Tag: Cyber Security News

IPFire has announced the release of version 2.29 (Core Update 193), introducing significant enhancements to the Linux-based firewall distribution.  This update brings forward-thinking security features, including post-quantum cryptography support for IPsec tunnels and major toolchain upgrades that strengthen the system’s…

Read more →

Law enforcement agencies across Europe and North America have arrested five individuals linked to the Smokeloader botnet service as part of Operation Endgame’s second phase.  This follow-up action, conducted in early April 2025, specifically targeted the “customers” of the notorious…

Read more →

A moderate-severity vulnerability has been identified in Microsoft Identity Web. Under specific conditions, it could potentially expose sensitive client secrets and certificate information in service logs.  The flaw, tracked as CVE-2025-32016, impacts versions 3.2.0 through 3.8.1 of the library and…

Read more →

Cybersecurity experts have identified a sophisticated campaign by North Korean state-sponsored hackers who are leveraging Python-based lures and social engineering tactics to breach highly secure networks. The attackers employ a dual approach: meticulously crafted social engineering schemes combined with elegantly…

Read more →

Scattered Spider, a notorious hacker collective active since at least 2022, continues to launch increasingly sophisticated social engineering attacks aimed at stealing usernames, login credentials, and multifactor authentication (MFA) tokens. The group, also known as UNC3944, Star Fraud, Octo Tempest,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added two significant Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog yesterday, confirming both flaws are being actively weaponized in targeted attacks. Federal agencies have been mandated to patch affected…

Read more →

A sophisticated cyber attack campaign has emerged, employing a dual-threat approach to simultaneously steal Microsoft Office365 credentials and deliver malware to unsuspecting victims. This hybrid attack begins with deceptive emails disguised as file deletion reminders from legitimate file-sharing services, creating…

Read more →

A hacker known by the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, one of the most widely used eCommerce platforms on the web. The breach, which reportedly occurred on April 6, 2025, involves the theft…

Read more →

A new wave of phishing emails is sweeping across Latin America, and once again, Grandoreiro is behind it. This banking trojan is no newcomer; it’s been active for years, evolving steadily into a more sophisticated and evasive threat.   With targeted…

Read more →

A significant denial-of-service vulnerability (CVE-2025-0128) is affecting multiple versions of their PAN-OS firewall software.  The flaw allows unauthenticated attackers to remotely trigger system reboots using specially crafted packets, potentially forcing devices into maintenance mode through persistent attacks. A significant vulnerability…

Read more →

In the first quarter of 2025, ransomware attacks have maintained an alarming trajectory, with threat actors adopting sophisticated strategies centered on data exfiltration and blackmail through leak site posts. These attacks continue to follow the pattern of “if it ain’t…

Read more →

OpenSSH 10.0, a significant update to the widely adopted secure remote login and file transfer toolset, was officially released on April 9, 2025.  This milestone version introduces substantial protocol changes, enhanced security features, and critical improvements to prepare for quantum…

Read more →

Google has unveiled Firebase Studio, a groundbreaking cloud-based platform designed to streamline the creation of full-stack AI applications. This innovative tool integrates the power of Gemini AI with existing Firebase services, offering developers an end-to-end solution to prototype, build, test,…

Read more →

Hackers intercepted and monitored the emails of over 103 bank regulators at the Office of the Comptroller of the Currency (OCC) for more than a year, gaining access to highly sensitive financial data. The breach was discovered on February 11,…

Read more →

A critical vulnerability in the USB-audio driver, which could lead to out-of-bounds memory reads, has been addressed by a recent patch to the Linux kernel, authored by Takashi Iwai of SUSE. The USB-audio driver in the Linux kernel has an…

Read more →

VMware has released critical security updates to address 47 vulnerabilities across multiple VMware Tanzu Greenplum products, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum.  The security advisories, published…

Read more →

Cybercriminals have devised sophisticated methods to exploit Near Field Communication (NFC) technology via popular mobile payment platforms. These attackers are now leveraging Apple Pay and Google Wallet to conduct unauthorized transactions after obtaining victims’ card credentials through phishing operations. The…

Read more →

Microsoft has confirmed a global outage affecting the Exchange Admin Center (EAC), leaving administrators unable to access critical management tools. The issue, which has been designated as a critical service incident under ID EX1051697, is causing widespread disruptions across organizations…

Read more →

Adobe has released a comprehensive set of security updates addressing multiple vulnerabilities across twelve of its products.  The patches, all released on April 8, 2025, aim to resolve critical, important, and moderate security flaws that could potentially expose users to…

Read more →

A sophisticated ransomware strain known as Hellcat has emerged as a formidable threat in the cybersecurity landscape since its first appearance in mid-2024. The malware has rapidly evolved its capabilities, specifically targeting critical sectors including government agencies, educational institutions, and…

Read more →