Category: Cyber Security News

As digital threats escalate and technology rapidly evolves, regulatory compliance has become a defining challenge for organizations worldwide. In 2025, new and updated cybersecurity laws are reshaping how businesses protect data, manage risk, and demonstrate accountability. Navigating this complex legal…

Read more →

The digital battleground surrounding the Israel-Gaza conflict has intensified dramatically over the past year, with politically motivated threat actors launching sophisticated campaigns against Israeli organizations and their international partners. Among the most prominent of these groups is Cyber Toufan, an…

Read more →

The digital revolution has brought unprecedented connectivity and innovation, but it has also unleashed a wave of cyber threats that challenge the very fabric of our interconnected world. As organizations race to defend their data and infrastructure, a critical bottleneck…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released a significant Industrial Control Systems (ICS) advisory targeting a memory leak vulnerability in Johnson Controls’ iSTAR Configuration Utility (ICU) Tool, highlighting ongoing security challenges facing critical infrastructure sectors worldwide.  This latest advisory…

Read more →

INE Security, a global cybersecurity training and certification provider, today announced a strategic partnership with RedTeam Hacker Academy through the signing of a Memorandum of Understanding (MoU). This agreement significantly accelerates INE Security’s expansion strategy in the Middle East and…

Read more →

CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and multiple international partners, has released comprehensive guidance to help organizations effectively implement Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR)…

Read more →

As cyber threats grow in complexity and frequency, enterprise security monitoring has become a non-negotiable pillar of modern business defense. Data breaches can cost organizations millions, erode customer trust, and have long-term impacts on business performance. Enterprises invest in advanced…

Read more →

Mozilla has released emergency security updates to address a critical vulnerability in Firefox that could allow attackers to execute arbitrary code on victims’ systems without any user interaction.  The security flaw, tracked as CVE-2025-5262, was announced on May 27, 2025,…

Read more →

A sophisticated cyber espionage campaign attributed to the North Korean advanced persistent threat (APT) group Velvet Chollima has emerged, targeting South Korean government officials and organizations across multiple continents through weaponized PDF documents and innovative social engineering techniques. The Velvet…

Read more →

A sophisticated new remote access trojan known as Silver RAT v1.0 has emerged in the cyberthreat landscape, demonstrating advanced anti-virus bypass capabilities and an array of destructive functionalities targeting Windows systems. First observed in the wild during November 2023, this…

Read more →

As the digital landscape continues to evolve at breakneck speed, organizations worldwide are bracing for a new wave of security challenges in 2025. The convergence of artificial intelligence, geopolitical tensions, and quantum computing is reshaping the threat environment, demanding a…

Read more →

Google has officially promoted Chrome 137 to the stable channel for Windows, Mac, and Linux platforms, marking a significant milestone in browser security and artificial intelligence integration. The Chrome team announced the release on May 27, 2025, with the update…

Read more →

Security researchers have conducted an extensive analysis of a sophisticated macOS information stealer that emerged in mid-May 2025, revealing intricate attack mechanisms and command-and-control infrastructure details. The malware, dubbed ‘AppleProcessHub’ after its associated domain, represents a significant threat to macOS…

Read more →

APIs are the new highways of the internet. They’re fast, powerful, and make everything run until someone sneaks in and crashes the system. That’s the dilemma of the modern digital world: we’ve built an economy around APIs, but a lot…

Read more →

A sophisticated phishing campaign targeting Italian and U.S. users through fake Microsoft OneNote login prompts designed to harvest Office 365 and Outlook credentials.  The attack leverages legitimate cloud services and Telegram bots for data exfiltration, making detection significantly more challenging…

Read more →

Microsoft Threat Intelligence has unveiled a sophisticated Russian-affiliated cyberespionage group dubbed “Void Blizzard” (also known as LAUNDRY BEAR) that has been conducting widespread attacks against telecommunications and IT organizations since April 2024.  The threat actor has successfully compromised critical infrastructure…

Read more →

Check Point Software Technologies has announced the acquisition of Veriti Cybersecurity, marking a significant advancement in automated threat exposure management for enterprises facing increasingly sophisticated AI-driven cyber attacks. The transaction, expected to close by the end of Q2 2025, represents…

Read more →

Threat intelligence is the cornerstone of proactive cyber defense, providing context to security events to prioritize response efforts. It’s about turning raw data into strategic insights that can be used to fortify network defenses against known and unknown threats.  The…

