In a sophisticated cybersecurity attack uncovered this week, Russian threat actors have been observed exploiting multiple cloud service providers to deliver the notorious Lumma Stealer malware. The campaign utilizes legitimate cloud infrastructure—including Oracle Cloud Infrastructure (OCI), Scaleway Object Storage, and…
Category: Cyber Security News
Versa Concerto 0-Day Authentication Bypass Vulnerability Allows Remote Code Execution
Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities. The flaws include authentication bypass vulnerabilities that can be chained to achieve remote code execution and complete system compromise. Despite…
Multiple GitLab Vulnerabilities Let Attackers Trigger DoS Attacks
GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service (DoS) attacks. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps…
UAT-638 Hackers Exploit Cityworks Zero-Day to Attack IIS Servers With VSHell Malware
A sophisticated cyber threat group designated as UAT-6382 has been actively exploiting a critical zero-day vulnerability in Cityworks, a popular asset management system used by local governments across the United States. The vulnerability, tracked as CVE-2025-0994, allows remote code execution…
Cisco Webex Meetings Vulnerability Let Attackers Manipulate HTTP Responses
Cisco disclosed a security vulnerability (CVE-2025-20255) affecting its Webex Meetings service that could allow remote attackers to manipulate cached HTTP responses. The vulnerability, assigned a CVSS score of 4.3 (Medium severity), stems from improper handling of malicious HTTP requests in…
Netwrix Password Manager Vulnerability Allows Authenticated Remote Code Execution
A critical security vulnerability has been discovered in Netwrix Password Secure, an enterprise password management solution, allowing authenticated attackers to execute arbitrary code on victim machines. The vulnerability, identified as CVE-2025-26817, affects all versions of Netwrix Password Secure up to…
Hackers Using Weaponized npm Packages to Attack React, Node.js JavaScript Frameworks
In a troubling development for the JavaScript ecosystem, security researchers have discovered a sophisticated campaign targeting popular frameworks through weaponized npm packages. These malicious packages, which have accumulated over 6,200 downloads, masquerade as legitimate plugins and utilities while secretly containing…
Threat Actors Hosted ZeroCrumb Malware on GitHub That Steals Browser Cookies
Cybersecurity researchers have identified a new infostealer malware called “ZeroCrumb” that was recently distributed through GitHub repositories. This sophisticated malware specifically targets browser cookies from popular browsers including Chrome, Brave, and Edge, enabling attackers to steal sensitive user authentication data…
Linux kernel SMB 0-Day Vulnerability Uncovered Using ChatGPT
A zero-day vulnerability in the Linux kernel was discovered, utilizing OpenAI’s o3 model. This finding, assigned CVE-2025-37899, marks a significant advancement in AI-assisted vulnerability research. The vulnerability, officially confirmed on May 20, 2025, affects the ksmbd component of the Linux…
Hackers Leveraging Trending TikTok Videos to Deliver Vidar & StealC Malware
In a concerning development that highlights the evolving tactics of threat actors, cybercriminals have begun exploiting the popularity of TikTok to distribute sophisticated information-stealing malware. This new campaign specifically delivers Vidar and StealC infostealers by tricking users into executing malicious…
Chrome Vulnerabilities Let Attackers Execute Malicious Code Remotely – Update Now
Google has released an urgent security update for Chrome after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code remotely on users’ systems. The most critical flaw, a “Use after free” vulnerability in the browser’s Compositing system,…
Microsoft Investigates Exchange Online Email Delays Impacting Australian Users
Microsoft is currently investigating an issue affecting Exchange Online, where some users in Australia are experiencing significant delays in sending and receiving emails. The problem, first acknowledged on May 22, 2025, has led to disruptions for businesses and individuals relying…
New Advanced Process Injection Attack Lets Attackers Evade EDR Detection
A novel process injection technique that effectively bypasses leading Endpoint Detection and Response (EDR) solutions by focusing solely on execution primitives, eliminating the need for memory allocation or writing operations that typically trigger security alerts. Dubbed “CONTEXT-Only Attack Surface,” this…
Everest Hacking Group Claims Coca-Cola Data Breach, Exfiltrates 23 Million Records
In a significant cybersecurity incident that could potentially affect millions of consumers, two notorious hacking groups have claimed responsibility for separate breaches of Coca-Cola systems. According to posts on dark web forums, the Everest ransomware group has reportedly compromised internal…
Cisco Identity Services RADIUS Process Vulnerability Let Attackers Trigger DoS Condition
Cisco disclosed a high-severity vulnerability affecting its Identity Services Engine (ISE) that could allow unauthenticated remote attackers to cause a denial of service condition. The vulnerability, identified as CVE-2025-20152, received a CVSS score of 8.6, reflecting its serious potential impact…
Malicious VS Code Extensions Attacking Windows Solidity Developers to Steal Login Credentials
A sophisticated campaign targeting Solidity developers has emerged, utilizing Visual Studio Code’s popularity and extension ecosystem as an attack vector. Threat actors have deployed trojanized extensions that masquerade as developer utilities while secretly exfiltrating cryptocurrency wallet credentials and other sensitive…
New Attack Exploits dMSA in Windows Server 2025 to Compromise Any Active Directory Users
A critical vulnerability in Windows Server 2025 that enables attackers to compromise any user in Active Directory, including highly privileged accounts. Dubbed “BadSuccessor,” this attack exploits a feature called delegated Managed Service Accounts (dMSA) and works by default in environments…
Lumma Stealer Infrastructure With 2,300 Domains That Attacks Millions of Users Worldwide Seized
In a coordinated global operation announced on May 21, 2025, law enforcement and cybersecurity partners have successfully disrupted the infrastructure behind Lumma Stealer, one of the most prolific information-stealing malware operations targeting users worldwide. The Justice Department, in conjunction with…
Hackers Attacking Coinbase Users in a Sophisticated Social Engineering Attack
A massive wave of targeted social engineering attacks has been hitting Coinbase users since early 2025, with scammers exploiting insider access to obtain sensitive customer data. Unlike traditional technical breaches, these attacks leverage psychological manipulation to trick users into voluntarily…
BIND DNS Vulnerability Let Attackers Crash DNS Servers With Malicious Packet
A high-severity vulnerability in the BIND DNS server software was recently disclosed that allows attackers to crash DNS servers by sending just a single malicious packet. The Internet Systems Consortium (ISC) released BIND versions 9.18.37, 9.20.9, and 9.21.8 on May…