Tag: Cyber Security News

In a sophisticated cyberattack campaign uncovered in early 2025, threat actors created counterfeit versions of popular AI image generation platform Kling AI to deliver malware to unsuspecting users. Kling AI, which has amassed over 6 million users since its June…

Read more →

A critical security vulnerability has been identified in numerous Lexmark printer models that could allow attackers to execute arbitrary code remotely.  Designated as CVE-2025-1127, this critical flaw affects the embedded web server in various Lexmark devices and poses significant risks…

Read more →

Palo Alto Networks has disclosed a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-0133, affecting the GlobalProtect gateway and portal features of its PAN-OS software.  The flaw enables execution of malicious JavaScript in authenticated Captive Portal user browsers when victims…

Read more →

A sophisticated phishing campaign targeting Microsoft Office 365 users has emerged, combining several advanced techniques to evade detection and harvest credentials. The attack, identified in early April 2025, leverages encrypted HTML files, content delivery networks (CDNs), and malicious npm packages…

Read more →

Multiple vulnerabilities in Foscam X5 IP cameras allow remote attackers to execute arbitrary code without authentication.  The flaws, disclosed on May 21, 2025, affect the UDTMediaServer component in Foscam X5 version 2.40 and prior firmware releases.  Despite repeated attempts to…

Read more →

Security researchers have identified a sophisticated threat actor named “Hazy Hawk” that’s hijacking abandoned cloud resources from high-profile organizations worldwide to distribute scams and malware. Active since at least December 2023, the group exploits DNS misconfigurations to take control of…

Read more →

The More_Eggs malware, a sophisticated JavaScript backdoor operated by the financially motivated Venom Spider (also known as Golden Chickens) threat group, has emerged as a significant threat to corporate environments. This backdoor is particularly concerning as it’s distributed through a…

Read more →

A sophisticated campaign by the Kimsuky Advanced Persistent Threat (APT) group has been identified, utilizing elaborate PowerShell payloads to deliver the dangerous XWorm Remote Access Trojan (RAT). This North Korean-linked threat actor has evolved its tactics, leveraging heavily obfuscated PowerShell…

Read more →

A new sophisticated Linux cryptojacking campaign called RedisRaider has emerged, targeting vulnerable Redis servers across the internet. This aggressive malware exploits misconfigured Redis instances to deploy cryptocurrency mining software, effectively turning compromised systems into digital mining farms for the attackers.…

Read more →

As iPhones become the central hub for personal and professional life, Apple’s iCloud service has grown indispensable for millions of users. iCloud seamlessly syncs photos, contacts, documents, and backups across devices, but this convenience also makes it a prime target…

Read more →

Cybersecurity experts have identified a new attack vector where threat actors are deploying malicious Python packages that exploit social media platforms’ internal APIs to validate stolen credentials. These packages, published on the Python Package Index (PyPI), specifically target TikTok and…

Read more →

As Android continues to dominate the global smartphone market, the platform’s open nature and vast app ecosystem remain both a strength and a vulnerability. In 2025, app-based threats on Android devices are more sophisticated than ever, targeting users through malware,…

Read more →

Apple’s Lockdown Mode offers an extreme security level for users who may be targeted by sophisticated cyberattacks. While most iPhone users will never need this feature, knowing how to activate it could be crucial for those at higher risk of…

Read more →

Microsoft is set to roll out a new OneDrive feature that will prompt users to sync their personal Microsoft accounts with their corporate OneDrive accounts on Windows devices. While designed to streamline file access, this update has raised significant security…

Read more →

As Android continues to dominate the global mobile operating system market with a 71.65% share, its security landscape has evolved to address escalating cyber threats. In 2025, enterprises and individual users face sophisticated challenges, from ransomware targeting corporate fleets to…

Read more →

A sophisticated malware campaign targeting Russian businesses has intensified significantly in 2025, with attackers leveraging weaponized RAR archives to deliver the dangerous PureRAT backdoor and PureLogs stealer. These attacks, which began in March 2023, have seen a fourfold increase in…

Read more →

In 2025, Android users will face an increasingly sophisticated malware landscape, with evolving threats that leverage artificial intelligence, advanced evasion techniques, and new attack vectors. Despite efforts to bolster security, research indicates that malware continues to pose significant risks to…

Read more →

Serviceaide, Inc. announced a significant data security breach affecting approximately 480,000 Catholic Health patients.  The incident, which occurred due to an improperly secured Elasticsearch database, exposed sensitive patient information for nearly seven weeks between September and November 2024.  Though no…

Read more →

When it comes to cyber threats, data alone isn’t enough. Security Operations Center (SOC) teams are flooded with indicators of compromise (IOCs), but without context, these signals often fall short of driving meaningful action.   Data only makes a difference when…

Read more →

CISA has recently expanded its Known Exploited Vulnerabilities (KEV) Catalog to include a significant security flaw affecting the MDaemon Email Server, tracked as CVE-2024-11182.  This vulnerability, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation, commonly known as…

Read more →