Read more →

Dutch intelligence services have identified a previously unknown Russian hacking group responsible for cyberattacks on multiple Dutch organizations, including a significant breach of the national police system in September 2024 that compromised work-related contact information of officers. The Netherlands General…

Read more →

A sophisticated new Android malware strain called GhostSpy has emerged as a significant threat to mobile device security, demonstrating advanced capabilities that allow cybercriminals to achieve complete control over infected smartphones and tablets. This web-based Remote Access Trojan (RAT) employs…

Read more →

Microsoft has revolutionized its iconic Notepad application by introducing an AI-powered text generation feature called “Write,” marking a dramatic transformation for the minimalist text editor that has remained largely unchanged for decades.  The new functionality, powered by a variant of…

Read more →

German sportswear giant Adidas has confirmed a significant data breach involving customer contact information accessed through a compromised third-party customer service provider.  The incident, disclosed on May 23, 2025, exposed contact details of consumers who had previously interacted with the…

Read more →

A critical security vulnerability in the widely-used GitHub Model Context Protocol (MCP) server has been discovered, exposing users to sophisticated attacks that can compromise private repository data through malicious prompt injections. The vulnerability affects any agent system using the GitHub…

Read more →

Two critical security vulnerabilities discovered in the popular GIMP image editing software have been disclosed. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems.  The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th,…

Read more →

Security researchers have revealed that a sophisticated malvertising campaign discovered last week has been targeting software developers through malicious Google advertisements that impersonate the popular Homebrew package manager. The attack demonstrates an evolution in cybercriminal tactics that exploit trusted verification…

Read more →

A critical vulnerability in HTTP/2 protocol implementations that allows attackers to bypass web security protections and execute arbitrary cross-site scripting (XSS) attacks against major websites.  At the Network and Distributed System Security (NDSS) Symposium 2025, Tsinghua University researchers presented their…

Read more →

A sophisticated social engineering campaign that leverages fake Google Meet conference pages to trick users into manually executing malicious PowerShell commands, leading to system compromise through various information-stealing malware, including AsyncRAT, StealC, and Rhadamanthys.  This emerging threat, known as “ClickFix,”…

Read more →

Nova Scotia Power has officially confirmed it fell victim to a sophisticated ransomware attack that compromised sensitive customer data belonging to approximately 280,000 individuals.  The Canadian utility disclosed on Friday that threat actors successfully infiltrated its network systems and published…

Read more →

A proof-of-concept exploit tool called SharpSuccessor that weaponizes the recently discovered BadSuccessor vulnerability in Windows Server 2025’s delegated Managed Service Account (dMSA) feature.  The .NET-based tool, developed by Logan Goins, demonstrates how attackers with minimal Active Directory permissions can escalate…

Read more →

A newly discovered vulnerability in vBulletin, one of the world’s most popular forum platforms, has exposed thousands of online communities to the risk of unauthenticated remote code execution (RCE).  The flaw, present in vBulletin versions 5.x and 6.x running on…

Read more →

The Federal Bureau of Investigation has issued a critical warning about an increasingly sophisticated cybercriminal organization known as the Silent Ransom Group (SRG), which has been conducting targeted attacks against law firms and other organizations through deceptive IT support calls.…

Read more →

OpenAI has announced a significant expansion of ChatGPT’s deep research capabilities, introducing seamless integration with popular cloud storage platforms including Dropbox and Microsoft OneDrive. This development represents a major step forward in making artificial intelligence more accessible within existing enterprise…

Read more →

A significant security flaw (CVE-2025-46176) has exposed thousands of D-Link routers to remote code execution attacks through hardcoded Telnet credentials embedded in firmware.  The vulnerability affects DIR-605L v2.13B01 and DIR-816L v2.06B01 models, scoring 6.5 on the CVSS v3.1 scale with…

Read more →

A critical security vulnerability has been discovered in Cursor, a popular AI-powered code editor for macOS, that enables malicious software to circumvent Apple’s built-in privacy protections and access sensitive user data without proper authorization. The vulnerability exploits a misconfiguration in…

Read more →

OpenAI’s latest large language model, ChatGPT o3, actively bypassed and sabotaged its own shutdown mechanism even when explicitly instructed to allow itself to be turned off.  Palisade Research, an AI safety firm, reported on May 24, 2025, that the advanced…

