A critical unauthenticated remote code execution vulnerability discovered in n8n, the popular workflow automation platform, exposes an estimated 100,000 servers globally to complete takeover. Tracked as CVE-2026-21858 with a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to…
Category: Cyber Security News
Hackers Exploiting VMware ESXi Instances in the Wild Using zero-day Exploit Toolkit
Hackers are exploiting VMware ESXi instances in the wild with a zero-day exploit toolkit that chains multiple vulnerabilities for VM escapes. Cybersecurity firm Huntress disrupted one such attack, attributing initial access to a compromised SonicWall VPN. Threat actors gained a…
Hackers Using Malicious Imageless QR Codes to Render Phishing Attack Via HTML Table
A recent phishing campaign is abusing QR codes in a new way, turning simple HTML tables into working codes that redirect users to malicious sites. Instead of embedding a QR image in the email body, the attackers build the code…
Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns Delivering Multiple Malware Families
A sophisticated Windows packer known as pkr_mtsi has emerged as a powerful tool for delivering multiple malware families through widespread malvertising campaigns. First detected on April 24, 2025, this malicious packer continues to operate actively, distributing trojanized installers disguised as…
From Tycoon2FA to Lazarus Group – Inside ANY.RUN’s Biggest Discoveries of 2025
ANY.RUN, the interactive malware analysis platform, has wrapped up 2025 with impressive growth figures and significant contributions to the cybersecurity community. The company’s annual report reveals how its global user base collectively spent over 400,000 hours analyzing threats—equivalent to more…
GoBruteforcer Botnet brute-forces Passwords for FTP, MySQL, and phpMyAdmin on Linux Servers
A sophisticated Go-based botnet dubbed GoBruteforcer is aggressively targeting Linux servers worldwide, brute-forcing weak passwords on internet-exposed services including FTP, MySQL, PostgreSQL, and phpMyAdmin. Check Point Research recently documented a new 2025 variant of the malware that demonstrates significant technical…
CrazyHunter Ransomware Attacking Healthcare Sector with Advanced Evasion Techniques
CrazyHunter ransomware has emerged as a critical and evolving threat that specifically targets healthcare organizations and sensitive medical infrastructure. This Go-developed malware represents a significant escalation in ransomware sophistication, employing advanced encryption methods and delivery mechanisms designed to bypass modern…
ownCloud Urges Users to Enable Multi-Factor Authentication Following Credential Theft
ownCloud has urgently urged users of its Community Edition to enable multi-factor authentication (MFA). Threat intelligence report from Hudson Rock highlighted incidents where attackers compromised self-hosted file-sharing platforms, including some ownCloud deployments, but ownCloud stresses that its platform itself remains…
PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352
A proof-of-concept (PoC) exploit for CVE-2025-38352, a critical race condition vulnerability in the Linux kernel, has been publicly released on GitHub. The vulnerability, discovered earlier this year, targets the POSIX CPU timers implementation and was previously exploited in limited, targeted…
Threat Actors Leversges Google Cloud Services to Steal Microsoft 365 Logins
A sophisticated new phishing campaign has emerged, leveraging the trusted infrastructure of Google Cloud services to bypass security filters and steal sensitive Microsoft 365 login credentials. By abusing legitimate workflow automation tools, threat actors are crafting convincing attacks that blend…
Chinese Hackers Deploy NFC-enabled Android Malware to Steal Payment Data
Chinese threat actors have launched a sophisticated campaign using NFC-enabled Android malware called Ghost Tap to intercept and steal financial information from victims worldwide. The malware operates through a deceptive distribution model, where attackers trick users into downloading seemingly legitimate…
Researchers Manipulate Stolen Data to Corrupt AI Models and Generate Inaccurate Outputs
Researchers from the Chinese Academy of Sciences and Nanyang Technological University have introduced AURA, a novel framework to safeguard proprietary knowledge graphs in GraphRAG systems against theft and private exploitation. Published on arXiv just a week ago, the paper highlights…
LockBit 5.0 Emerges with New Sophisticated Encryption and Anti-Analysis Tactics
LockBit 5.0 has surfaced as the latest iteration of one of the world’s most active ransomware-as-a-service operations, continuing a legacy of sophisticated attacks since the group’s emergence in September 2019. This new version represents a significant evolution in the threat…
TOTOLINK EX200 Extender Vulnerability Allow Attacker to Gain Full System Access
A severe vulnerability in the TOTOLINK EX200 Wi-Fi extender could allow attackers to gain full system access via an unauthenticated telnet root service, researchers warned. The flaw, tracked as CVE-2025-65606 and assigned CERT Vulnerability Note VU#295169, affects the firmware upload error-handling logic…
ToddyCat Malware Compromises Microsoft Exchange Servers using ProxyLogon Vulnerability
ToddyCat, a sophisticated cyber espionage group, has emerged as a persistent threat targeting high-profile organizations across multiple continents. The group began operations in December 2020 by compromising Microsoft Exchange servers in Taiwan and Vietnam using an unidentified vulnerability. However, their…
Microsoft to Cancel Plans Imposing Daily Limit For Exchange Online Bulk E-mails
Microsoft has announced the indefinite cancellation of its Mailbox External Recipient Rate Limit in Exchange Online, reversing a previously planned restriction on bulk email sending. The decision comes after significant customer feedback highlighting operational disruptions caused by the proposed limitation.…
Hackers Exploited Routing Scenarios and Misconfigurtions to Effectively Spoof Organizations
Phishing actors are exploiting complex routing scenarios and misconfigured security protections to send fake emails that appear to come from within organizations. These emails look like they were sent internally, making them harder to detect. Threat actors have used this…
D-Link Router Command Injection Vulnerability Actively Exploited in the Wild
D-Link has confirmed unauthenticated command injection vulnerabilities affecting multiple router models deployed internationally. Active exploitation campaigns using DNS hijacking have been documented since late 2016, with threat actors continuing malicious activities through 2019 and beyond. Multiple D-Link router models remain…
Black Cat Hacker Group with Fake Notepad++ Sites to Install Malware and Steal Data
The notorious Black Cat cybercriminal group has aggressively resurfaced with a sophisticated malware campaign utilizing advanced search engine optimization techniques to distribute counterfeit versions of popular open-source software. By manipulating search engine algorithms, the gang successfully positions meticulously crafted phishing…
Chinese Hackers Actively Attacking Taiwan Critical Infrastructure
China’s cyber army has intensified attacks against Taiwan’s critical infrastructure in 2025, marking a significant escalation in digital warfare tactics. Taiwan’s national intelligence community documented a troubling trend: approximately 2.63 million intrusion attempts per day targeted critical systems across nine…