In June 2025, a previously undocumented campaign leveraging end-of-support software began surfacing in telemetry data gathered across Eastern Asia. Dubbed TAOTH, the operation exploits an abandoned Chinese input method editor (IME), Sogou Zhuyin, to deliver multiple malware families. Initial intelligence…
Category: Cyber Security News
AppSuite PDF Editor Hacked to Execute Arbitrary Commands on The Infected System
A sophisticated malware campaign has emerged targeting users seeking free PDF editing software, with cybercriminals distributing a malicious application masquerading as the legitimate “AppSuite PDF Editor.” The malware, packaged as a Microsoft Installer (MSI) file, has been distributed through high-ranking…
NightSpire Ransomware Group Claims to Exploit The Vulnerabilities of Orgs to Infiltrate Their Systems
Since its emergence in February 2025, the NightSpire ransomware group has rapidly distinguished itself through a sophisticated double-extortion strategy that combines targeted encryption with public data leaks. Initially surfacing in South Korea, the group leveraged vulnerabilities in corporate networks to…
NodeBB Vulnerability Let Attackers Inject Boolean-Based Blind and PostgreSQL Error-Based Payloads
NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0. The flaw, tracked as CVE-2025-50979, resides in the search-categories API endpoint, allowing unauthenticated, remote attackers to inject both boolean-based blind and…
Threat Actors Leveraging Windows and Linux Vulnerabilities in Real-world Attacks to Gain System Access
Cybersecurity teams worldwide have observed a surge in sophisticated campaigns exploiting both Windows and Linux vulnerabilities in recent months to achieve unauthorized system access. These attacks often begin with phishing emails or malicious web content designed to deliver weaponized documents.…
Hackers Leverage Compromised Third-Party SonicWall SSL VPN Credentials to Deploy Sinobi Ransomware
A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The Sinobi Group, operating as a Ransomware-as-a-Service (RaaS) affiliate, successfully infiltrated corporate networks by exploiting SonicWall…
Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season
As students and staff returned to campuses this August, a stark rise in cyber attacks against educational institutions has been observed worldwide. From January to July 2025, organizations in the education sector endured an average of 4,356 weekly attacks, marking…
Hackers Weaponize PDF Along With a Malicious LNK File to Compromise Windows Systems
Attackers have begun leveraging a seemingly innocuous PDF newsletter alongside a malicious Windows shortcut (LNK) file to infiltrate enterprise environments. The attack surfaced in late August 2025, targeting South Korean academic and government institutions under the guise of a legitimate…
Threat Actors Weaponizing Facebook Ads with Free TradingView Premium App Lures That Delivers Android Malware
Cybersecurity researchers have uncovered a sophisticated malvertising campaign on Meta’s Facebook platform in recent weeks that targets Android users with promises of a free TradingView Premium application. These deceptive ads mimic official TradingView branding and visuals, luring unsuspecting victims to…
Virustotal’s New Endpoint Provides Functionality Descriptions for Malware Analysts’ Code Requests
VirusTotal today unveiled Virustotal’s New endpoint, which receives code requests and returns a description of its functionality for malware analysts, a powerful addition to its Code Insight platform. Designed to streamline reverse engineering workflows, the new API endpoint pre-analyzes disassembled or decompiled…
Multiple Hikvision Vulnerabilities Let Attackers Inject Executable Commands
Hikvision has disclosed three significant security vulnerabilities affecting multiple versions of its HikCentral product suite that could enable attackers to execute malicious commands and gain unauthorized administrative access. The vulnerabilities, assigned CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247, were reported to…
DPRK IT Workers Using Code-Sharing Platforms to Secure New Remote Jobs
Over the past year, security researchers have observed a growing trend of North Korean–linked developers establishing credible-looking profiles on popular code-sharing platforms such as GitHub, CodeSandbox, and Gist. These accounts frequently host legitimate open-source projects alongside hidden payloads, allowing operators…
Google Confirms Potential Compromise of All Salesloft Drift Customer Authentication Tokens
Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to the service. The new findings from the Google Threat Intelligence Group (GTIG) indicate that the…
New Research With PoC Explains Security Nightmares On Coding Using LLMs
Security researchers have uncovered significant vulnerabilities in code generated by Large Language Models (LLMs), demonstrating how “vibe coding” with AI assistants can introduce critical security flaws into production applications. A new study reveals that LLM-generated code often prioritizes functionality over…
15 Best Identity & Access Management Solutions (IAM) in 2025
Effective Identity Management Solutions have become paramount in today’s interconnected world, where individuals interact with various online platforms and services. Identity management solutions refer to the processes, technologies, and policies implemented to ensure secure and appropriate access to digital resources…
TransUnion Hack Exposes 4M+ Customers Personal Information
TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which…
New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware
A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques…
Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript
Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers. The security flaw was patched in version…
PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input
A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security. The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package…
How Adversary-In-The-Middle (AiTM) Attack Bypasses MFA and EDR?
Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape. Unlike traditional phishing attacks that merely collect static credentials, AiTM attacks actively intercept and manipulate communications between users and legitimate services in real-time,…