Cisco’s Webex Chat (formerly known as IMI Chat) was found to have a significant security flaw that exposed the sensitive chat histories of hundreds to thousands of organizations. The exploit allowed unauthorized attackers to access millions of live customer support…
Category: Cyber Security News
Malware Found in Healthcare Patient Monitors Linked to Chinese IP Address
A critical cybersecurity vulnerability has been uncovered in Contec CMS8000 patient monitors, revealing embedded malware that poses significant risks to patient safety and data security. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that the devices include a backdoor…
Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users
In a law enforcement operation dubbed “Operation Talent,” an international coalition of law enforcement agencies led by Germany’s Bundeskriminalamt (BKA) and Europol has dismantled two of the world’s largest cybercrime forums: Cracked.io and Nulled.to. These platforms, which collectively hosted over…
D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely
A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max…
Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000
A significant extension of Microsoft’s Microsoft 365 (M365) Bounty Program has been announced. The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions. This update underscores Microsoft’s commitment…
VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations
Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products. These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation. The…
Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely
James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that exploits cross-process communication features in object-oriented…
New Jailbreak Techniques Expose DeepSeek LLM Vulnerabilities, Enabling Malicious Exploits
Recent revelations have exposed critical vulnerabilities in DeepSeek’s large language models (LLMs), particularly DeepSeek-R1, through advanced jailbreaking techniques. These exploits, including “Bad Likert Judge,” “Crescendo,” and “Deceptive Delight,” have demonstrated the ease with which malicious actors can bypass safety measures…
Tata Technologies Hacked – Ransomware Attack Compromises IT Systems
In a recent disclosure to the stock exchanges, Tata Technologies Limited announced that it has been the victim of a ransomware attack affecting some of its IT assets. Tata Technologies, headquartered in Pune, India, is a subsidiary of the Tata…
ChatGPT-4o Jailbreak Vulnerability “Time Bandit” Let Attackers Create Malware
A new jailbreak vulnerability in OpenAI’s ChatGPT-4o, dubbed “Time Bandit,” has been exploited to bypass the chatbot’s built-in safety functions. This vulnerability allows attackers to manipulate the chatbot into producing illicit or dangerous content, including instructions for malware creation, phishing…
Tor Project X Account Hacked to Promote Cryptocurrency Scheme
The Tor Project, a renowned organization dedicated to online privacy and anonymity, has fallen victim to a cyberattack. On January 30, 2025, the group’s official X (formerly Twitter) account was compromised and used to promote a fraudulent cryptocurrency scheme. The…
Tria Stealer Trojan Exploits Android Phones To Exfiltrate SMS Messages
A newly discovered Android malware campaign, dubbed Tria Stealer, has been targeting users in Malaysia and Brunei since mid-2024. Leveraging fake wedding invitations as a lure, this Trojan steals sensitive data, including SMS messages, call logs, and app notifications, and…
Phorpiex Botnet Distributes LockBit Ransomware Through Compromised Websites
Cybersecurity experts have uncovered the use of the Phorpiex botnet to distribute LockBit Black ransomware (LockBit 3.0) through millions of phishing emails and compromised websites. This campaign, active since April 2024, marks a significant evolution in ransomware delivery methods, leveraging…
Top 3 Most Popular Malware TTPs of the Past Year
Cyber threats evolve rapidly, but some tactics stand out for their widespread use and effectiveness. In its latest 2024 trends report, ANY.RUN identified the top malware Tactics, Techniques, and Procedures (TTPs) employed by cyber attackers for malicious purposes. Let’s dive…
Arcus Media Ransomware Delete Backup, Clear Logs, Disable Remote After Lock The Files
The Arcus Media ransomware has emerged as a significant cybersecurity threat, employing advanced techniques to maximize disruption and hinder recovery efforts. Operating under a Ransomware-as-a-Service (RaaS) model, the group has targeted industries worldwide, including business services, retail, and media, since…
New Android Malware Exploiting Wedding Invitations to Steal Victims WhatsApp Messages
A sophisticated Android malware campaign, dubbed Tria Stealer, has been targeting users in Malaysia and Brunei since mid-2024. The malware uses fake wedding invitations as a lure to trick victims into installing a malicious Android Package Kit (APK). Once installed,…
Canon Printer Vulnerabilities Let Attackers Execute Arbitrary Code Remotely
Multiple critical security vulnerabilities affecting Canon Laser Printers and Small Office Multifunctional Printers. These vulnerabilities, identified as buffer overflow flaws, could allow attackers to execute arbitrary code remotely or render the devices inoperative through Denial-of-Service (DoS) attacks. The affected models…
Windows 11 Start Menu Now Let Users Access Their Android & iPhones
Microsoft has unveiled a significant update to Windows 11, enhancing the Start menu with seamless integration for both Android and iPhone devices. This feature, previously exclusive to Android users, now extends to iPhone owners, allowing them to access their phone’s…
Hackers Exploit Public-facing Vulnerable IIS, Apache, SQL Servers to Attack Gov & Telcom Networks
A sophisticated cyberespionage campaign, tracked as CL-STA-0048, has been identified targeting government and telecommunications networks in South Asia. The attackers exploited vulnerabilities in public-facing servers running Microsoft IIS, Apache Tomcat, and MSSQL to gain unauthorized access and exfiltrate sensitive data.…
North Korean APT Lazarus Compromises Developers via Malicious NPM Packages
The North Korean state-sponsored hacking group Lazarus has been implicated in a sophisticated supply chain attack targeting developers through malicious Node Package Manager (NPM) packages. Security researchers have identified the package, postcss-optimizer, as a key vector for delivering malware to…