Category: Cyber Security News

CISA has issued an urgent alert regarding a zero-day vulnerability in the Android operating system that is being actively exploited in real-world attacks. The vulnerability, identified as CVE-2025-48543, is a high-severity issue that could allow attackers to gain elevated control…

Read more →

Security teams began observing a novel botnet strain slipping beneath the radar of standard Windows Defender defenses in early August 2025. Dubbed NightshadeC2, this malware family leverages both C and Python-based payloads to establish persistent, remote-control access on compromised hosts.…

Read more →

Cybersecurity researchers have identified a sophisticated new command-and-control framework that exploits legitimate Google Calendar APIs to establish covert communication channels between attackers and compromised systems. The MeetC2 framework, discovered in September 2025, represents a concerning evolution in adversarial tactics where…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new high-severity vulnerability in the Linux kernel to its Known Exploited Vulnerabilities (KEV) catalog, signaling that it is being actively exploited in attacks. The warning, issued on September 4,…

Read more →

A previously unseen malware campaign began circulating in early August 2025, through email attachments and web downloads, targeting users in Colombia and beyond. By leveraging two distinct vector-based file formats—Adobe Flash SWF and Scalable Vector Graphics (SVG)—the attackers crafted a…

Read more →

A new technique that allows attackers to read highly sensitive files on Windows systems, bypassing many of the modern security tools designed to prevent such breaches. A report from Workday’s Offensive Security team explains how, by reading data directly from…

Read more →

Cybercriminals are increasingly exploiting the trust organizations place in artificial intelligence platforms to conduct sophisticated phishing attacks, according to a new report from cybersecurity firm Cato Networks. The company’s Managed Detection and Response (MDR) service recently uncovered a campaign where…

Read more →

A recently patched vulnerability in a core Windows driver could allow a local attacker to execute code with the highest system privileges, effectively taking full control of a target machine. The flaw, identified as CVE-2025-53149, is a heap-based buffer overflow…

Read more →

An unprecedented surge in malicious scanning activity targeting Cisco Adaptive Security Appliances (ASAs) occurred in late August 2025, with over 25,000 unique IP addresses participating in coordinated reconnaissance efforts. GreyNoise, a threat intelligence company, observed two distinct scanning waves that…

Read more →

Online chess giant Chess.com has disclosed a data breach that compromised the personal information of 4,541 individuals, according to a filing with the Maine Attorney General’s Office. The cyber incident took place on June 5, 2025 and was discovered nearly two weeks later on June 19,…

Read more →

Tire manufacturing giant Bridgestone Americas has confirmed it is responding to a cyberattack that disrupted operations at some of its manufacturing facilities this week. In a statement, the company asserted that the incident has been contained and that business is…

Read more →

Cybercriminals are deploying increasingly sophisticated methods to bypass security systems, with the latest threat emerging from the advanced Tycoon phishing-as-a-service kit. This malicious platform has introduced novel techniques designed to obscure dangerous links, making them nearly invisible to traditional detection…

Read more →

A sophisticated threat actor known as NoisyBear has emerged as a significant concern for Kazakhstan’s energy sector, employing advanced tactics to infiltrate critical infrastructure through weaponized ZIP files and PowerShell-based attack chains. This newly identified group has been orchestrating targeted…

Read more →

A new cyber-attack, dubbed “Grokking,” is exploiting features on the social media platform X to spread malicious links on a massive scale. Scammers are manipulating the platform’s advertising system and its generative AI, Grok, to bypass security measures and amplify…

Read more →

The United States government has announced a reward of up to $10 million for information leading to the identification or location of three Russian intelligence officers. The bounty, offered through the Department of State’s Rewards for Justice program, targets members…

Read more →

The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, identified as CVE-2025-57833, affects multiple versions of Django,…

Read more →

Educational institutions have become prime targets in the escalating battle against commodity information stealers. First emerging in 2022 as an open-source project on GitHub, Stealerium was initially released “for educational purposes” but rapidly attracted illicit interest. Adversaries adapted and enhanced…

Read more →

Microsoft has officially acknowledged a significant bug in recent Windows security updates that is causing application installation and repair failures across multiple versions of Windows 10, Windows 11, and Windows Server. The issue stems from a security enhancement in the…

Read more →

A significant outage of Google services, including its search engine, Gmail, and YouTube, has affected users across Turkey and several countries in Eastern Europe. The disruption, which began on Thursday morning, also impacted other popular platforms such as Google Maps,…

Read more →

Emerging quietly in mid-2025, the XWorm backdoor has evolved into a deceptively sophisticated threat that preys on both user confidence and system conventions. Initial reports surfaced when organizations noted a sudden uptick in obscure .lnk-based phishing emails masquerading as benign…

Read more →