Tag: Cyber Security News

A critical security flaw in Veritas’ Arctera InfoScale product line has exposed enterprise systems to remote code execution (RCE) attacks, underscoring persistent risks in disaster recovery infrastructure.  Tracked as CVE-2025-27816, the vulnerability (CVSS v3.1 score: 9.8) resides in the Windows…

Read more →

A critical Android vulnerability identified as CVE-2024-31317 has been discovered that allows attackers to execute arbitrary code with system privileges. The “Zygote Injection” vulnerability affects devices running Android 11 or older and enables attackers to escalate privileges from a shell…

Read more →

A sophisticated malware toolkit known as Ragnar Loader has been identified as a critical component in targeted ransomware attacks. The loader, also known as Sardonic Backdoor, serves as the primary infiltration mechanism for the Monstrous Mantis ransomware group, formerly known…

Read more →

A sophisticated cybercriminal group known as EncryptHub has successfully compromised approximately 600 organizations through a multi-stage malware campaign. The threat actor exploited operational security mistakes, inadvertently exposing critical elements of their infrastructure, which allowed researchers to map their tactics with…

Read more →

Google has rolled out a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could enable arbitrary code execution and sandbox escapes.  The Stable Channel Update 134.0.6998.88/.89 for Windows and Mac, and 134.0.6998.88 for Linux, released on…

Read more →

Passwordless authentication tools are revolutionizing digital security by eliminating the reliance on traditional passwords. Instead, they use advanced technologies such as biometrics (fingerprints, facial recognition), hardware tokens, or one-time passcodes to verify user identities. This approach significantly enhances security by…

Read more →

CISA has likely added two VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by the XE Group. These vulnerabilities impact VeraCore, a warehouse management software by Advantive, critical for supply chains in…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) updated its KEV catalog on March 10, 2025, to include three newly identified vulnerabilities in Ivanti Endpoint Manager (EPM), a widely used enterprise software for managing endpoints. The KEV catalog tracks vulnerabilities actively…

Read more →

Security researchers have identified a sophisticated attack campaign attributed to APT37, a North Korean state-sponsored hacking group also known as ScarCruft, Reaper, and Red Eyes. The group, active since 2012, has expanded its targets from South Korea to include Japan,…

Read more →

A security researcher known as newp1ayer48 has successfully demonstrated a method to extract firmware from IoT and embedded devices using direct Flash Memory dumps, providing valuable insights for security professionals and bug bounty hunters. The technique, while potentially risky for…

Read more →

Apple has taken another step toward the official release of iOS 18.4 by seeding the third developer beta of the update to testers late on March 10, 2025. This latest beta, identified by build number 22E5222f, arrives just one week…

Read more →

IT systems management tools are essential for organizations to monitor, manage, and optimize their IT infrastructure effectively. These tools provide comprehensive solutions for handling networks, servers, applications, and devices, ensuring seamless operations and improved productivity. SolarWinds stands out with its…

Read more →

A two-year coordinated effort by cybersecurity firms and law enforcement agencies has significantly reduced the illicit use of Cobalt Strike, a legitimate penetration testing tool frequently weaponized by ransomware operators and nation-state actors.  According to Fortra, Microsoft’s Digital Crimes Unit…

Read more →

Multiple US organizations reported receiving suspicious physical letters claiming to be from the BianLian ransomware group. These letters have been delivered via regular mail to executive team members, falsely asserting that the recipient’s corporate IT network has been compromised and…

Read more →

X (formerly Twitter) experienced a global outage today, March 10, 2025, leaving many users unable to access the platform. The disruption, which affected both the app and website, sparked frustration and confusion among users worldwide. Reports of the outage began…

Read more →

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity.  Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects nine PT switch models and stems from weaknesses in the…

Read more →

A critical security vulnerability (CVE-2024-13918) in the Laravel framework allows attackers to execute arbitrary JavaScript code on websites running affected versions of the popular PHP framework.  The flaw, discovered in Laravel’s debug-mode error page rendering, exposes applications to reflected cross-site…

Read more →

Cybersecurity researchers at Trustwave have discovered a sophisticated malware campaign targeting Microsoft Outlook users to steal their login credentials. The Strela Stealer, named after the Russian word for “Arrow,” has been actively targeting systems since late 2022, with a precise…

Read more →

A federal jury convicted Davis Lu, a 55-year-old former software developer at Eaton Corp., on charges of intentionally crippling the company’s internal computer systems through malicious code designed to activate upon his termination.  The verdict, delivered Friday after a six-day…

Read more →

Medusa ransomware attacks have surged by 42% between 2023 and 2024, with activity continuing to escalate into 2025. Almost twice as many Medusa attacks were observed in January and February 2025 compared to the first two months of 2024, indicating…

Read more →