Cybersecurity experts have detected a sophisticated campaign targeting energy sector companies, as the threat actor known as Sapphire Werewolf deploys an enhanced version of the Amethyst stealer malware. The campaign represents a significant evolution in the group’s capabilities, featuring advanced…
Category: Cyber Security News
Hackers Exploiting Domain Controller to Deploy Ransomware Using RDP
Microsoft has recently uncovered a sharp rise in ransomware attacks exploiting domain controllers (DCs) through Remote Desktop Protocol (RDP), with the average attack costing organizations $9.36 million in 2024. These sophisticated campaigns aim to cripple enterprises by encrypting critical systems…
Active Directory Attack Kill Chain Checklist & Tools List- 2025
The “Active Directory Kill Chain Attack & Defense” concept is a structured approach to understanding the sequence of events or stages involved in an Active Directory (AD) attack and the corresponding defensive measures to counteract or prevent such attacks. Microsoft…
Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access Using Symbolic Link
Fortinet has uncovered a sophisticated post-exploitation technique used by a threat actor to maintain unauthorized access to FortiGate devices, even after initial vulnerabilities were patched. The discovery, detailed in a recent Fortinet investigation, highlights the persistent risks of unpatched systems…
Google Unveils A2A Protocol That Enable AI Agents Collaborate to Automate Workflows
Google has announced the launch of Agent2Agent Protocol (A2A), a groundbreaking open protocol designed to enable AI agents to communicate with each other, securely exchange information, and coordinate actions across enterprise platforms. Revealed on April 9, 2025, the protocol marks…
Ransomware Attack Prevention Checklist – 2025
Businesses face significant hazards from ransomware attacks, which are capable of causing severe damage in a brief period. Over the past few years, numerous well-known companies, including CNA Financial, JBS Foods, and Colonial Pipeline, have fallen victim to such attacks,…
Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data
Cybercriminals have launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp. The malware, disguised as “NextGen mParivahan,” mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital…
APT32 Hackers Weaponizing GitHub to Attack Cybersecurity Professionals & Enterprises
The APT32 (OceanLotus) has launched a novel campaign weaponizing GitHub repositories to distribute malware to cybersecurity researchers and enterprises. This operation represents a strategic shift from the group’s historical focus on Southeast Asian government and corporate targets, instead exploiting the…
Laboratory Services Cooperative Data Breach – 1.6 Million People Impacted
Laboratory Services Cooperative (LSC), a Seattle-based non-profit organization providing lab testing services to select Planned Parenthood centers, has disclosed a major data security incident affecting approximately 1.6 million individuals. The breach, discovered in October 2024, resulted in unauthorized access to…
CISA Releases 10 ICS Advisories Covering Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten new advisories addressing vulnerabilities in Industrial Control Systems (ICS). These advisories aim to inform stakeholders about critical security issues, exploits, and mitigation strategies for ICS technologies widely deployed across essential…
Calix Pre-Auth RCE on TCP Port 6998 Allow Arbitrary Code Execution as Root User
A severe remote code execution (RCE) vulnerability affects certain Calix networking devices, allowing attackers to gain complete system control without authentication. The flaw impacts legacy devices running vulnerable CWMP (CPE WAN Management Protocol) services on TCP port 6998. The critical…
Sensata Technologies Hacked – Ransomware Attack Disrupts Operations
A sophisticated ransomware attack has struck Sensata Technologies, causing significant operational disruptions across the company’s global network. The industrial technology firm, which develops sensor-rich solutions and electrical protection systems for automotive, aerospace, and industrial applications, confirmed the cybersecurity incident occurred…
WordPress Plugin Vulnerability Exposes Sites to Critical File Inclusion Attacks
A severe security vulnerability has been discovered in the popular InstaWP Connect WordPress plugin, potentially exposing thousands of websites to remote attacks. Security researchers at Wordfence identified and reported the critical flaw (CVE-2025-2636), which allows unauthenticated attackers to execute arbitrary…
Microsoft Enhances Exchange & SharePoint Server Security With New Windows Antimalware Scan
Microsoft has announced a significant security upgrade for Exchange Server and SharePoint Server through integration with the Windows Antimalware Scan Interface (AMSI), providing critical protection for these business-critical systems that are frequent targets for cyberattacks. Exchange Server and SharePoint Server…
Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed
A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting Ivanti Connect Secure, Pulse Connect…
Jenkins Docker Images Vulnerability Let Attackers Insert Themselves in Network Path
A critical security flaw in widely used Jenkins Docker images has been discovered, potentially compromising build pipelines across thousands of organizations. The vulnerability, disclosed in a Jenkins Security Advisory on April 10, 2025, affects SSH host key handling in certain…
AMD CPU Signature Verification Vulnerability Let Attackers Load Malicious Microcode
AMD has disclosed a significant security vulnerability that could allow attackers with administrative privileges to load unauthorized microcode patches into the company’s processors. Identified as CVE-2024-36347 with a CVSS score of 6.4 (Medium), this flaw affects a wide range of…
Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption
A new sophisticated method to bypass Microsoft’s Windows Defender antivirus protection by combining direct syscalls with XOR encryption techniques. The research, published this week, reveals critical vulnerabilities in one of the most widely deployed security solutions that ships with every…
Microsoft Issues Urgent Patch to Resolve Office Update Crashes
Microsoft has issued an emergency patch addressing widespread crashes in Office 2016 applications following a problematic update. The fix, identified as KB5002623 and released on April 10, 2025, resolves critical issues that caused Microsoft Word, Excel, and Outlook to stop…
iOS 18.4 Update Introduces Critical Bug in Dynamic Symbol Resolution
Apple’s latest iOS 18.4 update has introduced a significant bug affecting dynamic symbol resolution on devices supporting Pointer Authentication Code (PAC). This issue, first observed by Fabien Perigaud, a noted reverse-engineering expert, has implications for applications relying on dynamic library…