Category: Cyber Security News

FastNetMon, a prominent provider of DDoS detection solutions, announced this week that it had identified and helped mitigate a record-breaking distributed denial-of-service (DDoS) attack. The assault targeted a major DDoS scrubbing vendor located in Western Europe, pushing packet-forwarding rates to…

Read more →

The U.S. District Court for the Eastern District of New York has unsealed a superseding indictment against a Ukrainian national, charging him with his alleged role as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware operations. The schemes reportedly…

Read more →

Malicious actors have launched a sophisticated malvertising campaign on Facebook that coerces unsuspecting users into installing a fake “Meta Verified” browser extension. Promoted through seemingly legitimate video tutorials, these ads promise to unlock the coveted blue verification tick without paying…

Read more →

Security researchers have recently observed a surge in sophisticated fileless malware campaigns targeting enterprise environments. AsyncRAT, a powerful Remote Access Trojan, leverages legitimate system tools to execute malicious payloads entirely in memory, effectively sidestepping traditional disk-based defenses. Emergence of this…

Read more →

CyberVolk ransomware first emerged in May 2024, rapidly evolving into a sophisticated threat aimed at government agencies and critical infrastructure in countries perceived as hostile to Russian interests. Leveraging a dual-layer symmetric encryption process, this malware has inflicted significant operational…

Read more →

Jaguar Land Rover (JLR) has confirmed that data was stolen during a major cyberattack that has crippled its global operations, bringing vehicle production to a standstill since early September. The luxury carmaker, a subsidiary of India’s Tata Motors, is now…

Read more →

A remote code execution vulnerability has been discovered in the Cursor AI Code Editor, enabling a malicious code repository to run code on a user’s machine upon opening automatically. The research team at Oasis Security uncovered the flaw, which bypasses…

Read more →

A recent incident uncovered how a threat actor inadvertently exposed its entire operational workflow by installing a popular endpoint detection and response (EDR) agent on their own attacking infrastructure. The scenario unfolded when the adversary, while evaluating various security platforms,…

Read more →

A high-quality mobile application penetration testing company is essential for businesses that want to safeguard their digital assets and user data. These specialized firms employ ethical hackers who simulate real-world cyberattacks to identify and exploit vulnerabilities within mobile apps. The…

Read more →

GitLab has released urgent security patches for its Community (CE) and Enterprise (EE) editions, addressing multiple vulnerabilities, including two high-severity flaws that could lead to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) attacks. The company is strongly advising…

Read more →

A security vulnerability has been found in the Google Drive Desktop application for Windows. It allows a logged-in user on a shared machine to access another user’s Drive files completely without needing their credentials. This vulnerability stems from a broken…

Read more →

Microsoft has issued an updated warning for a critical security vulnerability in Active Directory Domain Services, tracked as CVE-2025-21293. This flaw could permit an attacker who has already gained initial access to a system to escalate their privileges, potentially gaining…

Read more →

Sophos has resolved an authentication bypass vulnerability in its AP6 Series Wireless Access Points that could allow attackers to gain administrator-level privileges. The company discovered the issue during internal security testing and has released a firmware update to address it.…

Read more →

HackerOne has confirmed it was among the companies affected by a recent data breach that provided unauthorized access to its Salesforce instance. The access was gained through a compromise of the third-party application Drift, which Salesloft owns. The bug bounty…

Read more →

Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on affected systems. The flaws, tracked as CVE-2025-54910 and CVE-2025-54906, were disclosed on September 9, 2025, and affect various versions of…

Read more →

Microsoft is set to enhance the Windows user experience by integrating new AI-powered capabilities directly into File Explorer. This upcoming feature, named “AI actions in File Explorer,” will allow users to perform tasks like editing images and summarizing documents with…

Read more →

A critical vulnerability CVE-2025-42922 has been discovered in SAP NetWeaver that allows an authenticated, low-privileged attacker to execute arbitrary code and achieve a full system compromise. The flaw resides in the Deploy Web Service upload mechanism, where insufficient access control…

Read more →

Microsoft has addressed two significant elevation of privilege vulnerabilities affecting its Windows BitLocker encryption feature. The flaws, tracked as CVE-2025-54911 and CVE-2025-54912, were disclosed on September 9, 2025, and carry an “Important” severity rating. Both vulnerabilities could allow an authorized…

Read more →

Google has issued an urgent security update for the Chrome browser on Windows, Mac, and Linux, addressing a critical vulnerability that could allow attackers to execute arbitrary code remotely. Users are strongly advised to update their browsers immediately to protect…

Read more →

Workday has confirmed it suffered a data breach after a security incident involving a third-party application that compromised customer information. The breach originated from Salesloft’s Drift application, which connects to Salesforce environments. On August 23, 2025, Workday became aware of…

Read more →