Tag: Cyber Security News

Broadcom’s VMware division has disclosed critical security vulnerabilities in its virtualization products, including a high-severity flaw that could allow authenticated users to execute arbitrary commands on affected systems. Today’s security advisory addresses four distinct vulnerabilities affecting multiple VMware products with…

Read more →

In an age where smartphones contain our most sensitive information, phishing attacks targeting iPhone users have surged dramatically. According to recent reports, phishing messages have increased by 202% in the second half of 2024, with credential-based phishing attacks skyrocketing by…

Read more →

Microsoft is introducing artificial intelligence capabilities directly into Windows 11’s File Explorer, allowing users to manipulate files without opening dedicated applications.  Announced in Windows 11 Insider Preview Build 26200.5603 (KB5058488) released to the Dev Channel on May 19, 2025, this…

Read more →

A critical security vulnerability discovered in the popular Motors WordPress theme has exposed approximately 22,000 websites to significant risk.  Security researchers have identified a privilege escalation vulnerability that allows unauthenticated attackers to take over administrative accounts, potentially compromising the entire…

Read more →

A sophisticated employment scam network linked to the Democratic People’s Republic of Korea (DPRK) has been identified targeting remote technology positions in Western companies. These threat actors are posing as Polish and US nationals to secure employment in engineering and…

Read more →

The phishing attack landscape continues to evolve in 2025, with cybercriminals using more sophisticated techniques to bypass security measures, emphasizing the need for phishing attack prevention. Phishing remains one of the most prevalent and damaging cyber threats facing organizations worldwide.…

Read more →

Adidas Korea has announced a security breach affecting customer data, marking the second major incident in the fashion industry targeting Korean consumers this month. The sportswear giant revealed that unauthorized access was gained through a third-party customer service provider, compromising…

Read more →

A sophisticated malware campaign leveraging search engine optimization (SEO) poisoning on Microsoft Bing has emerged, delivering the notorious Bumblebee malware to unsuspecting users. The campaign, identified in May 2025, specifically targets users searching for specialized software tools, demonstrating a concerning…

Read more →

The Tor Project has announced the release of Tor Browser 14.5.2, available since May 18, 2025. This latest version delivers important security updates to Firefox and addresses several bugs, continuing the organization’s commitment to providing robust privacy protection for users…

Read more →

Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting Koishi chatbot users through a malicious npm package. The package, identified as “koishi-plugin-pinhaofa,” appears innocuous but contains a hidden data exfiltration mechanism that monitors all messages processed by the chatbot.…

Read more →

A severe privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation has allowed any caller to track the physical location of O2 customers without their knowledge or consent.  The flaw leaked detailed location metadata and device identifiers during normal…

Read more →

Major telecommunications networks across Spain have gone down early on Tuesday, May 20, 2025, following a network update by Spanish telecommunications giant Telefónica. The outage has affected fixed-line infrastructure and mobile services nationwide, with particularly severe disruptions reported in Madrid,…

Read more →

While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these…

Read more →

Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after…

Read more →

A sophisticated phishing campaign linked to Tycoon2FA is actively targeting Microsoft 365 users by employing an unusual URL manipulation technique. The attack leverages malformed URL prefixes with backslash characters (https:\$$ instead of the standard forward slashes (https://) to bypass security…

Read more →

A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose…

Read more →

Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution.  The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding…

Read more →

A secrete investigation by Progressive International, Expose Accenture, and the Movement Research Unit, dubbed the “Accenture Files,” has unveiled the pivotal role of Accenture, the world’s largest consultancy firm, in fueling a global surge toward surveillance, exclusion, and authoritarianism. The…

Read more →

A sophisticated phishing campaign exploiting the popularity of Zoom meetings has emerged, targeting corporate users with fake meeting invitations that appear to come from colleagues. The attack uses social engineering tactics to create a sense of urgency, prompting victims to…

Read more →