Tag: Cyber Security News

Microsoft is set to roll out a highly anticipated multitasking feature for its Teams platform, which will allow users to open channels in separate windows. This long-awaited update, scheduled for release in November, addresses one of the most common user…

Read more →

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine.  Tracked internally as a WebAssembly type canonicalization bug, the flaw stems from an improper nullability check…

Read more →

A critical use-after-free vulnerability, identified as CVE-2025-49844, has been discovered in Redis servers, enabling authenticated attackers to achieve remote code execution. This high-severity flaw affects all versions of Redis that utilize the Lua scripting engine, presenting a significant threat to…

Read more →

A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations.  Security researcher Rich Mirch is credited with identifying the weakness, while…

Read more →

With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI). This new open-source package integrates Google’s powerful Gemini AI directly into the terminal, offering penetration…

Read more →

PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools…

Read more →

QNAP has released a security advisory detailing a vulnerability in its NetBak Replicator utility that could allow local attackers to execute unauthorized code. The flaw, identified as CVE-2025-57714, has been rated as “Important” and affects specific versions of the backup…

Read more →

A sophisticated technique uncovered where threat actors abuse Amazon Web Services‘ X-Ray distributed tracing service to establish covert command and control (C2) communications, demonstrating how legitimate cloud infrastructure can be weaponized for malicious purposes. AWS X-Ray, designed to help developers…

Read more →

A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available.  CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and…

Read more →

A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to…

Read more →

Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms.  This change represents a proactive measure to strengthen email security infrastructure…

Read more →

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform.  The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could…

Read more →

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how…

Read more →

A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft.  Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL…

Read more →

A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs. The incident did not compromise Discord’s main systems, and…

Read more →

Renault UK has notified customers of a data breach after a cyberattack on one of its third-party service providers resulted in the theft of personal information. The company has assured its clients that its own internal systems were not compromised…

Read more →

A cybercrime collective known as Scattered LAPSUS$ Hunters has launched a new data leak site on the dark web, claiming it holds nearly one billion records from Salesforce customers. The group is orchestrating a widespread blackmail campaign, setting a ransom…

Read more →

The digital world continues to face growing threats around software vulnerabilities, data breaches, and cyber supply chain attacks. As companies rely more heavily on open-source software, third-party code, and cloud-native applications, the need for supply chain intelligence security solutions has…

Read more →

In 2025, digital transactions are at an all-time high, but so are the risks of fraud. Businesses in banking, e-commerce, fintech, and even social networks are facing increasing pressure to secure their platforms against identity theft, payment fraud, and cybersecurity…

Read more →

In recent months, security teams have observed a surge in Android spyware campaigns that prey on privacy-conscious users by masquerading as trusted messaging apps. These malicious payloads exploit users’ trust in Signal and ToTok, delivering trojanized applications that request extensive…

Read more →