China-based threat actor Mustang Panda has emerged as one of the most sophisticated cyber espionage groups operating in the current threat landscape, with operations dating back to at least 2014. This advanced persistent threat (APT) group has systematically targeted government…
Tag: Cyber Security News
Salesloft Drift Hacked to Steal OAuth Tokens and Exfiltrate from Salesforce Corporate Instances
A sophisticated data exfiltration campaign targeting corporate Salesforce instances has exposed sensitive information from multiple organizations through compromised OAuth tokens associated with the Salesloft Drift third-party application. The threat actor, designated as UNC6395, systematically harvested credentials and sensitive data between…
New Hook Android Banking Malware With New Advanced Capabilities and Supports 107 Remote Commands
A sophisticated new variant of the Hook Android banking trojan has emerged with unprecedented capabilities that position it among the most advanced mobile malware families observed to date. This latest version, designated Hook Version 3, represents a significant evolution in…
Securden Unified PAM Vulnerability Let Attackers Bypass Authentication
Cybersecurity researchers have uncovered a critical security flaw in Securden Unified PAM that allows attackers to completely bypass authentication mechanisms and gain unauthorized access to sensitive credentials and system functions. The vulnerability, designated as CVE-2025-53118 with a CVSS score of…
New Attack Targeting ScreenConnect Cloud Administrators to Steal Login Credentials
A sophisticated credential harvesting campaign has emerged targeting ScreenConnect cloud administrators with spear phishing attacks designed to steal super administrator credentials. The ongoing operation, designated MCTO3030, has maintained consistent tactics since 2022 while operating largely undetected through low-volume distribution strategies…
First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption
A new ransomware has been identified, which is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components. Dubbed “PromptLock” by the ESET Research team that discovered it, the malware uses OpenAI’s…
How SOCs Triage Incidents in Seconds with Threat Intelligence
When every minute counts, it’s important to have access to fresh threat intelligence at the tip of your finger. That’s what all high-performing SOC teams have in common. Learn where to get relevant threat data for free and how to…
Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It
Online PDF editors have become common tools for quick document manipulation, providing convenient alternatives to desktop software. However, their cloud-based nature brings significant security vulnerabilities that both organizations and individuals must carefully consider. Recent cybersecurity research reveals that these platforms present…
Citrix NetScaler ADC and Gateway 0-Day RCE Vulnerability Actively Exploited in Attacks
Cloud Software Group has disclosed multiple high-severity vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that can lead to remote code execution (RCE) and denial of service (DoS). Exploitation of CVE-2025-7775 has been observed in…
Microsoft Unveils New Tool to Migrate VMware Virtual Machines From vCenter to Hyper-V
Microsoft has released a new VM Conversion extension for Windows Admin Center, designed to streamline the migration of VMware virtual machines from vCenter to Hyper-V environments. The preview tool, announced on August 20, 2025, provides enterprises with a cost-free solution…
Online PDF Editors are Safe? What are the Security Risks Associated With it
Online PDF editors have become ubiquitous tools for quick document manipulation, offering convenient alternatives to desktop software. However, their cloud-based nature introduces significant security vulnerabilities that organizations and individuals must carefully consider. Recent cybersecurity research reveals that these platforms present multiple…
French Retailer Auchan Cyberattack – Thousands of Customers Personal Data Exposed
Major French retail chain Auchan announced on August 21, 2025, that it suffered a significant cybersecurity incident resulting in the unauthorized access and theft of personal data from “several hundred thousand” customer loyalty accounts. The breach represents another critical example…
WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compression utilities. CVE-2025-6218 and CVE-2025-8088 represent sophisticated attack vectors that have enabled threat actors to…
PoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the Wild
Google has disclosed a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome, tracked as CVE-2025-5419. Before a patch could be rolled out to all users, proof-of-concept (PoC) exploit code had been published, and active exploitation had been…
OneFlip – New Attack Flips a Single Bit in Neural Networks for Stealthily Backdoor on AI Systems
In August 2025, researchers at George Mason University published a groundbreaking study at the 34th USENIX Security Symposium, introducing OneFlip, an inference-time backdoor attack that flips just one bit in full-precision neural networks to implant stealth triggers. Unlike traditional backdoor…
WhatsApp Desktop Users At Risk of Code Execution Attacks with Python on Windows PCs
WhatsApp Desktop users who have Python installed on their Windows PCs are at risk of arbitrary code execution due to a flaw in how the application handles Python archive files. A maliciously crafted .pyz file can be executed with a…
Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services
A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and…
X/Twitter The Most Aggressive Social Media App Collecting Users Location Information
A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App…
Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof
Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small…
Hackers Actively Scanning to Exploit Microsoft Remote Desktop Protocol Services From 30,000+ IPs
A massive coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with threat actors deploying over 30,000 unique IP addresses to probe for vulnerabilities in Microsoft RD Web Access and RDP Web Client authentication portals. The campaign represents one…