Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code. The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway…
Category: Cyber Security News
WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins
A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security. Security researchers have identified a malicious plugin disguised as “wp-runtime-cache” that specifically targets users with administrative privileges,…
Lumma Infostealers Developers Trying Hard To Conduct Business As Usual
In the high-stakes world of cybercrime, few tools have garnered as much attention as Lumma Infostealer. Emerging as a powerful malware-as-a-service (MaaS) offering, Lumma achieved notoriety for its wide-reaching impact on both individuals and enterprises. Its main function is to…
Play Ransomware Hacked 900 Organizations, CISA Released TTPs & IOCs
Federal authorities have revealed that the notorious Play ransomware group has successfully breached approximately 900 organizations worldwide as of May 2025, marking a dramatic escalation in cybercriminal activity that has prompted an urgent security advisory from multiple government agencies. The…
Top 10 GPT Tools For Hackers, Penetration Testers, & Security Analysts
A recent analysis has identified ten advanced GPT models that are transforming the methodologies employed by hackers, penetration testers, and security analysts in 2025. These models are enhancing the precision and efficiency of security assessments, threat modeling, and vulnerability exploitation, thereby…
Wireshark Vulnerability Enables DoS Attack Through Malicious Packet Injection
A critical vulnerability in the popular network protocol analyzer Wireshark has been discovered, allowing attackers to trigger denial-of-service (DoS) attacks through packet injection or the use of malformed capture files. The security flaw, identified as CVE-2025-5601, affects millions of users…
New Phishing Attack that Hides Malicious Link from Outlook Users
A sophisticated phishing technique that exploits Microsoft Outlook‘s HTML rendering capabilities to hide malicious links from corporate security systems while maintaining their effectiveness against end users. The attack leverages conditional HTML statements to display different content depending on whether the…
Cisco ISE Vulnerability Allows Remote to Access Sensitive Data – PoC Exploit Available
A critical vulnerability affecting its Identity Services Engine (ISE) when deployed on major cloud platforms, warning that proof-of-concept exploit code is now publicly available. The flaw, tracked as CVE-2025-20286 with a CVSS score of 9.9, enables unauthenticated remote attackers to…
Authorities Seized 145 Dark Web Marketplace Having 117,000 Registered Customers
Federal authorities have successfully dismantled BidenCash, one of the largest criminal marketplaces operating on both the dark web and the traditional internet. In a coordinated law enforcement operation, approximately 145 domains associated with the platform were seized. The BidenCash marketplace…
35,000 Solar Power Systems Exposed To Internet Are Vulnerable To Cyberattacks
A comprehensive cybersecurity investigation has revealed alarming vulnerabilities in the rapidly expanding solar energy infrastructure, with nearly 35,000 solar power devices found exposed to internet-based attacks across 42 vendors worldwide. The discovery underscores growing security concerns as renewable energy systems…
APT37 Hackers Mimic Academic Forum Invites To Deliver Malicious LNK Files Via Dropbox Platform
The North Korea-linked APT37 threat group has launched a sophisticated spear phishing campaign targeting South Korean activists and researchers focused on North Korean affairs, employing deceptive academic forum invitations to distribute malicious shortcut files through cloud-based infrastructure. The campaign, which…
New Malware Attack Deploys Malicious Chrome & Edge Extensions To Steal Sensitive Data
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through malicious browser extensions designed to steal sensitive banking credentials and financial data. The operation, dubbed “Operation Phantom Enigma,” represents a significant escalation in banking trojans’ evolution, utilizing browser…
Hackers Allegedly Leaked 86 Million AT&T Customer Records with Decrypted SSNs
A massive data breach involving AT&T, with hackers allegedly leaking personal information of 86 million customers. Hackers claimed to have successfully decrypted previously protected Social Security numbers and released the information on cybercrime forums. The breach, first posted on May…
New Crocodilus Malware That Gain Complete Control of Android Device
A sophisticated new Android banking Trojan named Crocodilus has emerged as a significant global threat, demonstrating advanced device-takeover capabilities that grant cybercriminals unprecedented control over infected smartphones. First discovered in March 2025, this malware has rapidly evolved from localized test…
Business Email Compromise Attacks: How To Detect Them Early
Business Email Compromise (BEC) attacks don’t need malware to do damage. All it takes is one convincing message; a fake login prompt, a cleverly disguised link, and an employee’s credentials are gone. From there, attackers can quietly access inboxes, exfiltrate…
Composing The Future Of AI: How Anat Heilper Orchestrates Breakthroughs In Silicon And Software
Anat Heilper is redefining what it means to be a technical leader in AI, not by following the path but by architecting it from the ground up. Having served in key boundary-pushing roles such as the Director of AI and…
Google to Remove Two Certificate Authorities from Chrome Root Store
Google has announced plans to remove two Certificate Authorities (CAs) from Chrome’s Root Store due to ongoing security concerns. The Chrome Root Program and Security Team revealed that Chunghwa Telecom and Netlock will no longer be trusted by default in…
Threat Actors Exploit ‘Prove You Are Human’ Scheme To Deliver Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign that weaponizes users’ trust in routine internet verification processes to deliver malicious payloads. The scheme exploits familiar “prove you are human” prompts, transforming seemingly innocent website interactions into vectors for malware distribution…
Windows Authentication Coercion Attacks Pose Significant Threats to Enterprise Networks
Windows authentication coercion attacks continue to pose substantial risks to enterprise Active Directory environments in 2025, despite Microsoft’s ongoing efforts to implement protective measures. These sophisticated attacks allow threat actors with minimal privileges to gain administrative access to Windows workstations…
IBM QRadar Vulnerabilities Let Attackers Access Sensitive Configuration Files
Multiple severe vulnerabilities in IBM QRadar Suite Software that could allow attackers to access sensitive configuration files and compromise enterprise security infrastructures. The most severe vulnerability, tracked as CVE-2025-25022, carries a CVSS base score of 9.6 and enables unauthenticated users…