A new wave of “Scam-Yourself” attacks leveraging AI-generated deepfake videos and malicious scripts is targeting cryptocurrency enthusiasts and financial traders, marking a dangerous evolution in social engineering tactics. Discovered by cybersecurity researchers at Gen Digital, this campaign exploits verified YouTube…
Category: Cyber Security News
Most Popular Passwords Cracked Within a Second
Passwords are the first line of defense for protecting sensitive data, yet millions of users worldwide continue to rely on weak and predictable combinations. A recent study by KnownHost reveals alarming trends in password security. It shows that many commonly…
90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks
A severe security flaw in the Jupiter X Core plugin for WordPress exposed over 90,000 websites to Local File Inclusion (LFI) and Remote Code Execution (RCE) attacks. The vulnerability tracked as CVE-2025-0366 with a CVSS score of 8.8 (High), enables authenticated attackers…
Firefox 135.0.1 Released with Fix for High-Severity Memory Safety Vulnerabilities
Mozilla has released Firefox 135.0.1, a stability and security update addressing a high-severity memory safety vulnerability (CVE-2025-1414) that exposed users to potential remote code execution (RCE) attacks. The patch resolves critical flaws in Firefox 135.0, which could have allowed attackers…
Yahoo Data Leak – Hackers Allegedly Advertised 602,000 Email Accounts
A hacker operating under the alias “exelo” has allegedly advertised a database containing 602,800 Yahoo email accounts on an underground forum. The post claims the dataset is “private and non-Russian. ” The full list costs $100. A free sample of…
Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code
A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters. Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute…
CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers. These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical…
Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses
A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system…
GPT-4o Copilot Trained in Over 30 Popular Programming Languages
Microsoft has unveiled GPT-4o Copilot, a cutting-edge code completion model now available for Visual Studio Code (VS Code) users. Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories spanning more than 30 popular programming languages,…
Russian Government Proposed New Penalties to Combat Cybercrime
The Russian government announced a comprehensive legislative package on February 10, 2025, introducing severe penalties for cybercrimes. The reforms, which amend over 30 existing laws, aim to modernize Russia’s cybersecurity framework by escalating prison terms, expanding asset confiscation protocols, and…
Does AI Detection Remover Really Work? How to Fix Text Like a Pro!
Artificial intelligence (AI) is transforming everything! It influences how we communicate and how we write. Click-click — your text is ready. ChatGPT and other language models are helping people generate content. But, just like every superhero has a weakness, AI-generated…
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the company’s firewall devices. With over 25 malicious IPs targeting…
Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution & Gain System Access
Google has urgently patched two high-severity heap buffer overflow vulnerabilities in its Chrome browser, CVE-2025-0999, and CVE-2025-1426, that could allow attackers to execute arbitrary code and seize control of affected systems. The vulnerabilities, fixed in Chrome 133.0.6943.126/.127 for Windows/Mac and…
CISA Warns of SonicWall SonicOS RCE Vulnerability Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated warnings about a critical zero-day vulnerability in SonicWall’s SonicOS, designating CVE-2024-53704 for immediate remediation in its Known Exploited Vulnerabilities (KEV) catalog. This improper authentication flaw, which enables remote attackers to…
Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques
In a sophisticated cyberattack campaign dubbed “StaryDobry,” threat actors have exploited popular games to distribute malicious software, targeting users worldwide. The campaign, first detected on December 31, 2024, leveraged trojanized versions of games such as BeamNG.drive, Garry’s Mod, and Dyson…
New Research Proposed To Enhance MITRE ATT&CK In Dynamic Cybersecurity Environments
Cybersecurity researchers have proposed groundbreaking enhancements to the MITRE ATT&CK framework, aiming to strengthen its adaptability in dynamic and evolving threat landscapes. As cyber adversaries increasingly exploit emerging technologies like generative AI and industrial control systems (ICS), the need for…
How Cyber Threat Intelligence Helps with Alert Triage
Between threat detection and response, there is a vitally important operation known as alert triage. If not staged properly, it can render the whole SOC’s performance inefficient. This operation is alert triage — assessing and prioritizing security alerts. SIEM tools,…
OpenSSH Client & Server Vulnerabilities Enables MiTM & DoS Attacks
The Qualys Threat Research Unit (TRU) has uncovered two high-severity vulnerabilities in OpenSSH, the widely used suite for secure network communication. Tracked as CVE-2025-26465 and CVE-2025-26466, these flaws enable machine-in-the-middle (MitM) attacks against clients and pre-authentication denial-of-service (DoS) exploits targeting…
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions
The Lumma InfoStealer malware has been observed leveraging weaponized PDF documents to target educational institutions. This sophisticated campaign exploits malicious LNK (shortcut) files disguised as legitimate PDFs, initiating multi-stage infection processes that compromise sensitive data. Educational infrastructures, often less fortified…
4 Million Stolen Credit Cards to Be Released for Free by B1ack’s Stash Marketplace
The cybersecurity community is on high alert as B1ack’s Stash, a known marketplace on the dark web, has announced a massive leak of 4 million stolen credit card details. The Dark Web Informer threat intelligence researchers posted on X state…