →

A critical security vulnerability (CVE-2025-29927) has been discovered in Next.js that allows attackers to completely bypass middleware-based security controls by manipulating the x-middleware-subrequest header.  This critical flaw affects authentication flows, authorization controls, path rewriting, and security header implementations across multiple…

Read more →

Cloudflare has unveiled a clientless, browser-based Remote Desktop Protocol (RDP) solution, expanding its Zero Trust Network Access (ZTNA) capabilities for secure Windows server access. This new offering, which follows the October 2024 release of short-lived SSH access, eliminates the need…

Read more →

Baidu, China’s leading search engine giant, has firmly denied allegations of an internal data breach after a controversial incident involving a senior executive’s teenage daughter.  The company got involved in a data security incident, which prompted significant concerns about personal…

Read more →

A sophisticated new information stealer dubbed SvcStealer 2025 has emerged, targeting sensitive user data through spear phishing email attachments. First observed in late January 2025, this malware harvests extensive personal and financial information from infected systems, including machine data, installed…

Read more →

North Korean leader Kim Jong Un has ordered the establishment of a new cyber warfare research center, codenamed “Research Center 227,” under the military’s Reconnaissance General Bureau (RGB). This move, confirmed in late February 2025, signals a significant escalation in…

Read more →

A new and rapidly evolving ransomware-as-a-service (RaaS) operation called VanHelsingRaaS has emerged in the cybercrime landscape. Launched on March 7, 2025, this sophisticated threat has already claimed three victims in less than two weeks, demanding ransoms of $500,000 paid to…

Read more →

At present, many computers are connected via numerous networks. Monitoring all traffic and having something to filter out good and harmful traffic is critical, and we achieve this with an application or service known as a firewall. Early firewalls were…

Read more →

Endpoint Detection and Response (EDR) solutions have become crucial for organizations to protect their devices and data from cyber threats. As of 2025, several top EDR solutions stand out in the market. CrowdStrike Falcon Insight XDR is widely recognized for…

Read more →

A threat actor named “rose87168” claimed to have stolen six million records from Oracle Cloud servers. The stolen data reportedly includes Java Key Store (JKS) files, encrypted Single Sign-On (SSO) passwords, hashed Lightweight Directory Access Protocol (LDAP) passwords, key files,…

Read more →