CISA has issued an urgent security Alert in response to a large-scale software supply chain attack on npmjs.com, the world’s largest JavaScript package registry. A self-replicating worm, dubbed Shai-Hulud, has infiltrated more than 500 npm packages and injected malicious code…
Category: Cyber Security News
Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2
Threat actors are leveraging the legacy Windows error‐reporting utility WerFaultSecure.exe to extract the memory region of the Local Security Authority Subsystem Service (LSASS.EXE) and harvest cached credentials from fully patched Windows 11 24H2 systems. After gaining initial access to a…
CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity zero-day vulnerability in Google Chrome that is being actively exploited in attacks. The vulnerability, tracked as CVE-2025-10585, has been added to CISA’s Known Exploited Vulnerabilities…
CISA Details That Hackers Gained Access to a U.S. Federal Agency Network Via GeoServer RCE Vulnerability
CISA has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S. federal civilian executive branch agency’s network by exploiting CVE-2024-36401, a critical remote code execution vulnerability in GeoServer. The incident, which remained undetected for three weeks,…
Kali Linux 2025.3 Released With New Features and 10 New Hacking Tools
Kali team has released Kali Linux 2025.3, the third major update of the year for the popular penetration testing and ethical hacking distribution. This release introduces 10 new tools, brings significant updates to its mobile platform, Kali NetHunter, and enhances…
Chrome High-severity Vulnerabilities Let Attackers Access Sensitive Data and Crash System
Google has issued an urgent security update for its Chrome web browser to address three high-severity vulnerabilities that could allow attackers to access sensitive information or cause the system to crash. The company is advising users to update their browsers…
Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access
Cybersecurity professionals are facing an unprecedented acceleration in threat actor capabilities as the average breakout time—the period from initial access to lateral movement—has plummeted to a mere 18 minutes during the June-August 2025 reporting period. This alarming statistic represents a…
Zloader Malware Repurposed to Act as Entry Point Into Corporate Environments to Deploy Ransomware
Zloader, a sophisticated Zeus-based modular trojan that first emerged in 2015, has undergone a significant transformation from its original banking-focused operations to become a dangerous entry point for ransomware attacks in corporate environments. Originally designed to facilitate financial fraud, this…
New Malware in npm Package Steals Browser Passwords Using Steganographic QR Code
A sophisticated malware campaign has emerged in the npm ecosystem, utilizing an innovative steganographic technique to conceal malicious code within QR codes. The malicious package, identified as “fezbox,” presents itself as a legitimate JavaScript/TypeScript utility library while secretly executing password-stealing…
Beware of Fake Online Speedtest Application With Obfuscated JS Codes
A sophisticated malware campaign has emerged that leverages fake online speed test applications to deploy obfuscated JavaScript payloads on Windows systems. These malicious utilities masquerade as legitimate network speed testing tools, manual readers, PDF utilities, and various search frontends to…
Hackers Weaponizing SVG Files to Stealthily Deliver Malicious Payloads
Cybercriminals have embraced a new deceptive technique that transforms seemingly harmless vector graphics into dangerous malware delivery systems. A recent campaign targeting Latin America demonstrates how attackers are exploiting oversized SVG files containing embedded malicious payloads to distribute AsyncRAT, a…
Nimbus Manticore Attacking Defense and Telecom Sectors With New Malware
The Iranian threat actor known as Nimbus Manticore has intensified its campaign targeting defense manufacturing, telecommunications, and aviation sectors across Western Europe with sophisticated new malware variants. This mature advanced persistent threat group, also tracked as UNC1549 and Smoke Sandstorm,…
U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Disabling Cell Phone Towers
The U.S. Secret Service has dismantled a massive, sophisticated network of electronic devices in the New York tristate area, thwarting what it described as an “imminent threat” to senior U.S. government officials and the agency’s protective operations. The operation led…
Threat Actors with Fake Job Lures Attacking Job Seekers to Deploy Advanced Malware
In recent months, a sophisticated campaign has emerged in which state-linked threat actors are leveraging fake job offers to ensnare unsuspecting job seekers and deliver advanced malware. These attackers craft convincing phishing emails that direct victims to look-alike career portals,…
SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices
SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and remove known rootkit malware. The advisory, SNWLID-2025-0015, published on September 22, 2025, strongly recommends that all users of SMA…
Tata-Owned Jaguar Land Rover Delays Factory Reopening Following Major Cyber Attack
Jaguar Land Rover (JLR), the United Kingdom’s largest automotive manufacturer, has announced an additional delay in resuming production at its factories following a significant cyber-attack that occurred earlier this month. The company has extended its current production pause until Wednesday,…
Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content
A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known as search engine optimization (SEO) poisoning. Palo Alto Networks uncovered the operation in March 2025,…
EV Charging Provider Confirm Data Breach – Customers Personal Data Exposed
Digital Charging Solutions GmbH (DCS), a leading provider of white-label charging services for automotive OEMs and fleet operators, has confirmed a data breach affecting a limited number of its customers. DCS disclosed that unauthorized access to personal data occurred in…
GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and Trusted Publishing
Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the npm ecosystem. “GitHub Enhances npm’s security with strict authentication, granular tokens, and trusted publishing” marks…
Hackers Abusing GitHub Notifications to Deliver Phishing Emails
In recent weeks, security researchers have uncovered an elaborate phishing campaign that leverages legitimate GitHub notification mechanisms to deliver malicious content. Victims receive seemingly authentic repository alerts, complete with real-looking commit messages and collaborator updates. Upon closer inspection, the notification…