Over the weekend, a sophisticated ransomware attack compromised Collins Aerospace’s Muse check-in and boarding systems, forcing key hubs including Heathrow, Brussels, and Berlin to return to manual processes. Airlines reported hundreds of delayed and cancelled flights as security teams raced…
Category: Cyber Security News
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security…
22.2 Tbps DDoS Attack Breaks Internet With New World Record
Cloudflare announced it had autonomously mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for…
Top 10 Best Supply Chain Risk Management Solutions in 2025
In today’s rapidly evolving global market, supply chain risk management has become more crucial than ever before. Organizations face risks like geopolitical issues, market unpredictability, compliance challenges, supplier failures, and even cyber threats. To maintain resilience, companies must adopt robust…
Threat Actors Leverage Oracle Database Scheduler to Gain Access to Corporate Environments
In recent weeks, security researchers have observed a surge in attacks exploiting Oracle Database Scheduler’s External Jobs feature to gain a foothold in corporate environments. This technique abuses the scheduler’s ability to execute arbitrary commands on Windows-based database servers, allowing…
BlockBlasters Steam Game Downloads Malware to Computer Disguised as Patch
A seemingly innocent patch update for the popular 2D platformer game BlockBlasters has transformed into a sophisticated malware campaign, exposing hundreds of Steam users to data theft and system compromise. The malicious patch, deployed on August 30, 2025, demonstrates how…
Lucid PhaaS With 17,500 Phishing Domains Mimics 316 Brands From 74 Countries
The cybersecurity landscape faces a growing threat from sophisticated Phishing-as-a-Service (PhaaS) platforms that are democratizing cybercrime by lowering technical barriers for fraudsters worldwide. Among these emerging threats, the Lucid PhaaS platform has established itself as a formidable force in the…
Microsoft, SentinelOne, and Palo Alto Networks Withdraw from 2026 MITRE ATT&CK Evaluations
Three of the cybersecurity industry’s most prominent vendors, Microsoft, SentinelOne, and Palo Alto Networks, have announced they will not participate in the 2026 MITRE ATT&CK Evaluations. The coordinated withdrawal marks a significant shift in how leading security companies approach independent product validation,…
Kawa4096 Ransomware Attacking Multinational Organizations to Exfiltrate Sensitive Data
A sophisticated new ransomware group has emerged from the shadows, targeting multinational organizations across diverse sectors with precision and systematic approach. Kawa4096, first detected in June 2025, has rapidly established itself as a formidable threat to enterprises spanning finance, education,…
Subtle Snail Mimic as HR Representatives to Engage Employees and Steal Login Credentials
A sophisticated Iran-nexus espionage group known as Subtle Snail has emerged as a significant threat to European telecommunications, aerospace, and defense organizations through an elaborate recruitment-themed social engineering campaign. The group, also identified as UNC1549 and linked to the broader…
New Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evade Detection
Attackers increasingly exploit Microsoft Exchange inbox rules to maintain persistence and exfiltrate data within enterprise environments. A newly released tool, Inboxfuscation, leverages Unicode-based obfuscation to craft malicious inbox rules that slip past conventional security controls. Developed by Permiso, the Inboxfuscation…
Stellantis, the Maker of Citroën, FIAT, Jeep, and Other Cars, Confirms Data Breach
Automotive giant Stellantis, the parent company of major brands including Citroën, FIAT, Jeep, Chrysler, and Peugeot, has confirmed a data breach affecting its customers in North America. The company announced on Sunday that it detected unauthorized access to the platform…
Top 10 Best Autonomous Endpoint Management Tools in 2025
In 2025, organizations demand robust, intelligent solutions to manage, secure, and optimize their growing endpoint fleets. With cyber threats escalating and workforces becoming more distributed, the need for autonomous endpoint management tools has never been greater. These platforms automate device…
Windows 11 24H2 Update KB5064081 Breaks Video Content Playback
A recent optional update for Windows 11 version 24H2 is causing significant video playback issues for users with certain media applications. Microsoft has confirmed that the update, released in late August, can prevent protected content from playing correctly on Blu-Ray,…
Canada Police Dismantles TradeOgre Platform That Stolen 56 Million Dollars in Cryptocurrency
Canada’s law enforcement community has achieved a landmark victory in the fight against illicit finance with the dismantling of TradeOgre, a Tor-based cryptocurrency exchange that facilitated the theft and laundering of over 56 million dollars in digital assets. Emerging in…
Chrome Type Confusion 0-Day Vulnerability Code Analysis Released
Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated CVE-2025-10585, marking the sixth actively exploited Chrome zero-day discovered in 2025. This high-severity flaw, with an estimated CVSS 3.1 score of 8.8, enables remote…
Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages
Industrial automation systems have become the latest battleground for sophisticated cybercriminals who are deploying cleverly crafted malicious scripts and phishing pages to compromise ICS computers. Over the first half of 2025, attackers have increasingly shifted to web-based attack vectors, exploiting…
Threat Actors Impersonate FBI IC3 Website to Steal The Visitors’ Personal Information
A sophisticated spoofing campaign has emerged targeting the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3). Beginning in mid-September 2025, victims attempting to access IC3’s official portal were redirected to fraudulent domains crafted to mirror the legitimate site. The…
Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack
A sophisticated attack technique called LNK Stomping has emerged as a critical threat to Windows security, exploiting a fundamental flaw in how the operating system handles shortcut files to bypass security controls. Designated as CVE-2024-38217 and patched on September 10,…
New Botnet Leverages DNS Misconfiguration to Launch Massive Cyber Attack
A previously unseen botnet campaign emerged in late November, using a novel combination of DNS misconfiguration and hijacked networking devices to propel a global malspam operation. Initial reports surfaced when dozens of organizations received what appeared to be legitimate freight…