Palo Alto Networks has disclosed a critical security vulnerability in its GlobalProtect VPN application that enables locally authenticated users to escalate their privileges to root access on macOS and Linux systems, or NT AUTHORITY\SYSTEM on Windows machines. The vulnerability, classified…
Tag: Cyber Security News
Microsoft Exchange Online Service Down – Millions of Users Unable to Access Their Mailbox
Microsoft Exchange Online experienced a major global outage on July 10, 2025, preventing millions of users from accessing their mailboxes across multiple platforms. The incident, designated as EX1112414, began at 10:20 PM UTC on July 9 and continued affecting users…
SafePay Ransomware Leverages RDP and VPN for Intruding Into Organizations Network
A new ransomware threat has emerged as one of the most formidable adversaries in the cybersecurity landscape, demonstrating unprecedented growth and sophistication in its attack methodology. SafePay ransomware, which first appeared in 2024, has rapidly evolved from a relatively unknown…
US Sanction Key Threat Actors Linked With North Korea’s Remote IT Worker Scheme
The U.S. Treasury’s July 8 action against Song Kum Hyok and four Russia-based entities pulled back the curtain on a sophisticated malware-enabled revenue pipeline that has quietly bankrolled Pyongyang’s weapons programs for years. Investigators trace the campaign to Andariel, a…
Critical Linux Kernel’ Double Free Vulnerability Let Attackers Escalate Privileges
A severe double-free vulnerability has been discovered in the Linux kernel’s NFT (netfilter) subsystem, specifically within the pipapo set module. This critical security flaw allows unprivileged attackers to achieve local privilege escalation by exploiting kernel memory corruption through specially crafted…
INE Security Unveiled Enhanced eMAPT Certification
Cary, North Carolina, July 10th, 2025, CyberNewsWire Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing)…
Hackers Abused GitHub to Spread Malware Mimic as VPN
A sophisticated malware campaign has emerged exploiting the trusted GitHub platform to distribute malicious software disguised as legitimate tools. Threat actors have successfully weaponized the popular code repository to host and distribute the notorious Lumma Stealer malware, masquerading it as…
ServiceNow Platform Vulnerability Let Attackers Exfiltrate Sensitive Data
A significant vulnerability in ServiceNow’s platform, designated CVE-2025-3648 and dubbed “Count(er) Strike,” enables attackers to exfiltrate sensitive data, including PII, credentials, and financial information. This high-severity vulnerability exploits the record count UI element on list pages through enumeration techniques and…
Four Hackers Arrested by UK Police for Attacks on M&S, Co-op and Harrods Stores
The National Crime Agency (NCA) has made significant progress in combating retail cybercrime with the arrest of four individuals suspected of orchestrating sophisticated cyber attacks against major UK retailers. The coordinated operation, conducted on July 10, 2025, targeted a cybercriminal…
New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking
A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry. This sophisticated attack vector enables remote code execution (RCE) on millions of devices across automotive and other…
Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks
A critical vulnerability CVE-2025-6514 with a CVSS score of 9.6 affecting the mcp-remote project allows attackers to achieve arbitrary operating system command execution on machines running mcp-remote when connecting to untrusted Model Context Protocol (MCP) servers. The vulnerability affects versions…
Ransomware Operations Surge Following Qilin’s New Pattern of Attacks
The cybersecurity landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group emerged as the dominant threat actor, orchestrating an unprecedented surge in high-value targeted attacks across multiple sectors and geographical regions. This escalation represents a fundamental…
Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner
A critical remote code execution vulnerability in GeoServer has become a prime target for cybercriminals deploying cryptocurrency mining malware across global networks. The vulnerability, designated CVE-2024-36401, affects the popular open-source Geographic Information System server written in Java, which provides essential…
New Opossum Attack Allows Hackers to Compromise Secure TLS Channels with Malicious Messages
The new Opossum attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications. This attack exploits fundamental differences between implicit and opportunistic TLS implementations, affecting critical protocols including HTTP, FTP, POP3, SMTP, LMTP, and NNTP. By leveraging…
New Scraper Botnet with 3,600+ Unique Devices Attacking Targets in US and UK
Cybersecurity researchers have uncovered a sophisticated scraper botnet comprising more than 3,600 unique devices that has been systematically targeting systems across the United States and United Kingdom since April 2025. The malware campaign represents a significant escalation in automated web…
Critical Vulnerabilities in Bluetooth Protocol Stack Expose Millions of Devices to Remote Code Execution Attacks
A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry. This sophisticated attack vector enables remote code execution (RCE) on millions of devices across automotive and other…
GitPhish – A New Tool that Automates GitHub Device Code Phishing Attack
GitPhish represents a significant advancement in automated social engineering tools, specifically targeting GitHub’s OAuth 2.0 Device Authorization Grant implementation. This open-source tool streamlines the traditionally complex process of executing device code phishing attacks, addressing critical operational challenges faced by security…
10 Best Secure Network As A Service (NaaS) For MSSP Providers – 2025
The rise of Secure Network as a Service (NaaS) is transforming how Managed Security Service Providers (MSSPs) deliver secure, scalable, and flexible networking solutions to their clients. As organizations shift toward cloud-first strategies and remote work, the demand for robust,…
Best SOC 2 Type 2 Certified Complaint Solutions – 2025
In today’s digital-first business landscape, SOC 2 Type 2 compliance is no longer optional for organizations handling sensitive customer data. As cyber threats escalate and regulatory scrutiny intensifies, demonstrating robust security controls and continuous monitoring is essential for trust, growth,…
ChatGPT Tricked into Disclosing Windows Home, Pro, and Enterprise Editions Keys
A sophisticated jailbreak technique that bypasses ChatGPT’s protective guardrails, tricking the AI into revealing valid Windows product keys through a cleverly disguised guessing game. This breakthrough highlights critical vulnerabilities in current AI content moderation systems and raises concerns about the…