A sophisticated malware campaign leveraging SmokeLoader has been identified targeting the First Ukrainian International Bank. Attackers are using weaponized 7z archives as the initial attack vector, leading to the deployment of infostealer malware through a complex infection chain. The attack…
Category: Cyber Security News
Hackers Exploit Default Voicemail Passwords to Hijack Telegram Accounts
A sophisticated attack campaign targeting Telegram users has emerged, with cybercriminals exploiting a commonly overlooked vulnerability: default voicemail passwords. Security experts have identified a surge in account hijacking incidents, particularly in Israel, where attackers leverage voicemail systems to intercept authentication…
1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack
A widespread cryptojacking campaign targeting poorly secured PostgreSQL database servers has impacted over 1,500 victims globally. The attack leverages fileless execution techniques and credential brute-forcing to deploy Monero (XMR)-mining malware while evading traditional cloud workload protection (CWPP) tools. Security analysts…
Verizon Call Filter App Vulnerability Let Attackers Access Call History Logs
A critical security vulnerability in the Verizon Call Filter iOS app exposed the incoming call records of potentially millions of Verizon Wireless customers, allowing unauthorized access to sensitive communication metadata without device compromise or user notification. Independent security researcher Evan…
39M Secret API Keys & Credentials Leaked from GitHub – New Tools to Revamp Security
GitHub has revealed that over 39 million secrets were leaked across its platform in 2024 alone, prompting the company to launch new security tools to combat this persistent threat. The exposed secrets include API keys, credentials, tokens, and other sensitive…
GoResolver – A New Tool to Analyze Golang Malware & Extract Obfuscated Functions
GoResolver, a ground-breaking open-source tool, was unveiled to address one of the most persistent issues in malware analysis: deobfuscating Golang binaries. Developed by Volexity, this innovative solution employs control-flow graph similarity techniques to recover obfuscated function names, significantly enhancing reverse…
Authorities Taken Down Child Abuse Platform “Kidflix” With 2M+ Users
In one of the largest coordinated law enforcement operations against online child exploitation, authorities have dismantled Kidflix, a major streaming platform for child sexual abuse material (CSAM) that had amassed 1.8 million users worldwide. The international operation codenamed “Operation Stream,”…
10 Best Open-Source Blue Team Tools – 2025
Companies evaluate their cybersecurity posture and protect network infrastructure implementations by employing cybersecurity experts to undertake security assessments. The organization may engage penetration testers to conduct offensive attacks against the established security measures for the infrastructure. The company will concurrently…
Sophisticated QR Code Phishing Attack Targeting Microsoft 365 Users to Steal Logins
A new sophisticated phishing campaign leveraging QR codes to steal Microsoft 365 login credentials has emerged in the cybersecurity landscape. This attack represents a significant evolution in phishing tactics, combining social engineering with technical sophistication to bypass traditional email security…
WinRAR “Mark of the Web” Bypass Vulnerability Let Attackers Arbitrary Code
A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has been assigned a CVSS score…
Prince Ransomware – An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub
Cybersecurity experts observed the emergence of a concerning trend in which ransomware attacks leveraging malware created with an open-source tool called “Prince Ransomware.” This Go-language builder was freely available on GitHub, significantly lowering the technical barrier for attackers to launch…
Cisco Smart Licensing Utility Vulnerabilities Let Attackers Gain Admin Access
Two critical vulnerabilities were actively exploited in Cisco Smart Licensing Utility, potentially allowing attackers to gain administrative access to affected systems. Organizations running vulnerable software versions are urged to apply patches immediately as exploitation attempts continue to increase. According to…
Gootloader Malware Attacking Users Via Google Search Ads Using Weaponized Documents
The notorious Gootloader malware has reemerged with evolved tactics, now leveraging Google Search advertisements to target users seeking legal document templates. This sophisticated campaign specifically promotes “free” legal templates, primarily non-disclosure agreements, through sponsored search results that appear legitimate to…
ChatGPT Down For Thousands Of Users Worldwide – Latest Outage Updates
ChatGPT, the popular AI chatbot developed by OpenAI, experienced a significant outage on April 2, 2025. The outage impacted thousands of users globally and left many users unable to access the service. Users in India, the United States, and other…
New Outlaw Linux Malware Leveraging SSH Brute-Forcing & Corn Jobs to Maintain Persistence
Outlaw has emerged as a persistent Linux malware that continues to infect systems worldwide despite its relatively unsophisticated techniques. This malware has demonstrated remarkable longevity in the threat landscape by leveraging simple yet effective tactics such as SSH brute-forcing, strategic…
20,000 WordPress Sites Vulnerable to Arbitrary File Upload and Deletion Attacks
Critical security vulnerabilities discovered in a popular WordPress plugin have placed more than 20,000 websites at risk of complete site takeover. Security researchers identified two high-severity flaws in the WP Ultimate CSV Importer plugin that could allow even low-privileged users…
Apple Fined $162 Million by French Authorities for Mobile App Advertising Dominance
French antitrust regulators have imposed a €150 million ($162.4 million) fine on Apple for abusing its dominant market position through its App Tracking Transparency (ATT) framework, marking the first regulatory penalty specifically targeting this privacy control mechanism. The French Competition…
Google Cloud Platform Privilege Escalation Vulnerability Allows Access to Sensitive Data
A significant security vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to access private container images stored in Google Artifact Registry and Google Container Registry. The vulnerability, dubbed “ImageRunner,” has been fixed but highlights a concerning privilege…
Firefox 137 Released With Fix for Multiple High Severity Vulnerabilities
Mozilla has officially released Firefox 137, addressing multiple high-severity security vulnerabilities that could potentially allow remote attackers to execute arbitrary code, trigger denial of service conditions, or elevate privileges on affected systems. This critical security update, announced on April 1,…
Top Ten Passwords Used by Hackers to Attack the RDP Servers
The most common passwords hackers are using in attacks against Remote Desktop Protocol (RDP) services, highlighting critical vulnerabilities in many organizations’ security postures. The Specops research team analyzed 15 million passwords used in live attacks against RDP ports, revealing that…