The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, to its Known Exploited Vulnerabilities (KEV) Catalog. This stack-based buffer overflow, actively exploited since mid-March 2025, allows…
Tag: Cyber Security News
Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild – Apply Patch Now!
Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. This stack-based buffer overflow flaw, with a CVSS score of 9.0, has…
Top 20 Best Endpoint Management Tools – 2025
Endpoint management tools are critical for organizations to efficiently manage and secure devices such as desktops, laptops, mobile devices, and IoT systems. These tools provide centralized control, allowing IT teams to enforce security policies, deploy software updates, and monitor device…
30 Best Cyber Security Search Engines In 2025
Cybersecurity search engines are specialized tools designed to empower professionals in identifying vulnerabilities, tracking threats, and analyzing data effectively. These platforms offer a wealth of information that generic search engines cannot provide, making them indispensable for cybersecurity researchers and professionals.…
EncryptHub Ransomware Unmasked Using ChatGPT & OPSEC Mistakes
A notorious threat actor operating under the alias “EncryptHub” has been exposed due to a series of operational security failures and unconventional use of AI tools. This Ukrainian cybercriminal, who fled his hometown approximately a decade ago, has been orchestrating…
10 Best IT Asset Management Tools In 2025
IT asset management (ITAM) software has become essential for businesses to efficiently track, manage, and optimize their hardware, software, and cloud resources. As we approach 2025, the landscape of ITAM tools continues to evolve, offering more advanced features and capabilities.…
Top 10 Best Password Managers in 2025
Password managers help to securely store and manage passwords, enhancing security and simplifying access across various platforms. Top password management solutions make password protection easy and effective for online security. These solutions securely store your passwords in a virtual safe…
Beware of Weaponized Recruitment Emails that Deliver BeaverTail and Tropidoor Malware
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors impersonate recruitment professionals to distribute dangerous malware payloads. On November 29, 2024, threat actors were found impersonating Dev.to, a popular developer community, to distribute malicious code hidden within project…
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials
A deceptive phishing campaign targeting mobile users with fake unpaid toll notifications has intensified significantly in recent months, evolving into one of the most sophisticated SMS-based credential theft operations currently active. This scheme represents a tactical shift in phishing methodology,…
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. The operation leverages compromised email infrastructure to distribute malicious content aimed at cryptocurrency wallet holders, particularly…
Hackers Leveraging URL Shorteners & QR Codes for Tax-Related Phishing Attacks
Cybercriminals are intensifying their efforts to exploit taxpayers through sophisticated phishing campaigns. These campaigns utilize tax-related themes as social engineering lures to steal credentials and deploy malware. What distinguishes this year’s attacks is the increased use of redirection methods such…
New Android Spyware That Asks Password From Users to Uninstall
A new type of Android spyware that requires a password for uninstallation has been identified, making it increasingly difficult for victims to remove the malicious software from their devices. A stealthy phone monitoring app that effectively blocks device owners from…
State Bar of Texas Confirms Data Breach Started Notifying Consumers
The State Bar of Texas has confirmed a significant data security incident that occurred in early 2025, compromising sensitive information of its members and clients. The breach, which was discovered on February 12, 2025, involved unauthorized access to the organization’s…
Top 10 Best XDR (Extended Detection & Response) Solutions – 2025
Extended Detection and Response (XDR) is a unified security incident platform that leverages AI and automation to protect organizations against advanced cyberattacks. XDR expands upon traditional endpoint detection and response (EDR) by integrating data from multiple sources, including endpoints, networks,…
Beware of Clickfix Lures ‘Fix Now’ & ‘Bot Verification’ That Downloads & Executes Malware
A sophisticated malware campaign dubbed “Clickfix” has emerged, targeting users through deceptive browser notifications and pop-ups that prompt immediate action through “Fix Now” and “Bot Verification” buttons. When triggered, these seemingly harmless prompts initiate a multi-stage infection chain that deploys…
Weaponized PDF-based Attacks Accounts 22% Out of 68% Malicious Attacks Via Email
A concerning trend in digital attacks: threat actors are weaponizing PDF files. According to CheckPoint Research, while 68% of all malicious attacks are delivered through email, PDF-based attacks now constitute 22% of all malicious email attachments, making them a significant security…
Critical Apache Parquet RCE Vulnerability Lets Attackers Run Malicious Code
A critical remote code execution (RCE) vulnerability has been discovered in Apache Parquet’s Java library, potentially affecting thousands of data analytics systems worldwide. The flaw, identified as CVE-2025-30065, carries the highest possible CVSS score of 10.0 and allows attackers to…
Malicious PyPI Package With Fully Automated Carding Script Attacking E-commerce Websites
A sophisticated malicious Python package named “disgrasya” has been discovered on the PyPI repository, containing a fully automated carding script specifically targeting WooCommerce stores. This package, whose name translates to “disaster” in Filipino slang, enables attackers to test stolen credit…
DeepSeek-R1 Prompts Exploited to Create Sophisticated Malware & Phishing Pages
A concerning security vulnerability has emerged in the AI landscape as researchers discover that DeepSeek-R1’s Chain of Thought (CoT) reasoning system can be exploited to create sophisticated malware and generate convincing phishing campaigns. The 671-billion-parameter model, designed to enhance reasoning…
New Credit Card Skimming Attack Leverages Chrome, Edge, & Firefox Extensions to Steal Financial Data
A sophisticated new credit card skimming operation dubbed “RolandSkimmer” has emerged, targeting users primarily in Bulgaria through malicious browser extensions. Named after the unique string “Rol@and4You” embedded in its payload, this attack represents a concerning evolution in web-based financial theft…