Aembit, the workload identity and access management (IAM) company, today announced its inclusion in Rising in Cyber 2025, an independent list launched by Notable Capital to spotlight the 30 most promising cybersecurity startups shaping the future of security. Unlike traditional rankings,…
Category: Cyber Security News
New Firefox Feature Automatically Detects Malicious Extensions by Behavior
A sophisticated new security feature has been released by Firefox designed to automatically identify and neutralize malicious browser extensions before they can compromise user data. The implementation comes as crypto wallet scams continue to surge globally, with the FBI reporting…
New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials
Cybersecurity researchers have identified a sophisticated new threat targeting the expanding Internet of Things ecosystem. PumaBot, a Go-based Linux botnet, has emerged as a significant concern for organizations operating vulnerable IoT devices, particularly surveillance systems. Unlike conventional malware that conducts…
Hackers Weaponize Ruby Gems To Exfiltrate Telegram Tokens and Messages
A sophisticated supply chain attack has emerged targeting the RubyGems ecosystem, exploiting geopolitical tensions surrounding Vietnam’s recent Telegram ban to steal sensitive developer credentials and communications. The malicious campaign involves two typosquatted Ruby gems designed to impersonate legitimate Fastlane plugins,…
North Face Fashion Brand Warns of Credential Stuffing Attack
The North Face, a prominent outdoor fashion retailer, has issued a comprehensive security notification to customers following the discovery of a credential stuffing attack against its website on April 23, 2025. The incident represents a growing cybersecurity threat where attackers…
State-Sponsored Groups Actively Targeting Manufacturing Sector & OT systems
A comprehensive analysis reveals an alarming escalation in cyberattacks targeting the manufacturing sector, with state-sponsored threat actors and hacktivist groups increasingly focusing their efforts on operational technology systems that control critical industrial processes. The manufacturing sector has emerged as a…
Microsoft Defender for Endpoint Contained 120,000 & Saved 180,000 Devices From Cyberattack
Microsoft has achieved significant cybersecurity milestones in its fight against ransomware and advanced persistent threats, with its Defender for Endpoint platform successfully containing 120,000 compromised user accounts and protecting over 180,000 devices from cyberattacks in just the last six months. …
Russian Hacker Black Owl Attacking Critical Industries To Steal Financial Details
A sophisticated Russian hacktivist group operating under multiple aliases has emerged as a significant threat to critical infrastructure across Russia, employing advanced malware and social engineering techniques to infiltrate and destroy organizational systems. The group, known primarily as BO Team…
Wireshark Certified Analyst: Official Wireshark Certification Released for Security Professionals
The Wireshark Foundation has officially launched the Wireshark Certified Analyst (WCA-101) certification, marking a significant milestone in professional network analysis education. This comprehensive certification program, designed by industry experts including Wireshark creator Gerald Combs, validates advanced proficiency in packet analysis…
Apple’s iOS Activation Vulnerability Allows Injection of Unauthenticated XML Payloads
A critical security vulnerability has been discovered in Apple’s iOS activation infrastructure that allows attackers to inject unauthenticated XML payloads during the device setup phase. This flaw, affecting the latest iOS 18.5 stable release as of May 2025, exposes millions…
CISA Releases ICS Advisories Covering Vulnerabilities & Exploits
CISA issued three critical Industrial Control Systems (ICS) advisories on June 3, 2025, warning organizations about severe vulnerabilities affecting Schneider Electric and Mitsubishi Electric industrial automation products. These advisories highlight exploitable flaws that could enable remote code execution, authentication bypass,…
DollyWay World Domination Attack Hacked 20,000+ Sites & Redirects Users to Malicious Sites
A sophisticated cybercrime operation dubbed “DollyWay World Domination” has successfully infiltrated more than 20,000 WordPress websites since 2016, redirecting unsuspecting users to malicious destinations. The attack, named after the distinctive code snippet define (‘DOLLY_WAY’, ‘World Domination’) found within the malware,…
Threat Actors Bribed Overseas Support Agents to Steal Coinbase Customer Data
Cryptocurrency company Coinbase revealed a significant security incident in which cybercriminals successfully bribed overseas customer support agents to steal sensitive customer data, affecting less than 1% of monthly transacting users. Rather than pay a $20 million ransom demand, the company has…
Russian Dark Web Markets Most Popular Tools Fuels Credential Theft Attacks
Russian Market has emerged as the dominant force in the cybercriminal underground, establishing itself as what security experts describe as “the Amazon of stolen credentials.” This notorious marketplace has fundamentally transformed how threat actors acquire and exploit compromised account information,…
Cryptography Essentials – Securing Data with Modern Encryption Standards
Modern cryptography serves as the fundamental backbone of digital security, protecting sensitive data across networks, storage systems, and applications. As cyber threats evolve and computational power increases, implementing robust encryption standards has become critical for maintaining data confidentiality, integrity, and…
Custom Active Directory Client-Side Extensions Enable Stealthy Corporate Backdoors
A sophisticated method for establishing persistent backdoors in corporate networks through the abuse of custom Client-Side Extensions (CSEs) in Microsoft Active Directory environments. This technique leverages trusted Windows components to evade detection while providing attackers with privileged system access across…
Governments Losing Efforts To Gain Backdoor Access To Secure Communications – New Report
A comprehensive analysis reveals that government attempts to weaken encryption and gain backdoor access to secure communications are increasingly failing across multiple jurisdictions, as technology companies and cybersecurity experts continue to resist such measures on both technical and security grounds.…
How to Conduct a Red Team Exercise – Step-by-Step Guide
Red team exercises represent one of the most comprehensive approaches to evaluating an organization’s cybersecurity posture through simulated adversarial attacks. Unlike traditional penetration testing, red team exercises are full-scope, goals-focused adversarial simulation exercises that incorporate physical, electronic, and social forms…
New Research Reveals Strengths and Gaps in Cloud-Based LLM Guardrails
A comprehensive new study has exposed significant vulnerabilities and inconsistencies in the security mechanisms protecting major cloud-based large language model platforms, raising critical concerns about the current state of AI safety infrastructure. The research, which evaluated the effectiveness of content…
Understanding MITRE ATT&CK Framework – Practical Applications for Defenders
The MITRE ATT&CK framework has emerged as the de facto standard for understanding adversarial behavior in cybersecurity, providing defenders with a comprehensive knowledge base to systematically map, detect, and respond to threats. This framework transforms abstract threat intelligence into actionable…