Read more →

A sophisticated new credential-stealing malware known as Katz Stealer has emerged as a significant threat to users of popular web browsers, demonstrating advanced capabilities that allow it to bypass modern security protections and exfiltrate sensitive authentication data. This malware-as-a-service operation…

Read more →

Two high-severity vulnerabilities (CVE-2025-24916, CVE-2025-24917) in Tenable Network Monitor solution, enabling local privilege escalation on Windows systems through insecure directory permissions and arbitrary code execution.  The security flaws affect all versions prior to 6.5.1 and have been assigned high severity…

Read more →

A sophisticated phishing campaign targeting Indian air travelers has emerged, exploiting the trusted DigiYatra brand to harvest sensitive personal and financial information from unsuspecting users. The malicious operation centers around a deceptive website at digiyatra[.]in that masquerades as the official…

Read more →

A critical cross-site scripting (XSS) vulnerability has been discovered in the popular password manager Bitwarden, affecting versions up to 2.25.1.  The security flaw, designated as CVE-2025-5138, resides in the PDF File Handler component and allows attackers to upload malicious PDF…

Read more →

A sophisticated malware campaign targeting the npm ecosystem has compromised developer environments through 60 malicious packages designed to silently harvest sensitive network information. The operation, which began eleven days ago and remains active as of publication, demonstrates the growing threat…

Read more →

A disturbing new trend in cybercrime emerged this week as security professionals discovered QR codes taped to lampposts in what appears to be a sophisticated psychological manipulation campaign. The handwritten note, which read “John, I know you are cheating on…

Read more →

Cybersecurity researchers have uncovered a concerning trend where threat actors are increasingly leveraging legitimate database client tools to steal sensitive information from compromised systems. This sophisticated approach represents a significant evolution in data exfiltration techniques, as attackers exploit trusted applications…

Read more →

Cybersecurity researchers have uncovered a sophisticated campaign involving over 40 malicious Chrome browser extensions that masquerade as trusted brands to steal sensitive user data. The malicious extensions, which remain active on the Google Chrome Store, represent a significant escalation in…

Read more →

A critical vulnerability in Oracle’s Transparent Network Substrate (TNS) protocol that allows unauthenticated attackers to access sensitive system memory contents, including environment variables and connection data.  Oracle assigned CVE-2025-30733 to this vulnerability and released patches on April 15, 2025. The…

Read more →

A critical path equivalence vulnerability in Apache Tomcat, designated CVE-2025-24813, has been actively exploited in the wild following the public release of proof-of-concept exploit code.  The vulnerability, disclosed on March 10, 2025, enables unauthenticated remote code execution under specific server…

Read more →

A sophisticated China-linked threat actor known as TA-ShadowCricket has been conducting stealthy cyber espionage operations against government and enterprise networks across the Asia-Pacific region for over a decade. The group, formerly identified as Shadow Force and initially categorized as Larva-24013…

Read more →

A severe security vulnerability affecting GNOME Remote Desktop has been discovered, allowing unauthenticated attackers to exhaust system resources and crash critical processes.  CVE-2025-5024, disclosed on May 21, 2025, poses significant risks to organizations utilizing remote desktop services across Red Hat…

Read more →

A critical security vulnerability in multiple WSO2 products has been discovered that allows attackers to reset passwords for any user account, potentially leading to complete system compromise.  CVE-2024-6914, published on May 22, 2025, represents a severe threat to organizations using…

Read more →

Linus Torvalds officially announced the stable release of the Linux kernel 6.15 on May 25, 2025. This release marked a significant milestone in open-source development, with groundbreaking Rust integration, substantial performance improvements, and extensive hardware support expansion.  This release introduces…

Read more →

A critical remote prompt injection vulnerability was uncovered in GitLab Duo, the AI-powered coding assistant integrated into GitLab’s DevSecOps platform.  The vulnerability, disclosed in February 2025, allowed attackers to manipulate the AI assistant into leaking private source code and injecting…

Read more →

A massive cybersecurity breach has exposed 184 million login credentials in an unprotected database, marking one of the largest credential exposures discovered in recent years.  Cybersecurity researcher Jeremiah Fowler uncovered the non-encrypted database containing 184,162,718 unique usernames and passwords totaling…

