A sophisticated new credit card skimming operation dubbed “RolandSkimmer” has emerged, targeting users primarily in Bulgaria through malicious browser extensions. Named after the unique string “Rol@and4You” embedded in its payload, this attack represents a concerning evolution in web-based financial theft…
Tag: Cyber Security News
Australian Pension Funds Hacked – Members to LOSE Money from Their Accounts
Multiple major Australian superannuation funds have fallen victim to a sophisticated cyberattack that has compromised thousands of member accounts and resulted in confirmed financial losses. Cybersecurity experts have identified the attack as a coordinated OAuth token manipulation campaign coupled with…
React Router Flaw Exposes Web Apps to Cache Poisoning & WAF Bypass Attacks
A critical security vulnerability, CVE-2025-31137, has been identified in React Router, a popular library used by millions of developers for managing routing in React applications. Security researchers from zhero_web_security discovered this flaw, which affects both React Router 7 and Remix…
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has powerful new APIs specifically designed for advanced threat monitoring and security analysis. This major update, announced on March 13, 2025, introduces groundbreaking capabilities that significantly enhance the toolkit’s…
Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware
Security researchers have identified a critical vulnerability in Ivanti Connect Secure (ICS) VPN appliances that is being actively exploited by suspected Chinese threat actors. The vulnerability, tracked as CVE-2025-22457, is a buffer overflow flaw affecting ICS version 22.7R2.5 and earlier…
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide. The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the…
Apache Traffic Server Vulnerability Let Attackers Smuggle Requests
A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks. The vulnerability, tracked as CVE-2024-53868, affects multiple versions of this high-performance HTTP proxy server…
New Phishing Campaign Attacking Investors to Steal Login Credentials
A sophisticated phishing campaign has emerged targeting users of Monex Securities, one of Japan’s largest online brokerage platforms formed through the merger of Monex, Inc. and Nikko Beans, Inc. Since early April 2025, attackers have deployed a series of fraudulent…
Oracle Acknowledges Data Breach and Starts Informing Affected Clients
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking the second cybersecurity incident disclosed by the company in recent weeks. The breach, initially reported by a threat actor on Breachforums on March 20, 2025, has…
Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers
CISA warns of threat actors’ increasing adoption of the fast flux technique to evade detection and conceal malicious server infrastructures. As cybercriminal operations grow increasingly sophisticated, threat actors adopt advanced techniques like fast flux to mask malicious infrastructure, evade defensive measures, and…
Hunters International Overlaps Hive Ransomware Attacking Windows, Linux, and ESXi Systems
A sophisticated ransomware operation known as Hunters International emerged in October 2023, with strong evidence suggesting connections to the formerly dismantled Hive ransomware group. The initial attack was documented on October 13, 2023, when the group disclosed their first victim—an…
DarkCloud Stealer Attacking Organizations with Weaponized .TAR Archive to Steal Passwords
A sophisticated cyber campaign leveraging the DarkCloud information stealer has targeted Spanish organizations across multiple critical sectors since early April 2025. The malware, distributed via weaponized .TAR archives embedded in phishing emails, exploits billing-themed lures to compromise technology, legal, financial,…
New Web Skimming Attack Uses Legacy Stripe API to Validate Stolen Card Details
A sophisticated web skimming campaign that employs a novel technique leveraging Stripe’s legacy API to validate payment card details before exfiltration. This tactic ensures attackers collect only valid payment information, making their operation more efficient while reducing the chances of…
Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools
A highly sophisticated Russian threat actor known as Seashell Blizzard (also tracked as APT44, Sandworm, and Voodoo Bear) has been conducting extensive cyber operations against organizations worldwide. Linked to Russian Military Intelligence Unit 74455 (GRU), this adversary has targeted critical…
Qilin Operators Mimic ScreenConnect Login Page to Deliver Ransomware & Gain Admin Access
A sophisticated ransomware attack targeted Managed Service Providers (MSPs) through well-crafted phishing emails designed to appear as authentication alerts for their ScreenConnect Remote Monitoring and Management (RMM) tool. This attack resulted in the deployment of Qilin ransomware across multiple customer…
Operation HollowQuill Weaponizing PDF Documents to Infiltrate Academic & Government Networks
A sophisticated cyber espionage campaign dubbed “Operation HollowQuill” has been uncovered targeting academic institutions and government agencies worldwide through weaponized PDF documents. The operation employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, or government communiqués to…
AI-based Gray Bots Targeting Web Application, with Request of 17,000+ Per Hour
A new generation of sophisticated AI-powered Gray Bots has emerged, targeting web applications with unprecedented intensity. These bots utilize machine learning to mimic human behavior while generating over 17,000 requests per hour. Unlike traditional attacks, they adjust traffic patterns to…
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access
Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critical CVSS score of 9.8, allows remote attackers to hijack active SSL VPN sessions without requiring…
EvilCorp & RansomHub Working Together to Attack Organizations Worldwide
A dangerous partnership has emerged in the cybercriminal landscape, as EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has begun working with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This collaboration, identified through shared indicators of compromise (IOCs) and tactics,…
Cisco AnyConnect VPN Server Vulnerability Let Attacker Trigger DoS Condition
Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks. The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger denial of service (DoS) conditions…