Category: Cyber Security News

In today’s hyper-connected world, cybersecurity is no longer the sole responsibility of a dedicated security team. As organizations scale and technology becomes increasingly integrated into every aspect of business, the risks and attack surfaces multiply. Yet, security teams are often…

Read more →

Passive DNS has emerged as a critical tool for cybersecurity professionals seeking to identify and track malicious command and control (C2) infrastructure. By creating a historical record of DNS activities, security teams can follow the digital breadcrumbs left by threat…

Read more →

A major security incident has come to light involving more than six million installations of Chrome browser extensions that secretly execute remote commands, track user activity, and potentially expose sensitive information. John Tuckner of secure Annex have identified at least…

Read more →

A sophisticated Android spyware campaign has been uncovered, disguising itself as the official application of the Chinese Prosecutor’s Office (检察院). This advanced variant of the SpyMax/SpyNote family targets Chinese-speaking users across mainland China and Hong Kong, exploiting Android Accessibility Services…

Read more →

On April 16, 2025, millions of users worldwide found themselves unable to access Zoom, the widely used video conferencing platform, due to a critical outage that lasted nearly two hours. The disruption, which began at 11:25 AM PDT and was…

Read more →

A newly discovered vulnerability, CVE-2024-53141, in the Linux kernel’s IP sets framework has exposed a critical security flaw that allows local attackers to escalate privileges and potentially gain root access.  The vulnerability, assigned a CVSS score of 7.8, uncovered by…

Read more →

Memory forensics has become an indispensable component of modern incident response strategies, enabling security teams to detect and analyze sophisticated threats that would otherwise remain hidden. Unlike traditional disk forensics, memory analysis provides insights into running processes, network connections, and…

Read more →

The financial sector faces increasingly sophisticated cyber threats, with system intrusion remaining the leading attack pattern for the third consecutive year. Advanced Persistent Threat (APT) groups specifically target financial institutions using various tools, techniques, and procedures. YARA rules provide a…

Read more →

Web server hardening is a critical security process that reduces an organization’s attack surface and helps defend against ransomware, malware, and other cyberthreats. In today’s threat landscape, web servers are prime targets for attackers as they often serve as the…

Read more →

A federal whistleblower “Daniel Berulis”, A senior DevSecOps architect has allegedly sent a affidavit document of a U.S DOGE significant data breach at the National Labor Relations Board (NLRB), claiming that personnel from the Department of Government Efficiency (DOGE) accessed…

Read more →

A significant evolution in distributed denial-of-service (DDoS) malware has been detected, with the latest version of XorDDoS continuing to spread globally between November 2023 and February 2025. This Linux-targeting trojan transforms compromised machines into “zombie bots” that can be coordinated…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding multiple Apple 0-day vulnerabilities currently being actively exploited in targeted attacks. These critical security flaws affect a wide range of Apple products, including iOS, iPadOS, macOS, and…

Read more →

A critical remote code execution vulnerability in Erlang/OTP’s SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit. The vulnerability, tracked as CVE-2025-32433 and assigned the maximum possible CVSS score of…

Read more →

17,000+ Fortinet devices worldwide have been compromised in a sophisticated cyberattack that leverages a symbolic link persistence technique, according to new findings from Shadowserver. The number of affected devices has climbed from an initial report of 14,000 to 17,000, with…

Read more →

A sophisticated ransomware group known as CrazyHunter has emerged as a significant threat to organizations, particularly those in Taiwan’s critical infrastructure sectors. This newly identified threat actor has been conducting targeted attacks against healthcare facilities, educational institutions, and industrial organizations…

Read more →

Microsoft’s security landscape faced unprecedented challenges in 2024, with vulnerability reports soaring to an all-time high of 1,360 identified security flaws across the company’s product ecosystem. This alarming figure represents the highest number recorded since systematic tracking began, highlighting the…

Read more →

A sophisticated phishing campaign leveraging a multi-layered attack chain dubbed “Cascading Shadows” has been uncovered by the Palo Alto Networks’ Unit 42 researchers in December 2024. This campaign delivers malware families like Agent Tesla, RemcosRAT, and XLoader through a sequence…

Read more →

Ransomware attacks surged dramatically in the first quarter of 2025, with a 126% increase compared to the same period in 2024, according to a newly released global cyber attack report. The consumer goods and services sector emerged as the primary…

Read more →

A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT).  First identified in 2021 during an investigation into the CVE-2021-40449 zero-day vulnerability, MysterySnail RAT had seemingly disappeared from the cyber…

Read more →

In today’s rapidly evolving digital landscape, Chief Information Security Officers (CISOs) face unprecedented challenges as cyber threats grow in sophistication and frequency. The year 2025 has witnessed a significant shift in how organizations approach cybersecurity, with CISOs stepping out of…

Read more →