A critical path equivalence vulnerability in Apache Tomcat, designated CVE-2025-24813, has been actively exploited in the wild following the public release of proof-of-concept exploit code. The vulnerability, disclosed on March 10, 2025, enables unauthenticated remote code execution under specific server…
Category: Cyber Security News
Sophisticated Hacker Group TA-ShadowCricket Attacking Government & Enterprise Networks
A sophisticated China-linked threat actor known as TA-ShadowCricket has been conducting stealthy cyber espionage operations against government and enterprise networks across the Asia-Pacific region for over a decade. The group, formerly identified as Shadow Force and initially categorized as Larva-24013…
GNOME RDP Vulnerability Let Attackers Exhaust System Resources & Crash Process
A severe security vulnerability affecting GNOME Remote Desktop has been discovered, allowing unauthenticated attackers to exhaust system resources and crash critical processes. CVE-2025-5024, disclosed on May 21, 2025, poses significant risks to organizations utilizing remote desktop services across Red Hat…
Critical WSO2 SOAP Vulnerability Let Attackers Reset Password for Any User Account
A critical security vulnerability in multiple WSO2 products has been discovered that allows attackers to reset passwords for any user account, potentially leading to complete system compromise. CVE-2024-6914, published on May 22, 2025, represents a severe threat to organizations using…
Linux 6.15 Released with Several New Features & Improvements
Linus Torvalds officially announced the stable release of the Linux kernel 6.15 on May 25, 2025. This release marked a significant milestone in open-source development, with groundbreaking Rust integration, substantial performance improvements, and extensive hardware support expansion. This release introduces…
GitLab Duo Vulnerability Let Attack Inject Malicious link & Steal Source Code
A critical remote prompt injection vulnerability was uncovered in GitLab Duo, the AI-powered coding assistant integrated into GitLab’s DevSecOps platform. The vulnerability, disclosed in February 2025, allowed attackers to manipulate the AI assistant into leaking private source code and injecting…
184 Million Users’ Passwords Exposed From an Open Directory Controlled by Hackers
A massive cybersecurity breach has exposed 184 million login credentials in an unprotected database, marking one of the largest credential exposures discovered in recent years. Cybersecurity researcher Jeremiah Fowler uncovered the non-encrypted database containing 184,162,718 unique usernames and passwords totaling…
.Net Based Chihuahua Infostealer Exploit Google Drive Steals Browser Credentials and Crypto Wallets
A new .NET-based malware, dubbed Chihuahua Infostealer, has emerged as a significant threat to cybersecurity, targeting sensitive browser credentials and cryptocurrency wallet data. Discovered in April 2025, this multi-stage malware employs obfuscated PowerShell scripts and trusted cloud platforms like Google…
Russian Cybercriminal Charged in $24 Million Qakbot Ransomware Scheme
The U.S. Department of Justice unsealed federal charges Thursday against Russian national Rustam Rafailevich Gallyamov, 48, for allegedly orchestrating one of the world’s most sophisticated malware operations that infected over 700,000 computers globally and facilitated devastating ransomware attacks. The Moscow-based…
GenAI Assistant DIANNA Uncovering New Obfuscated Malware
The cybersecurity landscape witnessed a significant milestone this February with the emergence of BypassERWDirectSyscallShellcodeLoader, a sophisticated malware specimen that represents the first documented case of large language model-generated malicious code being analyzed by an artificial intelligence security assistant. This groundbreaking…
Threat Actor Selling Burger King Backup System RCE Vulnerability for $4,000
A cybersecurity threat has emerged targeting one of the world’s largest fast-food chains, as a threat actor known as #LongNight has put up for sale remote code execution (RCE) access to Burger King Spain’s backup infrastructure for $4,000. The vulnerability…
Bypassing Zero-Trust Policies to Exploit Vulnerabilities & Manipulate NHI Secrets
A comprehensive security research demonstration has revealed how attackers can systematically undermine modern zero-trust security frameworks by exploiting a critical DNS vulnerability to disrupt automated secret rotation mechanisms. The research showcases a sophisticated attack chain that begins with crashing DNS…
Hackers Attacking macOS Users With Fake Ledger Apps to Deploy Malware
Cybercriminals are increasingly targeting cryptocurrency users through sophisticated malware campaigns that exploit the trust placed in cold wallet management applications. Since August 2024, threat actors have been distributing malicious clones of Ledger Live, the widely-used application for managing cryptocurrency through…
New Formjacking Malware Attacking E-Commerce Pages to Steal Credit Card Data
Cybersecurity researchers have uncovered a sophisticated new formjacking malware campaign targeting WooCommerce-powered e-commerce websites, representing a significant evolution in credit card skimming attacks. This advanced threat demonstrates unprecedented stealth capabilities, carefully integrating fake payment forms into legitimate checkout processes while…
Researchers Uncovered Infrastructure & TTPs Used by ALCATRAZ Malware
Security researchers have identified a sophisticated malware campaign utilizing the ALCATRAZ obfuscator, an open-source tool originally developed for the game hacking community that has now been weaponized by cybercriminals and advanced persistent threat groups. The malware, dubbed DOUBLELOADER, has been…
How to Respond to Data Breaches – A Comprehensive Guide
In today’s digital world, data breaches have become a persistent threat, impacting organizations of every size and sector. With the average cost of a breach climbing each year and millions of records exposed, the question is no longer if a breach will…
2025 Cybersecurity Trends – Key Threats and Solutions
Artificial intelligence, sophisticated ransomware operations, and evolving geopolitical tensions are dramatically reshaping the cybersecurity landscape in 2025. With over 30,000 vulnerabilities disclosed last year, a 17% increase from previous figures, organizations face unprecedented challenges in securing their digital assets. As…
Threats Actors Using Copyright Phishing Lures to Deliver Rhadamanthys Stealer
A sophisticated phishing campaign leveraging copyright infringement themes has emerged as a primary vector for distributing the dangerous Rhadamanthys information stealer malware across European countries. Since April 2025, threat actors have been exploiting fear-based social engineering tactics, impersonating legal representatives…
Enterprise Security Solutions – Building a Resilient Defense
In today’s hyper-connected world, enterprise security is no longer a technical afterthought but a boardroom priority. As cyberattacks grow in frequency and sophistication, organizations are under increasing pressure to protect sensitive data, maintain regulatory compliance, and ensure business continuity. The…
TAG-110 Hackers Weaponize Word Templates for Targeted Attacks
A sophisticated cyber-espionage campaign has emerged targeting Tajikistan’s government institutions through weaponized Microsoft Word templates, marking a significant tactical evolution by the Russia-aligned threat group TAG-110. The campaign, which unfolded between January and February 2025, represents a departure from the…