In a concerning evolution of cybercrime, security researchers have identified a new threat known as “VibeScamming” – where malicious actors leverage generative AI to create sophisticated phishing campaigns with minimal effort. This technique, inspired by the concept of “VibeCoding” (using…
Tag: Cyber Security News
28-Year-Old Lost 2 Lakhs by Just Downloading Image in WhatsApp
A 28-year-old man from Maharashtra became the latest victim of a sophisticated WhatsApp scam. Pradeep Jain, unsuspecting and going about his daily routine, lost over Rs 2 lakh from his bank account—all because he downloaded a single image sent by an…
Windows Defender Policies Bypassed Using WinDbg Preview via Microsoft Store
A significant vulnerability in Windows Defender Application Control (WDAC) implementations, demonstrating how attackers can circumvent strict security policies through Microsoft’s own debugging tool. The exploit leverages WinDbg Preview, available through the Microsoft Store, to inject malicious code into legitimate processes,…
Threat Actors Allegedly Selling Baldwin Killer That Bypasses AV & EDR
A sophisticated malware tool dubbed “Baldwin Killer” is reportedly being marketed on underground forums as a powerful solution for bypassing antivirus (AV) and endpoint detection and response (EDR) security products. Security researchers have identified a forum listing offering this tool…
Ransomware Attack on Banks Costs an Average of $6.08 Million Along With Downtime & Reputation Loss
Financial institutions worldwide are facing unprecedented ransomware threats, with new data revealing the staggering economic impact these attacks inflict. In 2024, the average cost of data breaches in the banking sector has reached $6.08 million per incident, marking a 10%…
Bypassing AVs and EDRs With New Command-Line Obfuscation Technique
Researchers have uncovered advanced command-line obfuscation methods that allow attackers to bypass detection systems such as antivirus (AV) and endpoint detection and response (EDR) platforms. The techniques, detailed in a comprehensive study released on March 24, 2025, exploit parsing inconsistencies…
Hackers Leverage Zoom’s Remote Control Feature to Gain Users’ System Access
A sophisticated attack campaign by threat actor ELUSIVE COMET that exploits Zoom’s legitimate remote control feature to gain unauthorized access to victims’ computers. The attackers have successfully targeted cryptocurrency professionals using a combination of social engineering and interface manipulation techniques,…
Zero Trust Architecture – A Step-by-Step Guide for CISOs
Zero Trust Architecture (ZTA) has emerged as a critical security framework for organizations facing sophisticated threats from both external and internal vectors. In today’s rapidly evolving digital landscape, traditional security perimeters have dissolved as cloud adoption accelerates and remote work…
Linux 6.15-rc3 Released With Fix for Multiple Kernel Fixes
Linus Torvalds has announced the availability of the third release candidate for Linux kernel 6.15, continuing the development cycle with a collection of incremental improvements and bug fixes across numerous subsystems. This update brings stability enhancements while maintaining the regular…
Critical PyTorch Vulnerability Let Attackers Execute Remote Code
A critical vulnerability in PyTorch that allows attackers to execute malicious code remotely, even when using safeguards previously thought to mitigate such risks. The vulnerability, identified as CVE-2025-32434, affects all PyTorch versions up to and including 2.5.1 and was patched…
Beware! New Malware Mimics as Cisco Webex Attacks Users in-the-wild
Cybersecurity researchers have uncovered an active malware campaign dubbed “Voldemort” that masquerades as legitimate Cisco Webex components to deploy backdoors on targeted systems. The discovery comes just days after Cisco released a security advisory for a critical vulnerability in the…
Building a Cyber Risk Appetite Statement for Your Organization
In the digital era, organizations face a relentless barrage of cyber threats that can disrupt operations, compromise sensitive data, and erode stakeholder trust. As technology becomes the backbone of business processes, the stakes for managing cyber risk have never been…
Speedify VPN macOS Vulnerability Let Attackers Escalate Privilege
A significant security vulnerability, tracked as CVE-2025-25364, was discovered in Speedify VPN’s macOS application, exposing users to local privilege escalation and full system compromise. The flaw, uncovered by SecureLayer7, resides in the privileged helper tool me.connectify.SMJobBlessHelper, which is responsible for…
Hackers Leverage Zoom’s Remote Control Feature to Gain Access to the Victim’s Computer
A sophisticated attack campaign by threat actor ELUSIVE COMET that exploits Zoom’s legitimate remote control feature to gain unauthorized access to victims’ computers. The attackers have successfully targeted cryptocurrency professionals using a combination of social engineering and interface manipulation techniques,…
Hackers Bypassed Gmail’s Security Filters Bypassed for Sophisticated Phishing Attacks
A highly sophisticated phishing attack exploiting vulnerabilities in Google’s OAuth system has been identified. The attack, which successfully bypasses Gmail’s security filters, appears legitimate to users as it originates from authentic Google domains and passes all standard security checks, including…
Chinese Hackers Employ New Reverse SSH Tool to Attack Organizations
A sophisticated Chinese hacking group known as Billbug (also tracked as Lotus Blossom, Lotus Panda, and Bronze Elgin) has intensified its espionage campaign across Southeast Asia, employing a new custom Reverse SSH Tool to compromise high-value targets. This group, active…
Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks
A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office applications to compromise systems across multiple sectors and countries.…
Hackers Exploiting Google’s OAuth System Flaws to Bypass Gmail Security Filters
A highly sophisticated phishing attack exploiting vulnerabilities in Google’s OAuth system has been identified. The attack, which successfully bypasses Gmail’s security filters, appears legitimate to users as it originates from authentic Google domains and passes all standard security checks, including…
GitHub Enterprise Server Vulnerabilities Allows Arbitrary Code Execution
GitHub has issued urgent security updates for its Enterprise Server product after discovering multiple high-severity vulnerabilities, including a critical flaw (CVE-2025-3509) that allows attackers to execute arbitrary code and compromise systems. The vulnerabilities, which also expose sensitive repository data and…
Cyber Security News Letter: Key Updates on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, where we provide the latest updates and critical insights from the swiftly changing realm of cybersecurity.This edition focuses on new threats and the evolving landscape of digital defenses. Key topics include sophisticated ransomware attacks…