Tag: Cyber Security News

A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core internet infrastructure remains under extreme load. The previous record of 22Tbps, quietly broken in Q3…

Read more →

The open-source software supply chain recently encountered a deceptive threat in the form of evm-units, a malicious Rust crate published by the author ablerust. Masquerading as a standard utility for verifying Ethereum Virtual Machine (EVM) versions, the package accumulated thousands…

Read more →

A significant supply chain security breach has emerged with the discovery of Shai-Hulud 2.0, a sophisticated malware that has compromised over 30,000 GitHub repositories since its emergence on November 24, 2025. This worm-like malware represents a growing threat to the…

Read more →

A serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus product from K7 Computing, was found by abusing named pipes with overly permissive access control lists. This flaw enables low-privileged users to manipulate registry settings and achieve SYSTEM-level access…

Read more →

Microsoft has silently patched a Windows shortcut vulnerability that threat actors have been exploiting since 2017 to hide malicious commands from users inspecting file properties. The flaw, tracked as CVE-2025-9491, was addressed in Microsoft’s November 2025 Patch Tuesday updates but…

Read more →

On Thanksgiving eve, a sophisticated threat actor known as Storm-0900 launched a high-volume phishing campaign targeting users across the United States. Microsoft Threat Intelligence security analysts detected and blocked this coordinated attack consisting of tens of thousands of emails designed…

Read more →

MuddyWater, an Iran-aligned cyberespionage group also known as Mango Sandstorm, has launched a new, highly targeted campaign against critical infrastructure in Israel and Egypt. Active from September 2024 through March 2025, the group zeroed in on diverse sectors including engineering,…

Read more →

CISA has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The vulnerabilities affect the Android OS and pose significant risks to millions of mobile devices worldwide. CISA added the vulnerabilities…

Read more →

Microsoft has officially confirmed a critical issue affecting enterprise and managed environments running Windows 11 versions 24H2 and 25H2. The bug, first triggered by cumulative updates released in July 2025, causes widespread failures in essential UI components, rendering the desktop…

Read more →

A critical security flaw in the popular “King Addons for Elementor” WordPress plugin has left thousands of websites at risk of complete takeover, security researchers have warned. The vulnerability, tracked as CVE-2025-8489, allows unauthenticated attackers to register new accounts with…

Read more →

A new and dangerous phishing campaign is targeting organizations with a deceptive “Executive Award” theme that combines social engineering with advanced malware delivery. This two-stage attack first tricks users into sharing their login credentials through a fake HTML form, then…

Read more →

A concerning development has emerged within the cybercriminal ecosystem as threat actors continue distributing K.G.B RAT, a remote access trojan bundled with advanced detection evasion capabilities. According to recent reports, this tool combination surfaced on underground forums and has caught…

Read more →

A critical warning regarding a severe authentication vulnerability affecting Iskra’s iHUB and iHUB Lite intelligent metering gateways used in energy infrastructure worldwide. The flaw, tracked as CVE-2025-13510, carries a CVSS v4 severity score of 9.3, indicating an exploit that requires…

Read more →

A critical Stored XSS vulnerability in Angular’s template compiler (CVE-2025-66412) allows attackers to execute arbitrary code by weaponizing SVG animation attributes. Bypassing Angular’s built-in security sanitization mechanisms and affecting applications using versions below 19.2.17, 20.3.15, or 21.0.2. The Angular template…

Read more →

Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum…

Read more →

Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July…

Read more →

Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced…

Read more →

The development team has officially released essential security updates to address two significant vulnerabilities found in the popular web framework. These issues range from high to moderate severity. They could allow attackers to compromise database integrity or crash servers through…

Read more →

Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac. This significant update addresses 13 security vulnerabilities, including several high-severity flaws that could allow attackers to execute arbitrary…

Read more →

Dashcams have become essential devices for drivers worldwide, serving as reliable witnesses in case of accidents or roadside disputes. However, a team of Singaporean cybersecurity researchers has uncovered a disturbing reality: these seemingly harmless devices can be hijacked within seconds…

Read more →