Microsoft is strengthening the security posture of enterprise collaboration by automatically enabling critical messaging safety features in Microsoft Teams. According to a new administrative update, the company will switch several protective settings to “On” by default starting January 12, 2026,…
Category: Cyber Security News
University of Phoenix Data Breach – 3.5 Million+ Individuals Affected
University of Phoenix, one of the largest for-profit educational institutions in the United States, disclosed a significant data breach affecting approximately 3.5 million individuals on December 22, 2025. The breach resulted from an external system compromise via unauthorized access, exposing sensitive…
Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain
Cybercriminals have increasingly weaponized the Income Tax Return (ITR) filing season to orchestrate sophisticated phishing campaigns targeting Indian businesses. By exploiting public anxiety surrounding tax compliance and refund timelines, attackers have crafted high-fidelity lures that mimic official government communications. The…
HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access
HardBit ransomware continues to evolve as a serious threat to organizations worldwide. The latest version, HardBit 4.0, emerged as an upgraded variant of a strain that has been active since 2022, bringing with it more advanced features and enhanced techniques…
PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution
Security researchers have released a Proof-of-Concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, indicating immediate danger to enterprise environments. The vulnerability allows…
New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps
A new version of MacSync Stealer malware is targeting macOS users through digitally signed and notarized applications, marking a major shift in how this threat is delivered. Unlike older versions that required users to paste commands into Terminal, this updated…
Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios
A comprehensive analysis of CVE-2025-50165, a critical Windows vulnerability affecting the Windows Imaging Component (WIC). That could potentially enable remote code execution through specially crafted JPEG files. However, their findings suggest the real-world exploitation risk is significantly lower than initially…
Threat Actors Poses as Korean TV Programs’ Writer to Trick Victims and Install Malware
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors impersonate writers from major Korean broadcasting networks to distribute malicious documents. The operation, tracked as Operation Artemis, represents a notable evolution in social engineering tactics by leveraging trusted media personalities…
Critical n8n Automation Platform Vulnerability Enables RCE Attacks – 103,000+ Instances Exposed
A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9. The vulnerability exists within n8n’s workflow…
New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR
A new tool named GhostLocker has been released, demonstrating a novel technique to neutralize Endpoint Detection and Response (EDR) systems by weaponizing the native Windows AppLocker feature. Developed by security researcher zero2504, the tool highlights a fundamental architectural vulnerability in…
Threat Actors Weaponizing Nezha Monitoring Tool as Remote Access Trojan
Researchers at Ontinue’s Cyber Defense Center have uncovered a significant threat as attackers exploit Nezha, a legitimate open-source server monitoring tool, for post-exploitation access. The discovery reveals how sophisticated threat actors repurpose benign software to gain complete control over compromised…
Malicious Chrome Extensions as VPN Intercept User Traffic to Steal Credentials
Two fake Chrome extensions named “Phantom Shuttle” are deceiving thousands of users by posing as legitimate VPN services while secretly intercepting their web traffic and stealing sensitive login information. These malicious extensions, active since 2017, have been distributed to over…
Spotify Music Library With 86M Music Files Scraped by Hacktivist Group
The shadow library known as Anna’s Archive has executed a massive scrape of Spotify, releasing a torrent collection containing approximately 86 million audio tracks and metadata for 256 million songs. The group, which typically focuses on archiving academic papers and…
Hackers Using ClickFix Technique to Hide Images within the Image Files
Threat actors have evolved their attack strategies by combining the deceptive ClickFix social engineering lure with advanced steganography techniques to conceal malicious payloads within PNG image files. This sophisticated approach, discovered by Huntress analysts, represents a significant shift in how…
CISA Adds Digiever Authorization Vulnerability to KEV List Following Active Exploitation
A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence of active exploitation in the wild. CVE-2023-52163 is a missing authorization vulnerability in Digiever DS-2105…
Malicious NPM Package with 56K Downloads Steals WhatsApp Messages
A dangerous npm package named “lotusbail” has been stealing WhatsApp messages and user data from thousands of developers worldwide. The package, which has been downloaded over 56,000 times, disguises itself as a legitimate WhatsApp Web API library while secretly running…
BlindEagle Hackers Attacking Government Agencies with Powershell Scripts
BlindEagle, a South American threat group, has launched a sophisticated campaign against Colombian government agencies, demonstrating an alarming evolution in attack techniques. In early September 2025, the group targeted a government agency under the Ministry of Commerce, Industry and Tourism…
SideWinder APT Hackers Attacking Indian Entities by Masquerading as the Income Tax Department of India
The campaign is run by the SideWinder advanced persistent threat group and aims to plant a silent Windows backdoor on victim machines. Once active, the malware can steal files, capture data and give remote control to the attacker. Each attack…
Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers
Nissan Motor Corporation has publicly confirmed a significant data breach stemming from unauthorized access to Red Hat servers. Managed by a third-party contractor responsible for developing a customer management system. The incident exposed personal information for approximately 21,000 Nissan Fukuoka…
Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges
Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970. The flaw enables local attackers to escalate privileges on Windows systems running isolated or sandboxed applications, making it a notable concern for enterprise…