In 2025, digital transactions are at an all-time high, but so are the risks of fraud. Businesses in banking, e-commerce, fintech, and even social networks are facing increasing pressure to secure their platforms against identity theft, payment fraud, and cybersecurity…
Category: Cyber Security News
New Android Spyware Attacking Android Users Mimic as Signal and ToTok Apps
In recent months, security teams have observed a surge in Android spyware campaigns that prey on privacy-conscious users by masquerading as trusted messaging apps. These malicious payloads exploit users’ trust in Signal and ToTok, delivering trojanized applications that request extensive…
How Fileless Malware Differs From Traditional Malware Attacks
The cybersecurity landscape has witnessed a dramatic evolution in attack methodologies, with fileless malware emerging as one of the most sophisticated and dangerous threats facing organizations today. Unlike traditional malware that relies on executable files stored on disk, fileless attacks…
Chinese Hackers Compromising High-Value IIS Servers to Manipulate Search Rankings
The Chinese-speaking cybercrime group UAT-8099 has been stealthily breaching valuable Internet Information Services (IIS) servers in India, Thailand, Vietnam, Canada, and Brazil to carry out extensive search engine optimization (SEO) fraud. This campaign, which began surfacing in early 2025, leverages…
DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently.…
TOTOLINK X6000R Router Vulnerabilities Let Remote Attackers Execute Arbitrary Commands
Critical security flaws have been discovered in the TOTOLINK X6000R wireless router, exposing users to severe risks of remote code execution and unauthorized system access. These vulnerabilities affect the router’s web interface and various administrative functions, creating multiple attack vectors…
Threat Actors Mimic Popular Brands to Deceive Users and Deploy Malware in New Wave of Attacks
Cybercriminals have launched a sophisticated campaign that leverages brand impersonation techniques to distribute malware through deceptive SMS phishing (smishing) attacks. This emerging threat demonstrates an evolution in social engineering tactics, where attackers strategically craft URLs containing trusted brand names to…
Top 10 Best Account Takeover Protection Tools in 2025
Account Takeover (ATO) attacks have become one of the most pressing security concerns for businesses in 2025. With the rise of credential stuffing, phishing, brute force attacks, and bot-driven fraud, organizations must reinforce their digital defenses. Account takeover can lead…
New ‘Point-and-Click’ Phishing Kit Bypasses User Awareness and Security Filters to Deliver Malicious Payloads
A novel phishing kit has surfaced that enables threat actors to craft sophisticated lures with minimal technical expertise. This “point-and-click” toolkit combines an intuitive web interface with powerful payload delivery mechanisms. Attackers can select from preconfigured templates, customize branding elements,…
Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware
Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the…
SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials
APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as…
Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing Threats
Signal has announced a groundbreaking advancement in secure messaging with the introduction of the Sparse Post Quantum Ratchet (SPQR), a revolutionary cryptographic enhancement designed to protect against future quantum computing threats. This latest security upgrade represents a significant milestone in…
Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware
The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor…
HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers
HackerOne, a leading platform in offensive security, announced it has paid out a total of $81 million in bug bounties to its global community of white-hat hackers over the past year. This figure, detailed in the company’s 9th annual Hacker-Powered…
Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data
Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it.…
Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails
Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns. The company’s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in…
Red Hat Confirms Data Breach After Hackers Claim to Steal 570GB of Private GitHub Repositories
Red Hat, the world’s leading enterprise open-source software provider, has officially confirmed a significant security incident involving unauthorized access to its internal GitLab instance used by the Red Hat Consulting team. This confirmation comes after the threat actor group known…
Microsoft Defender for Endpoint Bug Triggers Numerous False BIOS Alerts
Microsoft Defender for Endpoint is currently experiencing a bug that generates false positive alerts concerning out-of-date Basic Input/Output System (BIOS) versions, primarily affecting Dell devices. The issue, tracked by Microsoft under the reference ID DZ1163521, is causing security teams to…
Top 10 Best Brand Protection Solutions for Enterprises in 2025
Brand protection solutions are essential for enterprises in 2025 as digital commerce continues to grow and online threats evolve more rapidly than ever. With the surge in counterfeit products, trademark infringements, phishing attacks, and reputation risks, enterprises must safeguard their…
Microsoft to Launch New Secure Default Settings for Exchange and Teams APIs
Microsoft is updating its security policies to require administrator consent for new third-party applications seeking access to Exchange and Teams content. These “Secure by Default” changes, set to roll out from late October to late November 2025, aim to enhance…