The new Opossum attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications. This attack exploits fundamental differences between implicit and opportunistic TLS implementations, affecting critical protocols including HTTP, FTP, POP3, SMTP, LMTP, and NNTP. By leveraging…
Category: Cyber Security News
New Scraper Botnet with 3,600+ Unique Devices Attacking Targets in US and UK
Cybersecurity researchers have uncovered a sophisticated scraper botnet comprising more than 3,600 unique devices that has been systematically targeting systems across the United States and United Kingdom since April 2025. The malware campaign represents a significant escalation in automated web…
Critical Vulnerabilities in Bluetooth Protocol Stack Expose Millions of Devices to Remote Code Execution Attacks
A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry. This sophisticated attack vector enables remote code execution (RCE) on millions of devices across automotive and other…
GitPhish – A New Tool that Automates GitHub Device Code Phishing Attack
GitPhish represents a significant advancement in automated social engineering tools, specifically targeting GitHub’s OAuth 2.0 Device Authorization Grant implementation. This open-source tool streamlines the traditionally complex process of executing device code phishing attacks, addressing critical operational challenges faced by security…
10 Best Secure Network As A Service (NaaS) For MSSP Providers – 2025
The rise of Secure Network as a Service (NaaS) is transforming how Managed Security Service Providers (MSSPs) deliver secure, scalable, and flexible networking solutions to their clients. As organizations shift toward cloud-first strategies and remote work, the demand for robust,…
Best SOC 2 Type 2 Certified Complaint Solutions – 2025
In today’s digital-first business landscape, SOC 2 Type 2 compliance is no longer optional for organizations handling sensitive customer data. As cyber threats escalate and regulatory scrutiny intensifies, demonstrating robust security controls and continuous monitoring is essential for trust, growth,…
ChatGPT Tricked into Disclosing Windows Home, Pro, and Enterprise Editions Keys
A sophisticated jailbreak technique that bypasses ChatGPT’s protective guardrails, tricking the AI into revealing valid Windows product keys through a cleverly disguised guessing game. This breakthrough highlights critical vulnerabilities in current AI content moderation systems and raises concerns about the…
Microsoft Outlook Down: Users Unable to Access Mailboxes
In a significant disruption for millions of users worldwide, Microsoft Outlook has been experiencing a major outage since Wednesday, July 9, 2025, starting at 10:20 PM UTC. The issue has left users unable to access their mailboxes through any connection…
Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials
Rhadamanthys first surfaced in 2022 as a modular stealer sold under the Malware-as-a-Service model, but its latest campaign shows how quickly it is innovating. At the centre of the new wave is a booby-trapped CAPTCHA page dubbed ClickFix, which instructs…
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
A severe security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of potentially 64 million job applicants to unauthorized access. Key Takeaways1. McDonald’s AI hiring bot exposed 64 million job applicants’ personal data through weak security using…
Microsoft Confirms Teams Outage for Users, Investigation Underway – Updated
Microsoft acknowledged a significant outage affecting its popular communication platform, Microsoft Teams, leaving numerous users unable to access critical services. The company has confirmed the issue and is actively investigating the root cause while working to ensure a swift resolution…
Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors
Remote monitoring and management (RMM) tools are a go-to for IT teams, but that same power makes them a favorite trick up attackers’ sleeves, too. In the first half of 2025, ANY.RUN analysts reviewed thousands of real-world malware detonations in…
Reflectiz Now Available on the Datadog Marketplace
Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with…
Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data
A sophisticated cyberattack orchestrated by Chinese state-sponsored hackers has exposed vulnerabilities in the global cybersecurity infrastructure, targeting critical COVID-19 research from American universities and exploiting Microsoft Exchange servers worldwide. The Justice Department announced the arrest of a key figure in…
Microsoft 365 PDF Export LFI Vulnerability Allows Access to Sensitive Server Data
A critical Local File Inclusion (LFI) vulnerability was recently discovered in Microsoft 365’s Export to PDF functionality, potentially allowing attackers to access sensitive server-side data, including configuration files, database credentials, and application source code. The vulnerability, reported by security researcher…
Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions – Update Now
Splunk has released critical security updates addressing multiple vulnerabilities in third-party packages in SOAR versions 6.4.0 and 6.4. Published on July 7, 2025, this comprehensive security update remediates various Common Vulnerabilities and Exposures (CVEs) ranging from medium to critical severity…
VS Code Extension Weaponized With Two Lines of Code Leads to Supply Chain Attack
A sophisticated supply chain attack has compromised ETHcode, a popular Visual Studio Code extension for Ethereum development, through a malicious GitHub pull request that required just two lines of code to weaponize the trusted software. The attack, discovered by ReversingLabs…
Microsoft Patches Wormable RCE Vulnerability in Windows and Windows Server
Microsoft has released critical security updates to address CVE-2025-47981, a severe heap-based buffer overflow vulnerability in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism that affects multiple Windows and Windows Server versions. This vulnerability carries a CVSS score of 9.8 out…
Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now
Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher. Published on July 7, 2025, these updates remediate high-severity vulnerabilities in essential components, including setuptools,…
FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code
A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests. This vulnerability, classified as CWE-89 (Improper Neutralization of Special Elements used in…