A sophisticated new malware loader called QuirkyLoader has emerged as a significant cybersecurity threat, actively distributing well-known infostealers and remote access trojans (RATs) since November 2024. The malware has demonstrated remarkable versatility in delivering multiple payload families, including Agent Tesla,…
Category: Cyber Security News
Google Announces New Capabilities for Enabling Defenders and Securing AI Innovation
Google Cloud has unveiled a comprehensive suite of security enhancements at its Security Summit 2025, marking a significant evolution in enterprise AI security frameworks. The technology giant’s latest announcements, delivered by VP and GM Jon Ramsey, focus on two critical…
New PromptFix Attack Tricks AI Browsers to Run Malicious Hidden Prompts
A new attack vector called PromptFix exploits AI-powered browsers by embedding malicious instructions within seemingly innocent web content. The attack represents an evolution of traditional ClickFix scams, specifically designed to manipulate agentic AI systems rather than human users. The research,…
Russian Hackers Exploiting 7-Year-Old Cisco Vulnerability to Collect Configs from Industrial Systems
A Russian state-sponsored cyber espionage group designated as Static Tundra has been actively exploiting a seven-year-old vulnerability in Cisco networking devices to steal configuration data and establish persistent access across critical infrastructure networks. The sophisticated threat actor, linked to Russia’s…
Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data
A critical security vulnerability has been discovered in Apache Tika’s PDF parser module that could enable attackers to access sensitive data and trigger malicious requests to internal systems. The flaw, designated as CVE-2025-54988, affects multiple versions of the widely used…
Ransomware Incidents Targeting Japan Increased by Approximately 1.4 Times
Japan experienced a significant surge in ransomware attacks during the first half of 2025, with incidents increasing by approximately 1.4 times compared to the same period in 2024. According to comprehensive research conducted by cybersecurity analysts, 68 ransomware cases affected…
Critical Apple 0-Day Vulnerability Actively Exploited in the Wild – Update Now
Apple yesterday released emergency security updates for iOS and iPadOS to patch a critical zero-day vulnerability in its core Image I/O framework. The flaw, tracked as CVE-2025-43300, is confirmed to be under active exploitation in highly targeted attacks. The urgent…
Hackers Weaponize Active Directory Federation Services and office.com to Steal Microsoft 365 logins
A novel and highly tricky phishing campaign is actively stealing Microsoft 365 credentials by exploiting Microsoft’s own Active Directory Federation Services (ADFS) to redirect users from legitimate office.com links to malicious login pages. The technique, identified by researchers at the…
SafeLine: A Free Zero Trust Web Application Firewall for 2026
Every type of organization—whether it’s a multinational giant with thousands of employees or a single tech enthusiast running a homelab—needs a web application firewall (WAF). The reason is straightforward: web applications face constant threats from cyber attacks that can exploit…
New Salty 2FA PhaaS Attacking Microsoft 365 Users to Steal Login Credentials
A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed “Salty 2FA” has emerged as a significant threat to Microsoft 365 users across the US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to…
Okta Security Releases Auth0 Event Logs for Proactive Threat Detection
Okta has announced the launch of the Auth0 Customer Detection Catalog, a comprehensive open-source repository designed to enhance proactive threat detection capabilities for Auth0 customers. This strategic release represents a significant advancement in identity and access management security, providing security…
Git 2.51 Released With Performance Optimizations and SHA-256 as Default hash Function
Git 2.51.0 has been officially released after an accelerated 8-week development cycle, introducing significant performance improvements and security enhancements that lay the groundwork for the upcoming Git 3.0 major release. The latest version delivers substantial speed improvements for core Git…
How Businesses Stop Complex Social Engineering Attacks Early – An SOC Team Guide
Attackers have leveled up. Powered by AI and professional-grade toolkits, today’s social engineering scams are nearly impossible to tell apart from the real thing, and automated defenses rarely catch them. That’s the real challenge for security leaders: these threats only…
Threat Actors Allegedly Listed Windows Zero-Day RCE Exploit For Sale on Dark Web
An alleged threat actor has listed a Windows Zero-Day Remote Code Execution (RCE) exploit for sale, claiming it targets fully updated Windows 10, Windows 11, and Windows Server 2022 systems. The posting reported by ThreatMon advertises weaponized exploit code purportedly…
Microsoft Office.com Suffers Major Outage, Investigation Underway
Microsoft’s comprehensive suite of online services, including the central Office.com portal, is currently experiencing a significant and widespread outage, leaving millions of users unable to access essential productivity applications. The company has confirmed the issue and is actively investigating the…
Lenovo AI Chatbot Vulnerability Let Attackers Run Remote Scripts on Corporate Machines
A critical security flaw in Lenovo’s AI chatbot “Lena” has been discovered that allows attackers to execute malicious scripts on corporate machines through simple prompt manipulation. The vulnerability, identified by cybersecurity researchers, exploits Cross-Site Scripting (XSS) weaknesses in the chatbot’s…
Threat Actors Leverage GenAI Platforms to Create Realistic Phishing Content
Cybercriminals are increasingly exploiting generative artificial intelligence platforms to orchestrate sophisticated phishing campaigns that pose unprecedented challenges to traditional security detection mechanisms. The rapid proliferation of GenAI services has created a fertile ecosystem for threat actors who leverage these platforms…
RingReaper Malware Attacking Linux Servers Evading EDR Solutions
A sophisticated new malware strain targeting Linux environments has emerged, demonstrating advanced evasion capabilities that challenge traditional endpoint detection and response systems. RingReaper, identified as a post-exploitation agent, leverages the Linux kernel’s modern asynchronous I/O interface to conduct covert operations…
Microsoft Releases Emergency Updates to Fix Windows Reset and Recovery Error
Microsoft has issued critical out-of-band updates on August 19, 2025, to address a significant issue affecting Windows reset and recovery operations following the deployment of the August 2025 security updates. The emergency patches resolve failures that prevented users from successfully…
Critical Namespace Injection Vulnerability in Kubernetes Capsule Let Attackers Inject Arbitrary Labels
A critical security vulnerability has been identified in Kubernetes Capsule v0.10.3 and earlier versions, allowing authenticated tenant users to inject arbitrary labels into system namespaces and bypass multi-tenant isolation controls. The vulnerability, tracked as GHSA-fcpm-6mxq-m5vv, was disclosed by security researcher…