Category: Cyber Security News

A sophisticated global botnet campaign targeting VOIP-enabled routers and devices configured with default credentials.  The discovery began when analysts noticed an unusual cluster of malicious IP addresses concentrated in rural New Mexico, leading to the identification of approximately 500 compromised…

Read more →

In today’s mobile-first world, companies often struggle to bridge the gap between their websites and mobile apps. This is where web-to-app funnels come into play. These funnels are designed to guide users from a web touchpoint (such as an ad…

Read more →

Microsoft is currently facing an outage that affects the Microsoft 365 Admin Center, preventing administrators from accessing essential management tools. The issue, which emerged prominently on July 24, 2025, has persisted into the following day, marking the second such incident…

Read more →

API monitoring tools ensure the performance, availability, and reliability of application programming interfaces (APIs) that connect different software systems. These tools continuously track and analyze API requests and responses to detect slow response times, errors, and downtime. By providing real-time…

Read more →

Bandwidth monitoring tools are essential for managing and optimizing network performance. These tools help IT administrators track and analyze network traffic, identify potential bottlenecks, and ensure efficient bandwidth utilization. By providing real-time data on network usage, bandwidth monitoring tools enable…

Read more →

A critical security vulnerability has been discovered in Microsoft Copilot Enterprise, allowing unauthorized users to gain root access to its backend container. This vulnerability poses a significant risk, potentially allowing malicious users to manipulate system settings, access sensitive data, and…

Read more →

Two critical vulnerabilities in the VMware Guest Authentication Service (VGAuth) component of VMware Tools allow local attackers to escalate privileges from any user account to SYSTEM-level access on Windows virtual machines.  The vulnerabilities, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware…

Read more →

Researchers identified 13 critical vulnerabilities in Tridium’s widely-deployed Niagara Framework that could allow attackers to compromise building automation systems and collect sensitive network data.  The vulnerabilities, affecting versions 4.10u10 and earlier, as well as 4.14u1 and earlier, enable attackers with…

Read more →

A new wave of cryptojacking attacks is exploiting the humble 404 error page to sneak malicious binaries past defenders Dubbed “Soco404,” the campaign embeds base64-encoded payloads inside seemingly innocuous error screens hosted on Google Sites and compromised Tomcat servers, then…

Read more →

Digital threats are evolving at an ever-increasing rate, and a new breed of cybersecurity companies is emerging into the limelight as a result. These innovative and dynamic teams are addressing a wide range of issues, including cloud-native vulnerabilities and AI-powered…

Read more →

The world is changing so quickly. Just when you thought you had heard it all, something as genius as a temporary email address came out of the fold. Oh, wait, you haven’t heard of this? Well, then you’re in luck…

Read more →

Every second, AWS processes 1.2 billion API calls. Each one triggers a security check. That’s not just impressive it’s the backbone of what might be the world’s largest security operation. While we’re debating whether AI will change cybersecurity, AWS has…

Read more →

Data breaches pose significant threats to digital advertising platforms, jeopardizing user privacy and trust. Implementing robust security measures within display ad servers is crucial to safeguard sensitive information. Transparent practices, encryption, and routine audits are vital to maintaining data integrity…

Read more →

A rapidly evolving campaign is using a Browser-in-the-Browser (BitB) overlay to impersonate Facebook’s login and siphon user credentials. The lure hinges on a deceptive CAPTCHA challenge that seamlessly morphs into a counterfeit Facebook session window, duping victims across desktops and…

Read more →

Following U.S. Treasury sanctions imposed on July 1, 2025, the notorious bulletproof hosting provider Aeza Group has rapidly migrated its infrastructure to a new autonomous system in an apparent attempt to evade enforcement measures.  Cybersecurity researchers at Silent Push detected…

Read more →

Google Forms, praised for friction-free data collection, has become the unlikely staging ground for rapidly spreading crypto-phishing campaign. First detected in late-2024 but surging in Q2 2025, the ploy begins with an unsolicited email containing a legitimate‐looking forms.gle link that…

Read more →

Attackers are weaponizing India’s appetite for mobile banking by circulating counterfeit Android apps that mimic the interfaces and icons of public-sector and private banks. Surfacing in telemetry logs on 3 April 2025, the impostors travel through smishing texts, QR codes…

Read more →

A newly uncovered campaign is exploiting gamers’ enthusiasm for off-beat indie titles to plant credential-stealing malware on machines. Branded installers for nonexistent games such as “Baruda Quest,” “Warstorm Fire,” and “Dire Talon” are pushed through slick YouTube trailers and Discord…

Read more →

A sophisticated espionage campaign dubbed “Fire Ant” demonstrates previously unknown capabilities in compromising VMware virtualization infrastructure.  Since early 2025, this threat actor has systematically targeted VMware ESXi hosts, vCenter servers, and network appliances using hypervisor-level techniques that evade traditional endpoint…

Read more →

A sophisticated Russian-aligned threat actor known as Hive0156 has intensified its cyber espionage campaigns against Ukrainian government and military organizations, deploying the notorious Remcos Remote Access Trojan through carefully crafted social engineering attacks. The group has demonstrated remarkable persistence in…

Read more →