Tag: Cyber Security News

Significant vulnerabilities uncovered in Volkswagen’s connected car app that exposed sensitive personal information and complete service histories of vehicles worldwide.  The flaws disclosed allowed unauthorized access to user data through simple exploits requiring only a vehicle’s VIN number, which is…

Read more →

CISA to remove standard cybersecurity alerts and advisories from its website. On May 12, 2025, CISA announced it would no longer post routine cybersecurity updates to its “Cybersecurity Alerts & Advisories” webpage, instead shifting to distribution exclusively through social media platforms…

Read more →

Advanced Persistent Threats (APTs) represent one of the most formidable challenges facing enterprises today, emphasizing the critical need for effective detection and response strategies for enterprises in the ever-evolving digital landscape. These sophisticated, stealthy, and targeted cyberattacks are orchestrated by…

Read more →

In the ever-evolving cybersecurity landscape, fileless malware has emerged as one of the most dangerous threats organizations face in 2025. Unlike traditional malware that leaves traces on hard drives, fileless attacks operate entirely within a computer’s memory, making them exceptionally…

Read more →

A sophisticated malware strain called ModiLoader (also known as DBatLoader) has emerged as a significant threat to Windows users, specifically targeting individuals through carefully crafted phishing campaigns. The malware, discovered in recent attacks, employs a multi-stage infection process that ultimately…

Read more →

Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers to execute malicious code on users’ systems.  The vulnerabilities affect multiple versions of the popular web browser and require immediate attention from…

Read more →

Security researchers successfully exploited multiple zero-day vulnerabilities in Windows 11, VMware ESXi, and Mozilla Firefox during the final day of Pwn2Own Berlin 2025, demonstrating sophisticated attack techniques that netted $383,750 in rewards.  The event concluded with a record-breaking total payout…

Read more →

A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems to local privilege escalation attacks.  Tracked as CVE-2025-4802 and publicly disclosed on May 16, 2025, this vulnerability could allow attackers to execute arbitrary code by…

Read more →

Delegated Managed Service Accounts (dMSAs), introduced in Windows Server 2025, represent Microsoft’s latest innovation in secure service account management.  While designed to enhance security by preventing traditional credential theft attacks like Kerberoasting, security researchers have uncovered potential abuse vectors that…

Read more →

A critical vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) that could allow attackers to execute malicious code on affected systems remotely. The vulnerability, tracked as CVE-2025-21297, was disclosed by Microsoft in their January 2025 security updates and has since…

Read more →

A new information-stealing malware dubbed “PupkinStealer” has been identified by cybersecurity researchers, targeting sensitive user data through a straightforward yet effective approach. First observed in April 2025, this .NET-based malware written in C# focuses on stealing browser credentials, messaging app…

Read more →

The cybersecurity landscape in 2025 is defined by increasingly sophisticated malware threats, with attackers leveraging artificial intelligence, evasion tactics, and polymorphic code to bypass traditional defenses. Stealers, ransomware, and remote access trojans (RATs) dominate the threat matrix, while AI-driven malware…

Read more →

As artificial intelligence transforms industries and enhances human capabilities, the need for strong AI security frameworks has become paramount. Recent developments in AI security standards aim to mitigate risks associated with machine learning systems while fostering innovation and building public…

Read more →

Cryptocurrency exchanges are intensifying security measures in 2025 to focus on preventing phishing attacks, as these scams reach alarming levels and have caused millions in losses for investors. As digital assets continue gaining mainstream adoption, cybercriminals deploy increasingly sophisticated techniques…

Read more →

As AI systems using adversarial machine learning integrate into critical infrastructure, healthcare, and autonomous technologies, a silent battle ensues between defenders strengthening models and attackers exploiting vulnerabilities. The field of adversarial machine learning (AML) has emerged as both a threat…

Read more →

A severe privilege escalation vulnerability has been discovered in the popular WordPress plugin Eventin, putting more than 10,000 websites at risk of complete compromise. The vulnerability, now tracked as CVE-2025-47539, allows unauthenticated attackers to create administrator accounts without any user…

Read more →

NGINX monitoring tools ensure NGINX web servers’ optimal performance and reliability. These tools provide comprehensive insights into server metrics such as uptime, response time, request rates, and error rates. They enable administrators to track real-time performance, detect anomalies, and troubleshoot…

Read more →

A sophisticated ransomware campaign specifically targeting and mocking supporters of Elon Musk has been identified by cybersecurity experts. The attack, identified as a variant of Fog Ransomware, employs multi-stage PowerShell scripts and Netlify-hosted payloads to execute its malicious code. This…

Read more →

As decentralized systems mature, 2024–2025 has emerged as a watershed period for blockchain security, marked by sophisticated cyberattacks, novel attack vectors, and landmark regulatory interventions. While stolen cryptocurrency values declined compared to previous years, falling to $1.7 billion in 2023-the…

Read more →

A new advanced supply chain attack targeting the Node Package Manager (NPM) ecosystem has emerged, leveraging Google Calendar as a covert command and control (C2) channel. Cybersecurity experts discovered the malware embedded in seemingly legitimate JavaScript libraries that, once installed,…

Read more →