Your SOC generates thousands of alerts daily. Many of them are low-priority, repetitive, or false positives. On paper, this looks like a technical problem. In reality, it’s a business problem. Every Alert Costs When analysts are buried under thousands of notifications, they spend more time triaging noise than responding to real incidents. The result: slower reaction times, missed threats, staff burnout, and ballooning operational costs. Every wasted minute translates into a weaker security posture,…
Category: Cyber Security News
Hackers Using Leverage Tuoni C2 Framework Tool to Stealthily Deliver In-Memory Payloads
A new wave of cyberattacks has emerged using the Tuoni Command and Control (C2) framework, a sophisticated tool that allows threat actors to deploy malicious payloads directly into system memory. This technique helps attackers avoid detection by traditional security solutions…
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide
A sophisticated cyber campaign known as Operation WrtHug has hijacked tens of thousands of ASUS WRT routers globally, turning them into potential espionage tools for suspected China-linked hackers. SecurityScorecard’s STRIKE team, in collaboration with ASUS, revealed the operation on November…
Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers
A China-aligned threat group known as PlushDaemon has been weaponizing a sophisticated attack method to infiltrate networks across multiple regions since 2018. The group’s primary strategy involves intercepting legitimate software updates by deploying a specialized tool called EdgeStepper, which acts…
‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data
A new ransomware threat named “The Gentlemen” has emerged in the cybersecurity landscape, demonstrating advanced attack capabilities and a well-structured operational model. First appearing around July 2025, this group quickly established itself as a serious threat, publishing 48 victims on…
Destructive Akira Ransomware Attack with a Single Click on CAPTCHA in Malicious Website
A global data storage and infrastructure company fell victim to a severe ransomware attack orchestrated by Howling Scorpius, the group responsible for distributing Akira ransomware. The incident began with what appeared to be a routine security check on a compromised…
Microsoft Investigating Copilot Issue On Processing Files
Microsoft has launched an investigation into a widespread issue affecting Microsoft Copilot in Microsoft 365, where users are experiencing significant limitations when performing actions on files. The technology giant confirmed the incident via official Microsoft 365 Status channels, assigning the…
New ShadowRay Attack Exploit Ray AI-Framework Vulnerability to Attack AI Systems
Cybersecurity researchers have uncovered an active global hacking campaign leveraging a known flaw in Ray, an open-source AI framework widely used for managing distributed computing tasks. Dubbed ShadowRay 2.0, this attack exploits vulnerability CVE-2023-48022 to silently seize control of powerful…
New Nova Stealer Attacking macOS Users by Swapping Legitimate Apps to Steal Cryptocurrency Wallet Data
A new malware campaign targeting macOS users has emerged with a dangerous focus on cryptocurrency wallet theft. The malware, called Nova Stealer, uses a clever approach to trick victims by replacing genuine cryptocurrency applications with fake versions that steal wallet…
New .NET Malware Hides Lokibot Malware within PNG/BMP Files to Evade Detection
Cybersecurity threats continue to evolve with sophisticated evasion methods. A new .NET-based malware loader has emerged that demonstrates an advanced approach to concealing the notorious Lokibot trojan within image files. This multi-stage payload delivery system uses steganography, a technique that…
New npm Malware Campaign Verifies if the Visitor is a Victim or a Researcher Before Triggering Infection
A sophisticated malware campaign targeting the npm ecosystem has emerged, deploying a clever detection system that distinguishes between regular users and security researchers. The threat actor, operating under the alias dino_reborn, created seven malicious npm packages designed to redirect users…
Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks
Multiple critical vulnerabilities affect D-Link DIR-878 routers across all models and firmware revisions. These devices reached the end of life on January 31, 2021. They will no longer receive security updates or technical support from D-Link Corporation. The vulnerabilities allow…
Microsoft Teams New Feature Let Users Report Messages Incorrectly Flagged as Security Threats
Microsoft is introducing a new capability in Teams that allows users to report messages they believe were mistakenly flagged as security threats. The feature represents a significant step toward improving detection accuracy and reducing false positives across organizations worldwide. Completion…
CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks. The agency added CVE-2025-58034 to its Known Exploited Vulnerabilities (KEV) catalog…
New Sneaky 2FA Phishing Kit with BitB Technique Attacking Users to Steal Microsoft Account Credentials
The Sneaky2FA phishing service has recently added a dangerous new capability to its toolkit that makes stealing Microsoft account credentials even easier for attackers. Push Security analysts and researchers have identified this threat operating in the wild, using a sophisticated…
WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers
A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data leaks ever documented. This vulnerability, rooted in the app’s contact discovery feature, persisted despite warnings…
Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data
A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions. Chrome extensions marketed as “Free Unlimited VPN” services accumulated over 9 million installations before security detection, with the malware remaining hidden for nearly…
Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal
Microsoft unveiled significant enhancements to threat intelligence at Ignite 2025, bringing the Threat Intelligence Briefing Agent directly into the Defender portal. This integration marks a pivotal shift in how security teams approach cyber defense, moving from reactive responses to proactive…
Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin
SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code on affected systems. The vulnerabilities disclosed in Serv-U version 15.5.3 pose significant risks to organizations…
Microsoft Integrated Azure Firewall With AI-powered Security Copilot
Microsoft has enhanced its cloud security capabilities by integrating Azure Firewall with Security Copilot, an AI-powered security solution designed to help security teams work faster and more efficiently. This integration allows security analysts to investigate malicious network traffic using simple,…