Former top NSA cyber official protests probationary firings Differing names for hackers hinders law enforcement, says security agent Google releases AI scam detection for Android to fight conversational fraud Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader…
Category: EN
LibreOffice Flaw Allows Attackers to Run Arbitrary Scripts via Macro URL
A significant security vulnerability in LibreOffice, designated as CVE-2025-1080, has been patched in versions 24.8.5 and 25.2.1, released on March 4, 2025. The flaw, which allowed attackers to execute arbitrary scripts through manipulated macro URLs, posed a severe risk to…
Critical IDOR Vulnerabilities in ZITADEL Let Hackers Modify Key Settings
Security researchers have disclosed critical Insecure Direct Object Reference (IDOR) vulnerabilities in ZITADEL’s administration interface that expose organizations to account takeover risks and unauthorized configuration changes. Tracked as CVE-2025-27507 with a CVSS v3.1 score of 9.1/10, these flaws allow authenticated users without proper permissions…
Google Announces GoStringUngarbler Tool to Decrypt Go Based Malware
In a landmark development for cybersecurity infrastructure, Google’s Mandiant subsidiary has unveiled GoStringUngarbler – an open-source deobfuscation framework designed to neutralize advanced string encryption techniques in Go-based malware. This innovation specifically targets binaries obfuscated using garble, an increasingly prevalent obfuscation…
15 Best Patch Management Tools In 2025
Patch management tools are essential for maintaining the security and efficiency of IT systems in 2025. These tools automate the process of identifying, testing, and deploying software updates and security patches across various operating systems and applications. Top contenders in…
50 World’s Best Cyber Security Companies – 2025
Cybersecurity has transformed from a niche technical field into a critical business priority that shapes organizational strategies worldwide. As we navigate through 2025, the cybersecurity industry continues to expand in response to increasingly sophisticated threats, digital transformation initiatives, and regulatory requirements. The global cybersecurity market is…
BreachRx Brings Generative AI to Security Incident Management
BreachRx this week added generative artificial intelligence (GenAI) capabilities to a security incident platform that promises to streamline workflows across all the stakeholders that need to collaborate. The post BreachRx Brings Generative AI to Security Incident Management appeared first on…
SecP0 Ransomware Gang Threatens to Expose Critical Vulnerabilities
A new ransomware collective dubbed SecP0 has emerged with a disruptive strategy that diverges sharply from conventional cybercriminal playbooks. Unlike traditional ransomware groups that focus on encrypting data or threatening to leak stolen information, SecP0 is now demanding ransoms in exchange for withholding…
Malicious Android App on Google Play Compromises 220,000+ Devices
Security researchers at ThreatLabz recently uncovered a sophisticated malware campaign operating through the Google Play Store, leveraging a seemingly benign application to distribute the Anatsa banking trojan (also known as TeaBot). The malicious app, disguised as a file manager and…
12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury
The U.S. Department of Justice (DOJ) unsealed indictments today against 12 Chinese nationals linked to state-sponsored cyber espionage campaigns targeting the U.S. Treasury Department, religious organizations, media outlets, and critical infrastructure. The charges reveal an extensive, decade-long operation leveraging advanced…
Bybit Hot Wallet Exploit for Malicious Transaction – Technical Analysis Released
Researchers uncovered one of the most technically sophisticated attacks in cryptocurrency history, exploiting Bybit’s Ethereum hot wallet infrastructure through a malicious proxy contract upgrade. The breach, attributed to North Korea’s Lazarus Group via blockchain fingerprinting, resulted in the theft of…
U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People’s…
Technical Analysis Released on Bybit Hot Wallet Exploit
Cryptocurrency exchange Bybit suffered a sophisticated smart contract exploit on February 21, 2025, resulting in the theft of 401,346.76 ETH (approximately $1.2 billion at the time of the incident). The attack vector leveraged advanced proxy contract manipulation through malicious delegatecall…
How to prevent data leakage in collaboration tools like Slack and Teams
In recent years, collaboration tools have become an absolute necessity for remote and hybrid work. This primarily increased during the COVID-19 pandemic due to the impossibility of communicating in person. So, tools like Slack, Microsoft Teams, and Zoom surged in…
Typosquatted Go Packages Distribute Malware Loader Targeting Linux and macOS
Researchers from Socket have identified an ongoing campaign involving at least seven typosquatted Go packages. These packages impersonate well-known Go libraries and are designed to deploy loader malware on Linux and macOS systems. Typosquatted packages are malicious software components designed…
41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks
Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks. Broadcom patched the vulnerability in an emergency update. It enables attackers with local administrative access…
The CISO’s bookshelf: 10 must-reads for security leaders
Discover essential reads for CISOs in this curated list of books covering cybersecurity leadership, risk management, zero trust, board communication, and more. Why CISOs Fail, 2nd Edition Author: Barak Engel Barak Engel expands on the ideas from his original 2017…
Google Unveils GoStringUngarbler to Crack Go-Based Malware Encryption
Google’s FLARE team has released GoStringUngarbler, an open-source tool designed to dismantle string obfuscation in Go binaries protected by the garble compiler. This innovation addresses growing concerns over malware authors exploiting garble’s advanced literal transformations, which render traditional static analysis ineffective.…
Mad, Bad, and Dangerous to Know: Cybercriminals are More Sophisticated than Ever
Cybercriminals are more sophisticated than ever, a new report from CrowdStrike reveals. Breakout times are falling, social engineering is becoming more common and effective, and cyber espionage – particularly that originating in China – is growing increasingly aggressive. “Our latest…
Silk Typhoon Targets IT Supply Chain in Evolving Cyber Campaign
Microsoft Threat Intelligence has warned of a shift in tactics by Silk Typhoon, a Chinese espionage group that is now exploiting vulnerabilities in common IT solutions—including remote management tools and cloud applications—to gain initial access to target entities. The software…