Tag: Cyber Security News

BK Technologies Corporation, a provider of communications equipment for public safety and government agencies, has disclosed a cybersecurity incident in which an unauthorized third party breached its information technology systems and potentially exfiltrated sensitive data. In a recent Form 8-K…

Read more →

CISOs face a paradox in their SOCs every day: more data and detections than ever before, yet limited capacity to act on them effectively. Hundreds of alerts stream in daily, but without clear prioritization, the team’s focus is scattered. Critical…

Read more →

Microsoft has issued a warning that both cybercriminals and state-sponsored threat actors are increasingly abusing the features and capabilities of Microsoft Teams throughout their attack chains. The platform’s extensive adoption for collaboration makes it a high-value target, with its core…

Read more →

Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being used in highly targeted attacks by an unknown threat actor. According to…

Read more →

The WARMCOOKIE backdoor first surfaced in mid-2024, delivered primarily via recruiting-themed phishing campaigns that coaxed victims into executing malicious documents. Initially designed as a lightweight implant for remote command execution, its modular codebase enabled rapid adaptation to new objectives. Over…

Read more →

A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as CVE-2025-61882.  First observed on August 9, 2025, this unauthenticated remote code execution (RCE) flaw is being weaponized to bypass authentication, deploy web…

Read more →

In recent months, security researchers have turned their attention to Asgard Protector, a sophisticated crypter employed by cybercriminals to obfuscate and deploy malicious payloads. First advertised on underground forums in late 2023, Asgard Protector has gained traction among threat actors…

Read more →

A sophisticated cyberattack has compromised Red Hat Consulting’s infrastructure, potentially exposing sensitive data from over 5,000 enterprise customers worldwide. The breach, executed by the extortion group Crimson Collective, has raised serious concerns about the security of critical business documentation and…

Read more →

Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user…

Read more →

A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet…

Read more →

CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025.  The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant…

Read more →

Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems.  The vulnerability, carrying a maximum CVSS score of…

Read more →

A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine. The vulnerability is a bypass of a previous fix for a similar issue…

Read more →

A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, was discovered by Wiz Research and has been assigned the highest possible…

Read more →

A threat actor has claimed responsibility for a significant data breach at Huawei Technologies, a multinational technology corporation based in China. The actor is reportedly attempting to sell what they allege is the company’s internal source code and development tools…

Read more →

NCSC has issued an urgent warning regarding a critical zero-day flaw in Oracle E-Business Suite (EBS) that is currently being exploited in the wild.  Tracked as CVE-2025-61882, the vulnerability resides in the BI Publisher Integration component of Oracle Concurrent Processing…

Read more →

Forensic-Timeliner, a Windows forensic tool for DFIR investigators, has released version 2.2, which offers enhanced automation and improved artifact support for digital forensics and incident response operations. This high-speed processing engine consolidates CSV output from leading triage utilities into a…

Read more →

Doctors Imaging Group, a healthcare provider based in Florida, has reported a significant data breach that exposed the sensitive personal and medical information of over 171,800 individuals. The incident, classified as a “Hacking/IT Incident,” involved unauthorized access to the organization’s…

Read more →

A critical security vulnerability has been discovered in Zabbix Agent and Agent 2 for Windows that allows attackers with local system access to escalate their privileges through DLL injection attacks.  The flaw, tracked as CVE-2025-27237 with a CVSS score of…

Read more →

Microsoft is set to roll out a highly anticipated multitasking feature for its Teams platform, which will allow users to open channels in separate windows. This long-awaited update, scheduled for release in November, addresses one of the most common user…

Read more →