A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks. The malware targets Next.js deployments by exploiting two critical vulnerabilities, CVE-2025-29927 and…
Tag: Cyber Security News
Threat Actors Advertising ‘MioLab MacOS’ Infostealer on an Underground Forum
A new malware threat targeting macOS users has emerged on underground cybercrime forums, with threat actors marketing a sophisticated information-stealing tool called “MioLab MacOS.” This resident infostealer comes equipped with a web-based control panel and customizable settings, making it an…
JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege
The JumpCloud Remote Assist vulnerability (CVE-2025-34352) exposes Windows systems to local privilege escalation and denial-of-service attacks. Discovered by XM Cyber researcher Hillel Pinto, the flaw stems from insecure file operations in the agent’s uninstaller. The JumpCloud Remote Assist for Windows…
Jaguar Land Rover Confirms Employee Data Stolen in August Cyberattack
Jaguar Land Rover (JLR), the iconic British luxury automaker, has finally disclosed that a cyberattack in August compromised sensitive data on current and former employees. This marks the company’s first public acknowledgment of the breach’s scope, following a production shutdown…
xHunt APT Hackers Attacking Microsoft Exchange and IIS Web Servers to Deploy Custom Backdoors
The xHunt advanced persistent threat group has firmly established itself as a sophisticated cyber-espionage actor, orchestrating targeted campaigns against organizations in Kuwait. Since its emergence in 2018, the group has focused intently on the government, shipping, and transportation sectors. Their…
Microsoft Recent Update Breaks VPS Access for Windows Subsystem for Linux Users
Microsoft’s October 2025 non-security update is disrupting virtual private server (VPS) access for Windows Subsystem for Linux (WSL) users, particularly those relying on third-party VPNs for enterprise connectivity. Released on October 28, 2025, as KB5067036, the update targets OS builds…
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
A severe security vulnerability has been uncovered in pgAdmin 4, the popular open-source PostgreSQL database management tool. Tracked as CVE-2025-13780, this critical flaw allows attackers to bypass security filters and execute arbitrary shell commands on the host server. The issue…
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from the use of a hard-coded encryption key in the application, which enables threat…
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on affected Linux systems. NVIDIA researchers have identified two vulnerabilities in Merlin components that leverage insecure deserialization.…
New Android Malware Frogblight Mimics as Official Government Websites to Collect SMS and Device Details
A sophisticated Android banking Trojan named Frogblight has emerged as a significant threat targeting Turkish users, employing deceptive tactics to steal banking credentials and personal data. Discovered in August 2025, this malware initially disguised itself as an application for accessing…
Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support
Wireshark 4.6.2, the latest version of the leading open-source network protocol analyzer, addresses critical crash vulnerabilities and plugin compatibility issues. This maintenance release prioritizes stability for users in troubleshooting and security analysis. Developers patched two denial-of-service vulnerabilities identified in recent…
Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access
A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers. The flaw, tracked as CVE-2025-66430, exists within Plesk’s Password-Protected Directories feature and allows attackers to inject arbitrary data…
New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials
A sophisticated Android malware campaign named NexusRoute is actively targeting Indian citizens by impersonating government services. The operation uses fake versions of the official mParivahan and e-Challan applications to harvest login credentials and financial information from unsuspecting users. This coordinated…
New ARTEMIS AI Agent Outperformed 9 out of 10 Human Penetration Testers in Detecting Vulnerabilities
Researchers from Stanford University, Carnegie Mellon University, and Gray Swan AI have unveiled ARTEMIS, a sophisticated AI agent framework that demonstrates remarkable competitive capabilities against seasoned cybersecurity professionals. In the first-ever comprehensive comparison of AI agents against human experts in…
New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code
A novel social engineering campaign, dubbed ClickFix, has been identified, which cleverly employs an old Windows command-line tool, finger.exe, to install malware on victims’ systems. This attack begins with a deceptive CAPTCHA verification page, tricking users into running a script…
Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity
Storm-0249, once known primarily as a mass phishing group, has undergone a significant transformation into a sophisticated initial access broker specializing in precision attacks. This evolution marks a critical shift in threat tactics, moving away from noisy phishing campaigns toward…
Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits
Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues, Shannon operates as a fully…
New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data
Gentlemen ransomware, first identified in August 2025, has rapidly evolved into a significant threat targeting corporate networks globally. Operating on a double extortion model, this group exfiltrates sensitive data before encrypting it, ensuring they can leverage stolen information even if…
Microsoft December 2025 Security Updates Breaking Message Queuing (MSMQ) Functionality Affects IIS Sites
Microsoft’s December 2025 security updates have unleashed an unexpected headache for enterprise admins relying on Message Queuing (MSMQ). Installed via KB5071546 on December 9, the patch targeting OS Build 19045.6691 alters MSMQ’s security model, leading to widespread failures in queue…
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation
A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still…