The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors…
Category: Cyber Security News
Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted…
Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers
Meta announced innovative tools on Tuesday to shield users of Messenger and WhatsApp from scammers. The updates, revealed during Cybersecurity Awareness Month, aim to detect suspicious activity in real-time and empower users with better account protections. This comes as scammers…
Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025
Microsoft has acknowledged a significant authentication problem affecting users of recent Windows versions, stemming from security enhancements in updates released since late August 2025. The company detailed how these updates are triggering Kerberos and NTLM failures on devices sharing identical…
How Threat Intelligence Can Save Money and Resources for Businesses
Cybersecurity is not just about defense; it is about protecting profits. Organizations without modern threat intelligence (TI) face escalating breach costs, wasted resources, and operational inefficiencies that hit the bottom line. Actionable intel can help businesses cut costs, optimize workflows,…
Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’
A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive…
Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data
A sophisticated vulnerability in Microsoft 365 Copilot (M365 Copilot) that allows attackers to steal sensitive tenant data, including recent emails, through indirect prompt injection attacks. The flaw, detailed in a blog post published today by researcher Adam Logue, exploits the…
Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue affects better-auth, a TypeScript authentication framework downloaded around 300,000 times weekly on npm. This…
Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affects versions prior to 3.0.14 and 4.0.2, where administrators can upload malicious Groovy…
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing…
LANSCOPE Endpoint Manager Vulnerability Let Attackers Execute Remote Code
Motex has disclosed a severe remote code execution vulnerability in its LANSCOPE Endpoint Manager On-Premise Edition. Assigned CVE-2025-61932, the flaw carries a CVSS 3.0 score of 9.8, classifying it as an emergency-level threat. This vulnerability could allow attackers to execute…
New LOSTKEYS Malware Linked to Russia State-Sponsored Hacker Group COLDRIVER
Over the summer of 2025, a novel malware family emerged following the public disclosure of the LOSTKEYS implant. This new strain was rapidly weaponized in a series of highly targeted campaigns against policy advisors, non-governmental organizations, and dissidents. Leveraging a…
131 Malicious Extensions Targeting WhatsApp Used Found in Chrome Web Store
Over the past several months, cybersecurity researchers have observed a surge of fraudulent Chrome extensions masquerading as legitimate WhatsApp Web automation tools. These 131 rebranded clones, each presenting as distinct offerings, share an identical codebase designed to automate bulk messaging…
Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely
Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP…
ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration
A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading…
AWS Declares Major Outage Resolved After Nearly 24 Hours of Disruption
Amazon Web Services (AWS), the world’s largest cloud computing provider, has officially marked a widespread outage in its US-EAST-1 region as resolved, following nearly a full day of cascading failures that disrupted services for millions worldwide. The incident, which began…
Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily
A persistent campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with attackers deploying over 30,000 new IP addresses daily to exploit timing-based vulnerabilities. This coordinated effort, linked to a global botnet, has seen unique IPs surge past 500,000 since September…
71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks
The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS. The flaw, tracked as CVE-2025-9242, stems from an out-of-bounds write vulnerability in the IKEv2 implementation, potentially allowing remote attackers to execute arbitrary code…
CISA Warns of Windows SMB Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on October 20, 2025, highlighting a severe vulnerability CVE-2025-33073 in Microsoft’s Windows SMB Client. Dubbed an improper access control flaw, this vulnerability tracked under CVE details yet to be…
Automatic BitLocker Encryption May Silently Lock Away Your Data
A Reddit poster detailed how reinstalling Windows 11 unexpectedly encrypted two of their backup drives with BitLocker, locking away 3TB of irreplaceable data without any prior setup. The incident, shared onReddit, highlights the risks of Microsoft’s automatic encryption feature in…