A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025. This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view…
Tag: Cyber Security News
CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS
The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo. These vulnerabilities, with CVSS v4 scores ranging from 5.1…
Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code
Security researchers have uncovered multiple critical vulnerabilities in Appsmith, a popular open-source developer platform for building internal applications. Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20…
Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild
Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors. The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through…
Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code
A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC). The vulnerability, CVE-2025-26633, allows attackers to bypass security features and execute malicious code on targeted systems. Trend Research identified the Russian hacking…
VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication
VMware addressed a significant authentication bypass vulnerability in its VMware Tools for Windows suite. The vulnerability, CVE-2025-22230, could allow malicious actors with non-administrative privileges on a Windows guest virtual machine to perform high-privilege operations within that VM. VMware has classified…
248,000 Mobile Users Infected by Banking Malware With Social Engineering Techniques
Mobile banking malware has seen an alarming surge in 2024, with nearly 248,000 users encountering these dangerous threats—a staggering 3.6 times increase compared to the 69,000 users affected in 2023. This dramatic uptick, particularly pronounced in the second half of…
Microsoft Unveils New Security Copilot Agents & Protections for AI
Microsoft has announced a significant expansion of its AI-powered security capabilities, introducing autonomous security agents and enhanced protections for artificial intelligence systems. The new offerings aim to address the exponential growth in cyberattacks, which now include more than 30 billion…
ARACNE – LLM-based Pentesting Agent To Execute Commands on Real Linux Shell Systems
Cybersecurity researchers have unveiled a new autonomous penetration testing agent that leverages large language models (LLMs) to execute commands on real Linux shell systems. ARACNE, as the agent is called, represents a significant advancement in automated security testing, demonstrating the…
Security Onion 24.10 Released – What’s New
Security Onion 2.4.140 has been officially released, featuring significant upgrades to core components including Suricata 7.0.9, Zeek 7.0.6, and a host of improvements to the Security Operations Center (SOC) configuration interface. This release focuses on enhancing security, fixing bugs, and…
Researchers Compared Malware Development in Rust vs C & C++ Languages
In recent years, malware authors have increasingly turned to emerging programming languages like Rust, Nim, and Go for their nefarious creations. This shift represents a tactical evolution as threat actors seek to bypass modern security solutions and complicate reverse engineering…
Microsoft Announces New Enhanced Protection Against AI & BYOD for Edge Business Users
Microsoft has unveiled significant new data protection capabilities for its Edge for Business browser, specifically targeting the challenges posed by Bring Your Own Device (BYOD) environments and the growing integration of AI in daily workflows. Announced on March 24, 2025,…
Multistage Info Stealer SnakeKeylogger Attacking Individuals and Businesses to Steal Logins
SnakeKeylogger has emerged as a sophisticated credential-stealing malware, targeting both individuals and organizations with its multi-stage infection chain and stealthy in-memory execution techniques. This malware is specifically designed to harvest sensitive login credentials while remaining undetected by traditional security measures,…
CAPE from Cuckoo v1 – Malware Sandbox to Execute Malicious Files in An Isolated Environment
In the ever-evolving landscape of cyber threats, security professionals need robust tools to analyze malicious software safely. CAPE (Config And Payload Extraction) has emerged as a powerful malware sandbox derived from Cuckoo v1, offering advanced capabilities for executing and analyzing…
NIST Struggling To Clear the Growing Backlog of CVEs in the Official National Vulnerability Database
As of March 2025, the National Institute of Standards and Technology (NIST) continues to face mounting challenges in processing the ever-growing backlog of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD). Despite previous efforts to clear the…
New Malware Attacking Android Users Abusing Cross-Platform Framework For Evasion
Cybercriminals have developed sophisticated malware campaigns targeting Android users by exploiting .NET MAUI, a cross-platform development framework, to evade traditional security measures. These threats disguise themselves as legitimate banking and social networking applications to harvest sensitive information from unsuspecting users.…
FBI Warns of File Convertor Tools Used to Deploy Ransomware
The Federal Bureau of Investigation’s Denver Field Office has issued an urgent alert regarding a sophisticated cybersecurity threat that has been increasingly targeting individuals and organizations across the United States. Threat actors are now deploying malicious software disguised as free…
Best MDR (Managed Detection & Response) Solutions in 2025
The best Managed Detection and Response (MDR) solutions are designed to enhance an organization’s cybersecurity posture by providing comprehensive threat detection and response capabilities. These solutions typically combine advanced technologies with expert security teams to monitor and respond to threats…
Linux Kernel 6.14 Officially Released, What’s New
Linus Torvalds has officially announced the release of Linux kernel 6.14, the latest stable version of the open-source operating system kernel. Originally expected on Sunday, the release was pushed to Monday due to what Torvalds humorously described as “pure incompetence.” …
New Phishing Attack Using Browser-In-The-Browser Technique To Attack Gamers
A sophisticated new phishing campaign has emerged targeting the gaming community, specifically Counter-Strike 2 players, using an advanced technique known as Browser-in-the-Browser (BitB). This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam…