In a significant disruption for millions of users worldwide, Microsoft Outlook has been experiencing a major outage since Wednesday, July 9, 2025, starting at 10:20 PM UTC. The issue has left users unable to access their mailboxes through any connection…
Tag: Cyber Security News
Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials
Rhadamanthys first surfaced in 2022 as a modular stealer sold under the Malware-as-a-Service model, but its latest campaign shows how quickly it is innovating. At the centre of the new wave is a booby-trapped CAPTCHA page dubbed ClickFix, which instructs…
McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data
A severe security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of potentially 64 million job applicants to unauthorized access. Key Takeaways1. McDonald’s AI hiring bot exposed 64 million job applicants’ personal data through weak security using…
Microsoft Confirms Teams Outage for Users, Investigation Underway – Updated
Microsoft acknowledged a significant outage affecting its popular communication platform, Microsoft Teams, leaving numerous users unable to access critical services. The company has confirmed the issue and is actively investigating the root cause while working to ensure a swift resolution…
Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors
Remote monitoring and management (RMM) tools are a go-to for IT teams, but that same power makes them a favorite trick up attackers’ sleeves, too. In the first half of 2025, ANY.RUN analysts reviewed thousands of real-world malware detonations in…
Reflectiz Now Available on the Datadog Marketplace
Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with…
Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data
A sophisticated cyberattack orchestrated by Chinese state-sponsored hackers has exposed vulnerabilities in the global cybersecurity infrastructure, targeting critical COVID-19 research from American universities and exploiting Microsoft Exchange servers worldwide. The Justice Department announced the arrest of a key figure in…
Microsoft 365 PDF Export LFI Vulnerability Allows Access to Sensitive Server Data
A critical Local File Inclusion (LFI) vulnerability was recently discovered in Microsoft 365’s Export to PDF functionality, potentially allowing attackers to access sensitive server-side data, including configuration files, database credentials, and application source code. The vulnerability, reported by security researcher…
Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions – Update Now
Splunk has released critical security updates addressing multiple vulnerabilities in third-party packages in SOAR versions 6.4.0 and 6.4. Published on July 7, 2025, this comprehensive security update remediates various Common Vulnerabilities and Exposures (CVEs) ranging from medium to critical severity…
VS Code Extension Weaponized With Two Lines of Code Leads to Supply Chain Attack
A sophisticated supply chain attack has compromised ETHcode, a popular Visual Studio Code extension for Ethereum development, through a malicious GitHub pull request that required just two lines of code to weaponize the trusted software. The attack, discovered by ReversingLabs…
Microsoft Patches Wormable RCE Vulnerability in Windows and Windows Server
Microsoft has released critical security updates to address CVE-2025-47981, a severe heap-based buffer overflow vulnerability in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism that affects multiple Windows and Windows Server versions. This vulnerability carries a CVSS score of 9.8 out…
Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now
Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher. Published on July 7, 2025, these updates remediate high-severity vulnerabilities in essential components, including setuptools,…
FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code
A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests. This vulnerability, classified as CWE-89 (Improper Neutralization of Special Elements used in…
Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges
A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges and gain SYSTEM-level access to affected systems. The vulnerability, tracked as CVE-2025-6759, affects multiple versions of Citrix Virtual Apps and…
SparkKitty Malware Attacking iOS and Android Device Users to Steal Photos From Gallery
A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating both official app stores and untrusted websites to steal images from users’ device galleries. This malware campaign, which appears to be…
New Android TapTrap Attack Let Malicious Apps Bypass Permission and Carry out Destructive Actions
Security researchers discover novel animation-based vulnerability affecting 76% of Android apps. Security researchers at TU Wien have uncovered a sophisticated new attack vector dubbed “TapTrap” that enables malicious Android applications to bypass the operating system’s permission system and execute destructive…
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services. These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106. The vulnerabilities…
KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday
Microsoft rolled out its latest cumulative update for Windows 10, version 21H2 and 22H2, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. The update, identified as KB5062554 (OS Builds 19044.6093 and 19045.6093), includes…
Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems. The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote…
10 Best Secure Web Gateway Vendors In 2025
In 2025, the need for robust secure web gateways (SWGs) has never been greater. As organizations shift to hybrid work, cloud-first strategies, and digital transformation, threats targeting web traffic have grown in sophistication. Secure web gateways are now a foundational…