Tag: Cyber Security News

A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems.  The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through…

Read more →

American First Finance, LLC, a Dallas-based financial services firm, suffered a significant insider breach when a recently terminated employee exploited unauthorized access to its production database.  The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer…

Read more →

A large-scale supply chain attack dubbed “Shai-Halud” that infiltrated the JavaScript ecosystem via the npm registry.  In total, 477 packages, including packages from CrowdStrike, were found to contain stealthy backdoors and trojanized modules designed to siphon credentials, exfiltrate source code,…

Read more →

A denial-of-service flaw in the Linux kernel’s KSMBD (SMB Direct) subsystem has raised alarms across the open-source community.  Tracked as CVE-2025-38501, the issue allows a remote, unauthenticated adversary to exhaust all available SMB connections by exploiting the kernel’s handling of…

Read more →

Luxury fashion company Kering has confirmed a data exfiltration incident in which threat actor Shiny Hunters accessed private customer records for Gucci, Balenciaga, and Alexander McQueen. The breach, detected in June but occurring in April, exposed personally identifiable information (PII)…

Read more →

Modern development workflows increasingly rely on AI-driven coding assistants to accelerate software delivery and improve code quality. However, recent research has illuminated a potent new threat: adversaries can exploit these tools to introduce backdoors and generate harmful content without immediate…

Read more →

In today’s complex digital landscape, where data breaches and cyberattacks are a constant threat, securing privileged accounts is more critical than ever. Privileged Access Management (PAM) is a core component of any robust cybersecurity strategy, focusing on managing and monitoring…

Read more →

RevengeHotels, a financially motivated threat group active since 2015, has escalated its operations against hospitality organizations by integrating large language model–generated code into its infection chain. Initially known for deploying bespoke RAT families such as RevengeRAT and NanoCoreRAT via phishing…

Read more →

The KillSec ransomware strain has rapidly emerged as a formidable threat targeting healthcare IT infrastructures across Latin America and beyond. First observed in early September 2025, KillSec operators have leveraged compromised software supply chain relationships to deploy their payloads at…

Read more →

Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading…

Read more →

A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS…

Read more →

Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications.  These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such…

Read more →

The cybersecurity landscape demands sophisticated tools to identify and exploit vulnerabilities effectively, with Nessus vs Metasploit representing one of the most powerful combinations in modern penetration testing. As cyber threats continue to evolve rapidly, security professionals require comprehensive solutions that…

Read more →

Attackers are increasingly leveraging sophisticated techniques to maintain long-term access in cloud environments, and a newly surfaced tool named AWSDoor is emerging as a major threat.  AWSDoor automates a range of IAM and resource-based persistence methods, allowing adversaries to hide…

Read more →

Since early 2025, the cybersecurity community has witnessed an unprecedented surge in distributed denial-of-service (DDoS) bandwidth, culminating in a record-shattering 11.5 Tbps assault attributed to a botnet named AISURU. Emerging from XLab’s continuous monitoring of global DDoS incidents, this botnet…

Read more →

SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader…

Read more →

Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications.  These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such…

Read more →

A new Rowhammer attack variant named Phoenix can bypass the latest protections in modern DDR5 memory chips, researchers have revealed. The attack is the first to demonstrate a practical privilege escalation exploit on a commodity system equipped with DDR5 RAM,…

Read more →

A 0-Click Linux Kernel KSMBD RCE Exploit From N-Day Vulnerabilities, achieving remote code execution on a two-year-out-of-date Linux 6.1.45 instance running the kernelspace SMB3 daemon, ksmbd.  By chaining two authenticated N-day flaws, CVE-2023-52440 and CVE-2023-4130, the exploit attains an unauthenticated…

Read more →

Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers…

Read more →