Category: Cyber Security News

In 2025, Android users will face an increasingly sophisticated malware landscape, with evolving threats that leverage artificial intelligence, advanced evasion techniques, and new attack vectors. Despite efforts to bolster security, research indicates that malware continues to pose significant risks to…

Read more →

Serviceaide, Inc. announced a significant data security breach affecting approximately 480,000 Catholic Health patients.  The incident, which occurred due to an improperly secured Elasticsearch database, exposed sensitive patient information for nearly seven weeks between September and November 2024.  Though no…

Read more →

When it comes to cyber threats, data alone isn’t enough. Security Operations Center (SOC) teams are flooded with indicators of compromise (IOCs), but without context, these signals often fall short of driving meaningful action.   Data only makes a difference when…

Read more →

CISA has recently expanded its Known Exploited Vulnerabilities (KEV) Catalog to include a significant security flaw affecting the MDaemon Email Server, tracked as CVE-2024-11182.  This vulnerability, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation, commonly known as…

Read more →

Broadcom’s VMware division has disclosed critical security vulnerabilities in its virtualization products, including a high-severity flaw that could allow authenticated users to execute arbitrary commands on affected systems. Today’s security advisory addresses four distinct vulnerabilities affecting multiple VMware products with…

Read more →

In an age where smartphones contain our most sensitive information, phishing attacks targeting iPhone users have surged dramatically. According to recent reports, phishing messages have increased by 202% in the second half of 2024, with credential-based phishing attacks skyrocketing by…

Read more →

Microsoft is introducing artificial intelligence capabilities directly into Windows 11’s File Explorer, allowing users to manipulate files without opening dedicated applications.  Announced in Windows 11 Insider Preview Build 26200.5603 (KB5058488) released to the Dev Channel on May 19, 2025, this…

Read more →

A critical security vulnerability discovered in the popular Motors WordPress theme has exposed approximately 22,000 websites to significant risk.  Security researchers have identified a privilege escalation vulnerability that allows unauthenticated attackers to take over administrative accounts, potentially compromising the entire…

Read more →

A sophisticated employment scam network linked to the Democratic People’s Republic of Korea (DPRK) has been identified targeting remote technology positions in Western companies. These threat actors are posing as Polish and US nationals to secure employment in engineering and…

Read more →

The phishing attack landscape continues to evolve in 2025, with cybercriminals using more sophisticated techniques to bypass security measures, emphasizing the need for phishing attack prevention. Phishing remains one of the most prevalent and damaging cyber threats facing organizations worldwide.…

Read more →

Adidas Korea has announced a security breach affecting customer data, marking the second major incident in the fashion industry targeting Korean consumers this month. The sportswear giant revealed that unauthorized access was gained through a third-party customer service provider, compromising…

Read more →

A sophisticated malware campaign leveraging search engine optimization (SEO) poisoning on Microsoft Bing has emerged, delivering the notorious Bumblebee malware to unsuspecting users. The campaign, identified in May 2025, specifically targets users searching for specialized software tools, demonstrating a concerning…

Read more →

The Tor Project has announced the release of Tor Browser 14.5.2, available since May 18, 2025. This latest version delivers important security updates to Firefox and addresses several bugs, continuing the organization’s commitment to providing robust privacy protection for users…

Read more →

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting Koishi chatbot users through a malicious npm package. The package, identified as “koishi-plugin-pinhaofa,” appears innocuous but contains a hidden data exfiltration mechanism that monitors all messages processed by the chatbot.…

Read more →

A severe privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation has allowed any caller to track the physical location of O2 customers without their knowledge or consent.  The flaw leaked detailed location metadata and device identifiers during normal…

Read more →

Major telecommunications networks across Spain have gone down early on Tuesday, May 20, 2025, following a network update by Spanish telecommunications giant Telefónica. The outage has affected fixed-line infrastructure and mobile services nationwide, with particularly severe disruptions reported in Madrid,…

Read more →

While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these…

Read more →

Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after…

Read more →

A sophisticated phishing campaign linked to Tycoon2FA is actively targeting Microsoft 365 users by employing an unusual URL manipulation technique. The attack leverages malformed URL prefixes with backslash characters (https:\$$ instead of the standard forward slashes (https://) to bypass security…

Read more →

A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its…

Read more →