Category: Cyber Security News

Zoom has disclosed two critical security vulnerabilities in its Zoom Rooms software for Windows and macOS, which could allow attackers with local access to escalate privileges or expose sensitive information. Tracked as ZSB-25050 and ZSB-25051, these flaws affect versions prior…

Read more →

Google has unveiled the most significant upgrade to Chrome in its history, integrating advanced AI capabilities powered by Gemini to transform how users browse the web. These features are designed to enhance productivity, improve security, and deliver a more intuitive…

Read more →

Microsoft 365 services encountered a snag today, leaving users in the United Kingdom struggling to access Microsoft Copilot or experiencing reduced functionality in key features. The outage, flagged on the official Microsoft 365 Status X account, has raised concerns among businesses…

Read more →

A sophisticated new variant of the Mirai botnet, named “Broadside,” has emerged as an active threat targeting maritime shipping companies and vessel operators. The malware exploits a critical vulnerability in TBK Digital Video Recorder (DVR) devices used for security monitoring…

Read more →

A China-based attack group has launched a targeted campaign against Japanese shipping and transportation companies by exploiting critical vulnerabilities in Ivanti Connect Secure (ICS). The campaign, uncovered in April 2025, leverages two severe vulnerabilities to gain initial access to target…

Read more →

A previously undocumented Linux backdoor named GhostPenguin has been discovered evading detection for over four months. This multi-threaded C++ malware establishes remote shell access and file-system operations via encrypted UDP, making it exceptionally difficult to detect with traditional security tools.…

Read more →

A critical buffer overflow vulnerability affecting D-Link routers has been added to the CISA catalog of Known Exploited Vulnerabilities, indicating active exploitation in the wild. The flaw, tracked as CVE-2022-37055, poses severe risks to organizations and enterprise networks relying on…

Read more →

A new malware campaign using multiple attack stages has been discovered that delivers NetSupport RAT through hidden web-based redirects and obfuscated code. The attack unfolds in three stages, starting with a JavaScript loader injected into compromised websites. This first stage…

Read more →

A sophisticated malware campaign has emerged targeting financial and legal sectors in the Russian Federation, delivering the notorious Cobalt Strike remote access tool to organizations handling sensitive business transactions. Security researchers have identified over twenty initial infection files involved in…

Read more →

Authorities in Warsaw have arrested three suspected hackers found carrying specialized FLIPPER hacking equipment. Other tools are allegedly intended to attack IT and telecommunications systems. The suspects, all Ukrainian citizens aged 43, 42, and 39, were detained during a routine…

Read more →

In many companies, audit preparation in 2025 still feels like 2005: Excel lists, scattered evidence, copy & paste from old answers, long coordination loops. At the same time, requirements are increasing – ISO 27001:2022, SOC 2, NIST CSF, NIS 2,…

Read more →

PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ extension, introducing detection for the critical React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478). This server-side request forgery (SSRF) flaw in React applications allows attackers to execute arbitrary shell…

Read more →

Over 565 internet-exposed Apache Tika Server instances are vulnerable to a critical XML External Entity (XXE) injection flaw. That could enable attackers to steal sensitive data, launch denial-of-service attacks, or conduct server-side request forgery operations. The vulnerability, tracked as CVE-2025-66516,…

Read more →

SAP released 14 new security notes on its monthly Security Patch Day on December 9, 2025, addressing vulnerabilities across key products, including SAP Solution Manager, NetWeaver, Commerce Cloud, and more. Three critical flaws with CVSS scores exceeding 9.0 demand immediate…

Read more →

The Indian government is currently evaluating a controversial proposal from the telecom industry that would mandate smartphone manufacturers to enable “always-on” satellite location tracking. This move has sparked significant opposition from major technology companies, including Apple, Google, and Samsung, who…

Read more →

A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM, like many distributed systems, employs eventual consistency to scale…

Read more →

A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz found an app named “Document Reader – File Manager” by…

Read more →

A sophisticated new phishing kit called GhostFrame has already been used to launch over 1 million attacks. First discovered in September 2025 by Security researchers at Barracuda, this stealthy tool represents a dangerous evolution in phishing-as-a-service technology. What makes GhostFrame…

Read more →

As artificial intelligence systems become more autonomous, their ability to interact with digital tools and data introduces complex new risks. Recognizing this challenge, researchers from NVIDIA and Lakera AI have collaborated on a new paper proposing a unified framework for…

Read more →

QuasarRAT, initially surfacing in 2014 under the alias xRAT, began its lifecycle as a legitimate remote administration tool for Windows environments. Over the last decade, however, its open-source nature and accessibility have facilitated its transformation into a potent instrument for…

Read more →