A critical vulnerability in Axis Communications’ Autodesk Revit plugin has exposed Azure Storage Account credentials, creating significant security risks for customers and potentially enabling supply chain attacks targeting the architecture and engineering industry. The vulnerability stems from hardcoded credentials embedded…
Tag: Cyber Security News
North Korean Hackers Attacking Developers with 338 Malicious npm Packages
North Korean state-sponsored threat actors have intensified their supply chain attacks against software developers through a sophisticated campaign dubbed “Contagious Interview,” deploying 338 malicious npm packages that have accumulated over 50,000 downloads. The operation represents a dramatic escalation in the…
Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices
The cybersecurity landscape witnessed a concerning development as threat actors discovered a novel attack vector targeting Microsoft Edge’s Internet Explorer mode functionality. This sophisticated campaign emerged in August 2025, exploiting the inherent security weaknesses of legacy browser technology to compromise…
Scattered Lapsus$ Hunters Claim to Have Stolen More Than 1 Billion Salesforce Records
Scattered Lapsus$ Hunters, a threat group previously associated with high-profile data thefts, recently claimed responsibility for exfiltrating over one billion records from Salesforce environments worldwide. Emerging in mid-2025, the group has honed its tactics to exploit misconfigurations in cloud identities…
Linux Kernel 6.18-rc1 Released With Extensive Updates Following a Steady Merge Window
Linus Torvalds has announced the release of Linux 6.18-rc1, marking the start of the release candidate phase for the upcoming kernel version. In his typical straightforward style, Torvalds noted that the merge window concluded smoothly after two weeks, with the…
PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation
A critical vulnerability in Lenovo’s Dispatcher drivers has come under the spotlight after researchers released a proof-of-concept exploit that demonstrates privilege escalation on affected Windows systems. Identified as CVE-2025-8061, this flaw stems from insufficient access controls in the drivers, potentially…
New WhatsApp Worm Attacks Users with Banking Malware to Users Login Credentials
Security researchers have identified a sophisticated malware campaign that exploits WhatsApp’s messaging platform to deploy banking trojans targeting Brazilian financial institutions and cryptocurrency exchanges. The self-propagating worm, which emerged on September 29, 2025, demonstrates advanced evasion techniques and multi-stage infection…
Microsoft Intune MDM and Entra ID Leveraged to Elevate your Trust in Device Identity
New research uncovers valuable insights hidden within Microsoft Intune’s Mobile Device Management (MDM) certificates, offering a more reliable way to verify device and tenant identities compared to traditional methods like registry values. These certificates, issued to enrolled devices, contain Object…
Threat Actors Weaponize Discord Webhooks for Command and Control with npm, PyPI, and Ruby Packages
Cybercriminals have discovered a novel way to co-opt Discord webhooks as surrogate command-and-control (C2) channels across popular language ecosystems. Unlike traditional C2 servers, webhooks offer free, low-profile exfiltration that blends seamlessly into legitimate HTTPS traffic. Over the past month, malicious…
New RMPocalypse Attack Let Hackers Break AMD SEV-SNP To Exfiltrate Confidential Data
A critical vulnerability in AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), a cornerstone of confidential computing deployed by major cloud providers like AWS, Azure, and Google Cloud. Dubbed RMPocalypse, the attack exploits a flaw in the initialization of…
Astaroth Banking Malware Leveraging GitHub to Host Malware Configurations
A new wave of the Astaroth banking trojan has emerged, leveraging a novel approach to distribute its malicious configuration files. First detected in late 2025, this latest campaign employs GitHub’s raw content service to host encrypted JSON configurations containing target…
New Stealit Malware Attacking Windows Systems Abuses Node.js Extensions
A sophisticated new malware campaign targeting Windows systems has emerged, leveraging Node.js Single Executable Application (SEA) features to distribute malicious payloads while evading traditional detection mechanisms. The Stealit malware represents a significant evolution in malware-as-a-service operations, combining advanced obfuscation techniques…
Happy DOM Vulnerability Exposes 2.7 Million Users To Remote Code Execution Attacks
A significant security flaw has been discovered in Happy DOM, a popular JavaScript DOM implementation, affecting versions up to v19. This vulnerability places systems at risk of Remote Code Execution (RCE) attacks, potentially impacting the package’s 2.7 million weekly users.…
EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed
A recent analysis from researcher Itamar Hällström has revealed the technical workings and forensic trail of “EDR-Freeze,” a proof-of-concept technique that temporarily disables security software. By abusing legitimate Windows components, this method can place Endpoint Detection and Response (EDR) and…
SonicWall SSLVPN Under Attack Following the Breach of All Customers’ Firewall Backups
A surge in attacks targeting SonicWall SSLVPN devices, affecting numerous customer networks, just weeks after a major breach exposed sensitive firewall data. Starting October 4, 2025, threat actors have rapidly authenticated into over 100 accounts across 16 environments, using what…
RealBlindingEDR Tool That Permanently Turns Off AV/EDR Using Kernel Callbacks
An open-source tool called RealBlindingEDR enables attackers to blind, permanently disable, or terminate antivirus (AV) and endpoint detection and response (EDR) software by clearing critical kernel callbacks on Windows systems. Released on GitHub in late 2023, the utility leverages signed…
Oracle E-Business Suite RCE Vulnerability Exposes Sensitive Data to Hackers Without Authentication
Oracle has disclosed a critical vulnerability in its E-Business Suite that enables unauthenticated attackers to remotely access sensitive data, raising alarms for enterprises relying on the platform for core operations. Tracked as CVE-2025-61884, the flaw affects the Oracle Configurator component…
Cybersecurity Newsletter Weekly – Discord, Red Hat Data Breach, 7-Zip Vulnerabilities and Sonicwall Firewall Hack
Welcome to this week’s edition of the Cybersecurity Newsletter Weekly, where we dive into the most pressing threats and vulnerabilities shaping the digital landscape. As cyber risks continue to evolve at breakneck speed, our October 12, 2025, roundup spotlights a…
VirusTotal Simplifies User Options With Platform Access and New Contributor Model
VirusTotal (VT) is making important changes to its platform access and pricing. These updates aim to improve accessibility and strengthen its commitment to collaboration. The initiative, detailed in a recent company announcement, aims to simplify user options while reinforcing VT’s…
Hackers Can Inject Malicious Code into Antivirus Processes to Create a Backdoor
A new technique enables attackers to exploit antivirus software by injecting harmful code directly into the antivirus processes. This approach makes it easier for them to evade detection and compromise the security that antivirus software is designed to provide. This…