Tag: Cyber Security News

Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been extradited to the United States on charges related to his alleged role as a developer for the notorious LockBit ransomware group.  The extradition, which took place on March 13,…

Read more →

Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python’s official third-party software repository.  This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive…

Read more →

Two sophisticated phishing campaigns were observed targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities combined with brand impersonation techniques.  Threat researchers are warning organizations about these highly targeted attacks designed to bypass traditional security controls and achieve account takeover…

Read more →

A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand.  The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher,…

Read more →

Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of…

Read more →

Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. These tools range from breach and attack simulation (BAS) platforms to adversary emulation frameworks. Here are some of the top…

Read more →

QR code Phishing, or “Quishing,” is a cyber threat that exploits the widespread use of QR (Quick Response) codes in phishing attacks.  Quishing takes advantage of the recent high-use volume and increasing popularity of QR codes. These codes, which can…

Read more →

Siemens has disclosed a critical security vulnerability affecting specific SINAMICS S200 drive systems that could allow attackers to compromise devices by exploiting an unlocked bootloader.  The vulnerability, tracked as CVE-2024-56336 and has received the highest severity ratings with a CVSS…

Read more →

As organizations increasingly integrate Microsoft Copilot into their daily workflows, cybercriminals have developed sophisticated phishing campaigns specifically targeting users of this AI-powered assistant.  Microsoft Copilot, which launched in 2023, has rapidly become an essential productivity tool for many organizations, integrating…

Read more →

A significant data breach involving sensitive healthcare worker information has been discovered, exposing over 86,000 records belonging to ESHYFT, a New Jersey-based HealthTech company.  Cybersecurity researcher Jeremiah Fowler identified an unprotected AWS S3 storage bucket containing approximately 108.8 GB of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited zero-day vulnerability in Apple’s WebKit browser engine, tracked as CVE-2025-24201. This vulnerability, an out-of-bounds write issue, could allow attackers to execute unauthorized code on vulnerable devices. The…

Read more →

CISA has issued a warning regarding a newly discovered vulnerability affecting Juniper Networks’ Junos OS. The vulnerability, identified as CVE-2025-21590, involves an improper isolation or compartmentalization issue within the operating system’s kernel. This flaw could allow a local attacker with…

Read more →

Microsoft has patched a critical Windows Kernel vulnerability that has been actively exploited for nearly two years.  The vulnerability, tracked as CVE-2025-24983, was included in the company’s March 2025 Patch Tuesday release in March. According to cybersecurity firm ESET, which…

Read more →

A significant security vulnerability has been identified in Apache NiFi, allowing potential attackers with specific access privileges to expose MongoDB authentication credentials.  The vulnerability, tracked as CVE-2025-27017 (NIFI-14272), affects multiple versions of the Apache NiFi data processing system and could…

Read more →

Bitdefender has disclosed two critical vulnerabilities affecting its BOX v1 device that could allow network-adjacent attackers to execute Man-in-the-Middle (MITM) attacks, potentially leading to remote code execution.  The vulnerabilities, assigned CVE-2024-13872 and CVE-2024-13871, both received a CVSS score of 9.4,…

Read more →

Mozilla has issued an urgent warning to Firefox users worldwide, emphasizing the critical need to update their browsers before March 14, 2025, when a vital root certificate will expire.  This expiration threatens to disable extensions, break DRM-protected content playback, and…

Read more →

A sophisticated new Android malware campaign linked to North Korean hackers has been discovered, posing a significant security threat that managed to infiltrate Google’s official Play Store. The spyware, dubbed “KoSpy,” targets Korean and English-speaking users by disguising itself as…

Read more →

A severe vulnerability in Tenda AC7 Routers running firmware version V15.03.06.44 allows malicious actors to execute arbitrary code and gain root shell access.  The flaw originates from a stack overflow vulnerability in the router’s formSetFirewallCfg function. Attackers can use a…

Read more →

A critical vulnerability in the widely used FreeType font rendering library has been discovered and is reportedly being exploited in the wild, posing a serious security threat to millions of devices across multiple platforms. Security researchers have identified the flaw,…

Read more →

The cybersecurity landscape has witnessed a concerning development as the threat actor group known as Blind Eagle (also tracked as APT-C-36) has launched a sophisticated campaign targeting organizations primarily in South America with a novel attack vector. The group, known…

Read more →