Read more →

A new .NET-based malware, dubbed Chihuahua Infostealer, has emerged as a significant threat to cybersecurity, targeting sensitive browser credentials and cryptocurrency wallet data. Discovered in April 2025, this multi-stage malware employs obfuscated PowerShell scripts and trusted cloud platforms like Google…

Read more →

The U.S. Department of Justice unsealed federal charges Thursday against Russian national Rustam Rafailevich Gallyamov, 48, for allegedly orchestrating one of the world’s most sophisticated malware operations that infected over 700,000 computers globally and facilitated devastating ransomware attacks.  The Moscow-based…

Read more →

The cybersecurity landscape witnessed a significant milestone this February with the emergence of BypassERWDirectSyscallShellcodeLoader, a sophisticated malware specimen that represents the first documented case of large language model-generated malicious code being analyzed by an artificial intelligence security assistant. This groundbreaking…

Read more →

A cybersecurity threat has emerged targeting one of the world’s largest fast-food chains, as a threat actor known as #LongNight has put up for sale remote code execution (RCE) access to Burger King Spain’s backup infrastructure for $4,000. The vulnerability…

Read more →

A comprehensive security research demonstration has revealed how attackers can systematically undermine modern zero-trust security frameworks by exploiting a critical DNS vulnerability to disrupt automated secret rotation mechanisms. The research showcases a sophisticated attack chain that begins with crashing DNS…

Read more →

Cybercriminals are increasingly targeting cryptocurrency users through sophisticated malware campaigns that exploit the trust placed in cold wallet management applications. Since August 2024, threat actors have been distributing malicious clones of Ledger Live, the widely-used application for managing cryptocurrency through…

Read more →

Cybersecurity researchers have uncovered a sophisticated new formjacking malware campaign targeting WooCommerce-powered e-commerce websites, representing a significant evolution in credit card skimming attacks. This advanced threat demonstrates unprecedented stealth capabilities, carefully integrating fake payment forms into legitimate checkout processes while…

Read more →

Security researchers have identified a sophisticated malware campaign utilizing the ALCATRAZ obfuscator, an open-source tool originally developed for the game hacking community that has now been weaponized by cybercriminals and advanced persistent threat groups. The malware, dubbed DOUBLELOADER, has been…

Read more →

In today’s digital world, data breaches have become a persistent threat, impacting organizations of every size and sector. With the average cost of a breach climbing each year and millions of records exposed, the question is no longer if a breach will…

Read more →

Artificial intelligence, sophisticated ransomware operations, and evolving geopolitical tensions are dramatically reshaping the cybersecurity landscape in 2025. With over 30,000 vulnerabilities disclosed last year, a 17% increase from previous figures, organizations face unprecedented challenges in securing their digital assets. As…

Read more →

A sophisticated phishing campaign leveraging copyright infringement themes has emerged as a primary vector for distributing the dangerous Rhadamanthys information stealer malware across European countries. Since April 2025, threat actors have been exploiting fear-based social engineering tactics, impersonating legal representatives…

Read more →

In today’s hyper-connected world, enterprise security is no longer a technical afterthought but a boardroom priority. As cyberattacks grow in frequency and sophistication, organizations are under increasing pressure to protect sensitive data, maintain regulatory compliance, and ensure business continuity. The…

Read more →

A sophisticated cyber-espionage campaign has emerged targeting Tajikistan’s government institutions through weaponized Microsoft Word templates, marking a significant tactical evolution by the Russia-aligned threat group TAG-110. The campaign, which unfolded between January and February 2025, represents a departure from the…

Read more →

As mobile devices become increasingly central to daily life, cybercriminals are refining their tactics to exploit vulnerabilities in Apple’s iMessage platform. Recent reports reveal a surge in phishing campaigns that bypass Apple’s built-in security measures by manipulating user behavior, underscoring…

Read more →

iPhones have become integral to daily life, so their security has never been more critical. While Apple’s iOS is renowned for its robust security architecture, spyware threats are evolving, and no device is entirely immune. Recent incidents, including high-profile cases…

Read more →

Law enforcement agencies have successfully disrupted one of the most sophisticated malware-as-a-service platforms operating in 2025, dealing a significant blow to the DanaBot botnet through Operation Endgame II. The coordinated international effort targeted a criminal infrastructure that maintained an average…

