Cybersecurity researchers have uncovered a sophisticated evolution of the ClickFix attack methodology, where threat actors are leveraging cache smuggling techniques to avoid traditional file download detection mechanisms. This innovative campaign targets enterprise networks by masquerading as a Fortinet VPN compliance…
Category: Cyber Security News
Microsoft Azure Faces Global Outage Affecting Services Worldwide
Microsoft Azure, one of the world’s leading cloud computing platforms, experienced a significant service outage on Thursday, October 9, 2025, leaving customers across Europe and Africa unable to access their services. The disruption began at approximately 07:40 UTC, with the…
AI Chatbot Leveraged as a Critical Backdoor to Access Sensitive Data and Infrastructure
In recent weeks, a sophisticated malware campaign has emerged that leverages conversational chatbots as covert entry points into enterprise systems. Initially observed in mid-September 2025, the threat actors targeted organizations running customer-facing chat applications built on large language models. By…
SonicWall Confirms That Hackers Stole All Customers Firewall Configuration Backup Files
SonicWall has confirmed that an unauthorized party accessed and stole the entire repository of customer firewall configuration backup files from its cloud service. The confirmation comes after the completion of an investigation with the cybersecurity firm Mandiant, which determined that…
New Phishing Kit Automates Generation of ClickFix Attack Bypassing Security Measures
The cybersecurity community has witnessed the rapid emergence of a novel phishing toolkit that automates the creation of “ClickFix” attack pages, enabling threat actors with minimal technical expertise to deploy sophisticated social engineering lures. Dubbed the IUAM ClickFix Generator, this…
Hackers Exploit DFIR Tool ‘Velociraptor’ in Ransomware Attacks
Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks. This marks the first definitive link between a legitimate security tool and a ransomware…
PoC Exploit Released For Nothing Phone Code Execution Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical vulnerability in the secure boot chain of the Nothing Phone (2a) and CMF Phone 1, potentially affecting other devices using MediaTek systems-on-a-chip (SoCs). The exploit, named Fenrir and published by…
Shuyal Stealer Attacking 19 Browsers to Steal Login Credentials
Shuyal Stealer has rapidly ascended as one of the most versatile credential theft tools observed in recent months. First detected in early August 2025, its modular architecture allows it to target an expansive range of web browsers, including Chromium-based, Gecko-based,…
GitLab Security Update – Patch For Multiple Vulnerabilities That Enables DoS Attack
GitLab has released important security updates. The new versions are 18.4.2, 18.3.4, and 18.2.8 for both Community Edition (CE) and Enterprise Edition (EE). These updates fix several vulnerabilities that could lead to denial-of-service (DoS) attacks and allow unauthorized access. All…
Linux Kernel ksmbd Filesystem Vulnerability Exploited – PoC Released
Security researchers have released a full proof-of-concept (PoC) exploit for a high-severity vulnerability in the Linux kernel’s ksmbd module, demonstrating a reliable path to local privilege escalation. The vulnerability, tracked as CVE-2025-37947, is an out-of-bounds write that can be leveraged…
Hackers Abuse CSS Properties With Messages to Inject Malicious Codes in Hidden Text Salting Attack
A sophisticated technique known as hidden text salting has emerged as a significant threat to email security systems, allowing cybercriminals to bypass detection mechanisms through the strategic abuse of cascading style sheets (CSS) properties. This attack vector enables threat actors…
IRGC-Linked APT35 Structure, Tools, and Espionage Operations Disclosed
Since emerging in the mid-2010s as a persistent threat actor, the IRGC-linked APT35 collective has continually adapted its tactics to target government entities, energy firms, and diplomatic missions across the Middle East and beyond. Initially focused on credential harvesting via…
Microsoft 365 Outage Blocks Access to Teams, Exchange Online, and Admin Center – Updated
A significant Microsoft 365 outage blocked user access to several critical services, including Microsoft Teams, Exchange Online, and the Microsoft 365 admin center. The incident began late on Wednesday, October 8, 2025, leaving organizations worldwide unable to utilize essential communication…
CrowdStrike Falcon Windows Sensor Vulnerability Enables Code Execution and File Deletion
CrowdStrike has disclosed and released patches for two medium-severity vulnerabilities in its Falcon sensor for Windows that could allow an attacker to delete arbitrary files. The security vulnerabilities, designated as CVE-2025-42701 and CVE-2025-42706, require an attacker to have already gained…
Discord Data Breach – 1.5 TB of Data and 2 Million Government ID Photos Extorted
The popular communication platform Discord is facing an extortion attempt following a significant data breach at one of its third-party customer service providers, Zendesk. Threat actors claim to have stolen 1.5 terabytes of sensitive data, including over 2.1 million government-issued…
FreePBX SQL Injection Vulnerability Exploited to Modify The Database
A critical SQL injection vulnerability in FreePBX has emerged as a significant threat to VoIP infrastructure worldwide, enabling attackers to manipulate database contents and achieve arbitrary code execution. FreePBX, a widely deployed PBX system built around the open-source Asterisk VoIP…
Crimson Collective Leverages AWS Services to Exfiltrate Sensitive Data
A new threat group calling itself Crimson Collective has emerged as a significant cybersecurity concern, targeting Amazon Web Services (AWS) cloud environments with sophisticated data exfiltration and extortion campaigns. The group has recently claimed responsibility for attacking Red Hat, asserting…
Hackers Actively Compromising Databases Using Legitimate Commands
A sophisticated new breed of ransomware attacks is leveraging legitimate database commands to compromise organizations worldwide, bypassing traditional security measures through “malware-less” operations. Unlike conventional ransomware that encrypts files using malicious binaries, threat actors are exploiting exposed database services by…
Mustang Panda Using New DLL Side-Loading Technique to Deliver Malware
In recent weeks, cybersecurity analysts have observed a resurgence of the Mustang Panda threat actor deploying a novel DLL side-loading approach to deliver malicious payloads. Emerging in June 2025, this campaign leverages politically themed lures targeting Tibetan advocacy groups. Victims…
Scattered Lapsus$ Hunters Launched a New Leak Site to Release Data Stolen from Salesforce Instances
The notorious cybercriminal collective known as Scattered Lapsus$ Hunters has escalated their extortion campaign by launching a dedicated leak site to threaten organizations with the exposure of stolen Salesforce data. This supergroup, comprised of established threat actors including ShinyHunters, Scattered…