On April 16, 2025, millions of users worldwide found themselves unable to access Zoom, the widely used video conferencing platform, due to a critical outage that lasted nearly two hours. The disruption, which began at 11:25 AM PDT and was…
Tag: Cyber Security News
Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released
A newly discovered vulnerability, CVE-2024-53141, in the Linux kernel’s IP sets framework has exposed a critical security flaw that allows local attackers to escalate privileges and potentially gain root access. The vulnerability, assigned a CVSS score of 7.8, uncovered by…
How Security Analyst Using Memory Forensics Tools To Enhance Advanced Incident Response
Memory forensics has become an indispensable component of modern incident response strategies, enabling security teams to detect and analyze sophisticated threats that would otherwise remain hidden. Unlike traditional disk forensics, memory analysis provides insights into running processes, network connections, and…
How To Use YARA Rules To Identify Financial Sector Targeted Attacks
The financial sector faces increasingly sophisticated cyber threats, with system intrusion remaining the leading attack pattern for the third consecutive year. Advanced Persistent Threat (APT) groups specifically target financial institutions using various tools, techniques, and procedures. YARA rules provide a…
Web Server Hardening Best Practices For Organizations Across Industries
Web server hardening is a critical security process that reduces an organization’s attack surface and helps defend against ransomware, malware, and other cyberthreats. In today’s threat landscape, web servers are prime targets for attackers as they often serve as the…
U.S DOGE Allegedly Hacked – Fed Whistleblower Leaked Most Disturbing Documents
A federal whistleblower “Daniel Berulis”, A senior DevSecOps architect has allegedly sent a affidavit document of a U.S DOGE significant data breach at the National Labor Relations Board (NLRB), claiming that personnel from the Department of Government Efficiency (DOGE) accessed…
New XorDDoS Malware Allows Attackers to Create Sophisticated DDoS Bot Network
A significant evolution in distributed denial-of-service (DDoS) malware has been detected, with the latest version of XorDDoS continuing to spread globally between November 2023 and February 2025. This Linux-targeting trojan transforms compromised machines into “zombie bots” that can be coordinated…
CISA Warns of Multiple Apple 0-day Vulnerabilities Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding multiple Apple 0-day vulnerabilities currently being actively exploited in targeted attacks. These critical security flaws affect a wide range of Apple products, including iOS, iPadOS, macOS, and…
PoC Exploit Released for Erlang/OTP SSH Remote Code Execution Vulnerability
A critical remote code execution vulnerability in Erlang/OTP’s SSH implementation has security teams scrambling to patch affected systems after researchers confirmed the development of a proof-of-concept exploit. The vulnerability, tracked as CVE-2025-32433 and assigned the maximum possible CVSS score of…
17,000+ Fortinet Devices Compromised in Massive Hack via Symbolic Link Exploit
17,000+ Fortinet devices worldwide have been compromised in a sophisticated cyberattack that leverages a symbolic link persistence technique, according to new findings from Shadowserver. The number of affected devices has climbed from an initial report of 14,000 to 17,000, with…
CrazyHunter Hacker Group Using Open-Source Tools from GitHub to Attack Organizations
A sophisticated ransomware group known as CrazyHunter has emerged as a significant threat to organizations, particularly those in Taiwan’s critical infrastructure sectors. This newly identified threat actor has been conducting targeted attacks against healthcare facilities, educational institutions, and industrial organizations…
Microsoft Vulnerabilities Hit Record High With 1,300+ Reported in 2024
Microsoft’s security landscape faced unprecedented challenges in 2024, with vulnerability reports soaring to an all-time high of 1,360 identified security flaws across the company’s product ecosystem. This alarming figure represents the highest number recorded since systematic tracking began, highlighting the…
Threat Actors Using Cascading Shadows Attack Chain to Avoid Detection & Complicate Analysis
A sophisticated phishing campaign leveraging a multi-layered attack chain dubbed “Cascading Shadows” has been uncovered by the Palo Alto Networks’ Unit 42 researchers in December 2024. This campaign delivers malware families like Agent Tesla, RemcosRAT, and XLoader through a sequence…
Ransomware Attacks Rose by 126% Attacking Consumer Goods & Services Companies
Ransomware attacks surged dramatically in the first quarter of 2025, with a 126% increase compared to the same period in 2024, according to a newly released global cyber attack report. The consumer goods and services sector emerged as the primary…
Hackers Weaponize MMC Script to Deploy MysterySnail RAT Malware
A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT). First identified in 2021 during an investigation into the CVE-2021-40449 zero-day vulnerability, MysterySnail RAT had seemingly disappeared from the cyber…
Top Security Frameworks Used by CISOs in 2025
In today’s rapidly evolving digital landscape, Chief Information Security Officers (CISOs) face unprecedented challenges as cyber threats grow in sophistication and frequency. The year 2025 has witnessed a significant shift in how organizations approach cybersecurity, with CISOs stepping out of…
The Future of GRC – Integrating ESG, Cyber, and Regulatory Risk
The future of GRC (Governance, Risk, and Compliance) is being reshaped as organizations navigate complex challenges at the crossroads of sustainability, digital security, and regulatory oversight. Traditional GRC frameworks that treated these domains as separate functions are rapidly becoming obsolete.…
Why Threat Modeling Should Be Part of Every Security Program
In today’s hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology that helps organizations systematically identify, evaluate, and prioritize potential security threats before they manifest. This…
43% Top 100 Enterprise-Used Mobile Apps Opens Door for Hackers to Access Sensitive Data
A recent comprehensive security audit has revealed that 43% of the top 100 mobile applications used in enterprise environments contain critical vulnerabilities that could allow malicious actors to access sensitive corporate data. These vulnerabilities primarily exist in apps’ data storage…
LummaStealer Abuses Windows Utility to Execute Remote Code Mimic as .mp4 File
LummaStealer, a sophisticated information-stealing malware distributed as Malware-as-a-Service (MaaS), has evolved with new evasion techniques that abuse legitimate Windows utilities. Originally observed in 2022 and developed by Russian-speaking adversaries, this malware has demonstrated remarkable agility in evading detection while targeting…