Read more →

A sophisticated malware campaign leveraging fake software installers disguised as popular applications has emerged as a significant threat to cybersecurity infrastructure, with attackers deploying the hard-to-detect Winos 4.0 malware through deceptive VPN and QQBrowser installations. The campaign represents a concerning…

Read more →

A sophisticated China-linked threat group has been actively exploiting critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) systems since May 15, 2025, targeting organizations across healthcare, telecommunications, aviation, municipal government, finance, and defense sectors globally. The campaign leverages two newly…

Read more →

Recent security vulnerabilities in Google’s Android operating system have highlighted the critical importance of robust enterprise mobile security strategies. Just days ago, on May 11, 2025, security researchers identified multiple vulnerabilities in the Android OS, with the most severe potentially…

Read more →

As Android continues to dominate the global smartphone market, its open and flexible ecosystem remains both a strength and a challenge. The very features that make Android attractive- customization, variety, and choice- also create rapid opportunities for security threats to…

Read more →

A critical security vulnerability in Apple’s XNU kernel has been disclosed. It allows local attackers to escalate privileges and potentially execute arbitrary code with kernel-level access.  The flaw, identified as CVE-2025-31219, represents a significant security risk across multiple Apple operating…

Read more →

A new artificial intelligence platform called Venice.ai is raising serious cybersecurity concerns after researchers discovered it can generate functional malware, phishing emails, and sophisticated cyberattack tools with minimal user expertise.  Unlike mainstream AI services such as ChatGPT, Venice.ai deliberately removes…

Read more →

A newly disclosed authentication bypass vulnerability has exposed thousands of NETGEAR DGND3700v2 routers to remote attacks, allowing cybercriminals to gain complete administrative control without requiring valid credentials.  The flaw, tracked as CVE-2025-4978 and assigned a critical CVSS score of 9.3,…

Read more →

A critical vulnerability in ModSecurity’s Apache module has been disclosed, potentially exposing millions of web servers worldwide to denial-of-service attacks.  The flaw, tracked as CVE-2025-47947 and assigned a CVSS score of 7.5, affects the popular open-source web application firewall’s handling…

Read more →

A significant data breach has exposed the inner workings of one of the world’s most prolific ransomware operations, providing unprecedented insight into LockBit’s affiliate structure and victim targeting strategies. The treasure trove of leaked information, published on LockBit’s hijacked leak…

Read more →

Canon Inc. has issued a critical security advisory warning customers about severe vulnerabilities affecting a wide range of their production printers, office multifunction printers, and laser printers.  The vulnerabilities, identified as CVE-2025-3078 and CVE-2025-3079, enable malicious actors to extract sensitive…

Read more →

CISA issued an urgent advisory, warning organizations about ongoing cyber threat activity targeting Commvault’s software-as-a-service (SaaS) cloud applications hosted in Microsoft Azure environments.  Threat actors have successfully accessed client secrets for Commvault’s Metallic Microsoft 365 backup solution, providing unauthorized access…

Read more →

A sophisticated threat actor designated as ViciousTrap has successfully compromised over 5,500 edge devices across more than 50 brands, transforming them into a massive distributed honeypot network capable of intercepting and monitoring exploitation attempts worldwide. This unprecedented campaign represents a…

Read more →

A critical vulnerability in ModSecurity’s Apache module has been disclosed, potentially exposing millions of web servers worldwide to denial-of-service attacks.  The flaw, tracked as CVE-2025-47947 and assigned a CVSS score of 7.5, affects the popular open-source web application firewall’s handling…

Read more →

Security researchers have published detailed proof-of-concept (PoC) analysis for a critical zero-day vulnerability affecting multiple Fortinet products, as threat actors continue to exploit the flaw in real-world attacks actively. The vulnerability, tracked as CVE-2025-32756, represents a significant security risk with…

Read more →

The Gujarat Anti-Terrorism Squad (ATS) has arrested an 18-year-old and a minor for orchestrating over 50 coordinated cyberattacks on Indian government websites during the recent military ‘Operation Sindoor’.  The main accused, Jasim Shahnawaz Ansari from Nadiad in Gujarat’s Kheda district,…

Read more →

Security researchers have unveiled significant vulnerabilities in .NET desktop applications that utilize CefSharp, a popular framework for embedding Chromium browsers within desktop applications, exposing millions of enterprise applications to potential remote code execution attacks. CefSharp, a lightweight .NET wrapper around…

