Physical penetration testing provides crucial insights into real-world security vulnerabilities that might be overlooked in purely digital assessments. A recent case study conducted by Hackmosphere for a furniture retailer, referred to as ExCorp, revealed how physical access to facilities could…
Tag: Cyber Security News
Threat Actors Leverage YouTubers to Attack Windows Systems Via SilentCryptoMiner
Security researchers have uncovered a sophisticated malware campaign where threat actors are coercing popular YouTubers to distribute SilentCryptoMiner malware disguised as restriction bypass tools. This campaign has already affected more than 2,000 victims in Russia, with the actual number potentially…
New Malware Attacked ‘Desert Dexter’ Compromised 900+ Victims Worldwide
Security researchers at Positive Technologies have uncovered a sophisticated malware campaign dubbed “Desert Dexter” that has compromised more than 900 victims worldwide since September 2024. The attack, discovered in February 2025, primarily targets countries in the Middle East and North…
Beware of Fake Tax Claims that Tricks Users to Steal Over $10,000 From Victims
Tax season has become a high-stakes battleground for cybercriminals, who leverage advanced technologies like deepfake audio and AI-generated phishing campaigns to steal over $10,000 from unsuspecting victims. According to a 2025 McAfee survey, 10% of tax scam losses exceeded $10,000,…
Linux Distro Tails 6.13 Released with Improved Wi-Fi Hardware Detection
The Tails Project announced the release of Tails 6.13 on March 6, 2025, marking a significant update to its privacy-centric Linux distribution. This iteration introduces improved diagnostics for Wi-Fi hardware compatibility, updates to the Tor Browser and client, and critical…
Hackers Leveraging x86-64 Binaries on Apple Silicon to Deploy macOS Malware
Advanced threat actors increasingly leverage x86-64 binaries and Apple’s Rosetta 2 translation technology to bypass execution policies and deploy malware on Apple Silicon devices. The technique exploits architectural differences between Intel and ARM64 processors while leaving behind forensic artifacts that…
Beware of Fake CAPTCHA Prompts That May Silently Install LummaStealer on Your Device
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign using fake CAPTCHA prompts to deliver LummaStealer, a dangerous information-stealing malware. This emerging threat, first discovered in January 2025, represents a new approach for LummaStealer distribution which previously spread…
YouTube Warns of Phishing Emails Attacking Creators to Steal Login Credentials
YouTube has issued an urgent alert to content creators regarding a highly sophisticated phishing campaign exploiting AI-generated deepfake technology to hijack accounts. The attack, first detected in late February 2025, uses fabricated videos of YouTube CEO Neal Mohan to deceive…
Multiple Jenkins Vulnerability Let Attackers Expose Secrets
Jenkins, the widely adopted open-source automation server central to CI/CD pipelines, has disclosed four critical security vulnerabilities enabling unauthorized secret disclosure, cross-site request forgery (CSRF), and open redirect attacks. These flaws, patched in versions 2.500 (weekly) and 2.492.2 (LTS), affect…
Critical Vulnerabilities in DrayTek Routers Exposes Devices to RCE Attack
A series of critical vulnerabilities in DrayTek Vigor routers widely deployed in small office/home office (SOHO) environments have been uncovered, exposing devices to remote code execution (RCE), denial-of-service (DoS) attacks, and credential theft. The flaws discovered during firmware reverse-engineering efforts…
Operation Sea Elephant Attacking Organizations to Steal Research Details
A sophisticated cyber espionage campaign dubbed “Operation Sea Elephant” has been discovered targeting scientific research organizations, with a particular focus on ocean-related studies. The operation, attributed to a threat actor group known as CNC with South Asian origins, aims to…
AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches
Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a…
CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a severe vulnerability in the Edimax IC-7100 IP Camera. This vulnerability, CVE-2025-1316, allows attackers to execute remote code on the device by sending specially crafted requests, exploiting…
North Korean IT Workers Using GitHub To Attack Organization Globally
Cybersecurity research firm NISOS has uncovered a network of suspected North Korean IT workers who are leveraging GitHub to create elaborate fake personas aimed at securing employment with companies in Japan and the United States. These individuals pose as Vietnamese,…
GitHub Details How Security Professionals Can Use Copilot to Analyze Logs
GitHub has unveiled groundbreaking applications of its AI-powered coding assistant, Copilot, specifically tailored for security professionals analyzing system logs and operational data. The tool now demonstrates unprecedented capabilities in parsing security event information, identifying anomalies, and accelerating incident response workflows…
Enabling Incognito Mode in RDP to Hide All the Traces
Microsoft’s Remote Desktop Protocol (RDP) has introduced a lesser-known but critical security feature colloquially referred to as “incognito mode” through its /public command-line parameter. This functionality, formally called public mode, prevents the client from storing sensitive session artifacts—a development with…
FBI Warns of Threats Actors Mimic as BianLian Group to Attack Corporate Executives
The Federal Bureau of Investigation (FBI) has issued an urgent alert regarding a sophisticated email-based extortion campaign targeting corporate executives, wherein threat actors impersonate the notorious BianLian ransomware group. The scam, first identified in early March 2025, involves physical letters…
Apache Pinot Vulnerability Let Remote Attackers Bypass Authentication
A critical security vulnerability in Apache Pinot designated CVE-2024-56325, has been disclosed. It allows unauthenticated, remote attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems. Researchers from the Knownsec 404 Team discovered the flaw and disclosed it…
Microsoft 365 Announces E5 Security for Business Premium Customers as Add-on
Microsoft has announced the immediate availability of Microsoft 365 E5 Security as a cost-effective add-on for Business Premium subscribers, marking a strategic expansion of enterprise-grade cybersecurity tools for small and medium businesses (SMBs). The release introduces enhanced threat detection, identity…
Cisco Secure Client for Windows Let Attackers Execute Arbitrary Code With SYSTEM Privileges
A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. The vulnerability lies within the interprocess communication (IPC) channel and can be exploited by an authenticated, local attacker to…