A significant supply chain attack targeting cryptocurrency users. The official XRPL (Ripple) NPM package, which serves as the JavaScript SDK for the XRP Ledger, was compromised with malicious code designed to steal cryptocurrency private keys, potentially affecting hundreds of thousands…
Tag: Cyber Security News
The Evolving Role of the CISO – Balancing Risk and Innovation in the Digital Age
The Evolving role of the Chief Information Security Officer (CISO) has transcended its roots in technical oversight to become a cornerstone of organizational strategy. As digital transformation accelerates, fueled by cloud computing, artificial intelligence, and IoT, CISOs grapple with a…
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection
In the rapidly evolving world of cybersecurity, organizations are confronted with increasingly sophisticated threats that demand a coordinated and multi-layered defense approach. The days of relying on isolated security tools are long gone, as modern attack vectors now target various…
FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code
A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective. The vulnerability, tracked as CVE-2025-0618, was disclosed today and highlights the ongoing challenges in…
Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds
Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval. These critical flaws, discovered in wallets including Stellar Freighter, Frontier Wallet, and Coin98, represent a significant shift in attack vectors against crypto…
Synology Network File System Vulnerability Let Read Any File
A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization. The vulnerability, tracked as CVE-2025-1021 and detailed in…
Hackers Weaponized Google Forms to Evade Email Security & Steal Logins
Google Forms, the tech giant’s widely used survey tool, has become a favored weapon in cybercriminals’ arsenal. It enables them to bypass sophisticated email security filters and harvest sensitive credentials. Security researchers have identified a surge in attacks that leverage…
How Script-based Malware Attacks Work: Modern Examples
Script-based malware is malicious software written in scripting languages like JavaScript, Python, PowerShell, or VBScript. Unlike traditional malware that relies on compiled executables, script-based malware leverages scripts that execute as human-readable code interpreted at runtime Scripts have become increasingly popular…
Hackers Exploiting Microsoft 365 OAuth Workflows to Target Organizations
A new campaign by Russian threat actors. These actors are exploiting legitimate Microsoft OAuth 2.0 authentication workflows to compromise targeted organizations. Since early March 2025, these sophisticated attacks have primarily focused on individuals and organizations with ties to Ukraine and…
Understanding Cyber Risk Appetite – A CISO’s Approach to Risk Management
Cyber risk appetite represents the amount and type of cyber risk an organization is willing to accept to pursue its strategic objectives. In today’s complex digital landscape, understanding and effectively communicating cyber risk appetite has become a critical leadership function…
Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape
The pace of technological change in today’s business environment is unprecedented. Organizations are racing to adopt cloud computing, artificial intelligence, and automation to stay competitive, while cyber threats grow in sophistication and frequency. This dual reality means that innovation and…
New Malware Hijacking Docker Images with Unique Obfuscation Technique
A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado Security Labs have analyzed this campaign, revealing both the technical…
RBI Directs All Indian Banks to Transition to .bank.in Domains
The Reserve Bank of India (RBI) has issued a directive requiring all banking institutions in the country to migrate their web presence to the new .bank.in domain by October 31, 2025. This landmark cybersecurity initiative aims to create a more…
Marks & Spencer Confirms a Cyberattack Hits Payments & Online Orders
British retail giant Marks & Spencer (M&S) has confirmed it is dealing with a significant cyber incident that has disrupted contactless payment systems and its Click and Collect service, leaving customers frustrated during the Easter holiday period. The attack, which…
Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents
Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Windows users. The attack exploits a well-known vulnerability to deploy FormBook, a dangerous malware variant designed…
Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls
Zyxel Networks has released critical security patches to address two high-severity vulnerabilities in its USG FLEX H series firewalls that could potentially allow attackers to escalate privileges and gain unauthorized access to affected devices. The security advisory, published on April…
From Response to Resilience – Shifting the CISO Mindset in Times of Crisis
In an era where cyber threats evolve faster than defense mechanisms, Chief Information Security Officers (CISOs) must transition their leadership approach from response to resilience. The traditional focus on prevention and rapid response is no longer sufficient; resilience has emerged…
Hackers Attacking Organization With New Malware Mimic as Networking Software Updates
A sophisticated backdoor targeting various large Russian organizations across government, finance, and industrial sectors has been uncovered during a cybersecurity investigation in April 2025. The malware, which masquerades as legitimate updates for ViPNet secure networking software, enables attackers to steal…
The Role of AI in Modernizing Cybersecurity Programs – Insights for Security Leaders
In the face of relentless cyber threats and an ever-expanding digital attack surface, security leaders are under growing pressure to modernize their cybersecurity programs by leveraging AI in cybersecurity to enhance detection, response, and overall resilience. Artificial Intelligence (AI) has…
CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB. These advisories, published on April 22, 2025, provide detailed information on security flaws, associated…