Read more →

In a sophisticated cybersecurity attack uncovered this week, Russian threat actors have been observed exploiting multiple cloud service providers to deliver the notorious Lumma Stealer malware. The campaign utilizes legitimate cloud infrastructure—including Oracle Cloud Infrastructure (OCI), Scaleway Object Storage, and…

Read more →

Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities.  The flaws include authentication bypass vulnerabilities that can be chained to achieve remote code execution and complete system compromise.  Despite…

Read more →

GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service (DoS) attacks.  The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps…

Read more →

A sophisticated cyber threat group designated as UAT-6382 has been actively exploiting a critical zero-day vulnerability in Cityworks, a popular asset management system used by local governments across the United States. The vulnerability, tracked as CVE-2025-0994, allows remote code execution…

Read more →

Cisco disclosed a security vulnerability (CVE-2025-20255) affecting its Webex Meetings service that could allow remote attackers to manipulate cached HTTP responses.  The vulnerability, assigned a CVSS score of 4.3 (Medium severity), stems from improper handling of malicious HTTP requests in…

Read more →

A critical security vulnerability has been discovered in Netwrix Password Secure, an enterprise password management solution, allowing authenticated attackers to execute arbitrary code on victim machines. The vulnerability, identified as CVE-2025-26817, affects all versions of Netwrix Password Secure up to…

Read more →

In a troubling development for the JavaScript ecosystem, security researchers have discovered a sophisticated campaign targeting popular frameworks through weaponized npm packages. These malicious packages, which have accumulated over 6,200 downloads, masquerade as legitimate plugins and utilities while secretly containing…

Read more →

Cybersecurity researchers have identified a new infostealer malware called “ZeroCrumb” that was recently distributed through GitHub repositories. This sophisticated malware specifically targets browser cookies from popular browsers including Chrome, Brave, and Edge, enabling attackers to steal sensitive user authentication data…

Read more →

A zero-day vulnerability in the Linux kernel was discovered, utilizing OpenAI’s o3 model. This finding, assigned CVE-2025-37899, marks a significant advancement in AI-assisted vulnerability research. The vulnerability, officially confirmed on May 20, 2025, affects the ksmbd component of the Linux…

Read more →

In a concerning development that highlights the evolving tactics of threat actors, cybercriminals have begun exploiting the popularity of TikTok to distribute sophisticated information-stealing malware. This new campaign specifically delivers Vidar and StealC infostealers by tricking users into executing malicious…

Read more →

Google has released an urgent security update for Chrome after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code remotely on users’ systems.  The most critical flaw, a “Use after free” vulnerability in the browser’s Compositing system,…

Read more →

Microsoft is currently investigating an issue affecting Exchange Online, where some users in Australia are experiencing significant delays in sending and receiving emails. The problem, first acknowledged on May 22, 2025, has led to disruptions for businesses and individuals relying…

Read more →

A novel process injection technique that effectively bypasses leading Endpoint Detection and Response (EDR) solutions by focusing solely on execution primitives, eliminating the need for memory allocation or writing operations that typically trigger security alerts.  Dubbed “CONTEXT-Only Attack Surface,” this…

Read more →

In a significant cybersecurity incident that could potentially affect millions of consumers, two notorious hacking groups have claimed responsibility for separate breaches of Coca-Cola systems. According to posts on dark web forums, the Everest ransomware group has reportedly compromised internal…

Read more →

Cisco disclosed a high-severity vulnerability affecting its Identity Services Engine (ISE) that could allow unauthenticated remote attackers to cause a denial of service condition.  The vulnerability, identified as CVE-2025-20152, received a CVSS score of 8.6, reflecting its serious potential impact…

Read more →

A sophisticated campaign targeting Solidity developers has emerged, utilizing Visual Studio Code’s popularity and extension ecosystem as an attack vector. Threat actors have deployed trojanized extensions that masquerade as developer utilities while secretly exfiltrating cryptocurrency wallet credentials and other sensitive…

Read more →

A critical vulnerability in Windows Server 2025 that enables attackers to compromise any user in Active Directory, including highly privileged accounts. Dubbed “BadSuccessor,” this attack exploits a feature called delegated Managed Service Accounts (dMSA) and works by default in environments…

Read more →