A critical remote code execution (RCE) vulnerability in the popular “Alone” WordPress theme is being actively exploited by attackers to gain complete control of vulnerable websites. The vulnerability, assigned CVE-2025-5394 with a maximum CVSS score of 9.8, affects over 9,000…
Tag: Cyber Security News
Critical SonicWall SSL VPN Vulnerability Let Attackers Trigger DoS Attack on Firewalls
A critical vulnerability in SonicWall Gen7 firewall products could allow remote unauthenticated attackers to cause service disruptions through denial-of-service (DoS) attacks. The format string vulnerability tracked as CVE-2025-40600 affects the SSL VPN interface of multiple SonicWall firewall models and has…
15 Best Website Monitoring Tools in 2025
Website monitoring tools are essential for real-time tracking of websites’ performance, availability, and functionality. They help identify and resolve downtime, slow page load times, and broken links, ensuring an optimal user experience. These tools provide detailed analytics and reports, offering…
Global Authorities Shared IoCs and TTPs of Scattered Spider Behind Major VMware ESXi Ransomware Attacks
Joint international advisory warns of evolving social engineering tactics and new DragonForce ransomware deployment targeting commercial facilities A collaboration of international cybersecurity agencies issued an urgent updated advisory on July 29, 2025, highlighting the escalating threat posed by the Scattered…
BeyondTrust Privilege Management for Windows Vulnerability Let Attackers Escalate Privileges
A significant security vulnerability has been discovered in BeyondTrust’s Privilege Management for Windows solution, allowing local authenticated attackers to escalate their privileges to the administrator level. The flaw, designated as CVE-2025-2297 with a CVSSv4 score of 7.2, affects all versions…
Lumma Password Stealer Attack Infection Chain and Its Escalation Tactics Uncovered
The cybersecurity landscape has witnessed a significant surge in information-stealing malware, with Lumma emerging as one of the most prevalent and sophisticated threats targeting Windows systems globally. This C++-based information stealer has rapidly gained traction in underground markets, establishing itself…
10 Best Dark Web Monitoring Tools in 2025
Monitoring and tracking actions on the dark web, a section of the internet that is hidden and requires particular software and configurations to access, is called monitoring. The selling of stolen data, illegal drugs, illegal weapons, hacking services, and other…
Global Authorities Shared IoCs and TTPs of Scattered Spider Behind Major ESXi Ransomware Attacks
Joint international advisory warns of evolving social engineering tactics and new DragonForce ransomware deployment targeting commercial facilities A collaboration of international cybersecurity agencies issued an urgent updated advisory on July 29, 2025, highlighting the escalating threat posed by the Scattered…
ChatGPT Agent Bypasses Cloudflare “I am not a robot” Verification Checks
ChatGPT agents demonstrate the ability to autonomously bypass Cloudflare’s CAPTCHA verification systems, specifically the ubiquitous “I am not a robot” checkbox. This development, first documented in a viral Reddit post on the r/OpenAI community, showcases the evolving sophistication of AI…
Microsoft Details Defence Techniques Against Indirect Prompt Injection Attacks
Microsoft has unveiled a comprehensive defense-in-depth strategy to combat indirect prompt injection attacks, one of the most significant security threats facing large language model (LLM) implementations in enterprise environments. The company’s multi-layered approach combines preventative techniques, detection tools, and impact…
Enterprise LLMs Under Risk: How Simple Prompts Can Lead to Major Breaches
Enterprise applications integrating Large Language Models (LLMs) face unprecedented security vulnerabilities that can be exploited through deceptively simple prompt injection attacks. Recent security assessments reveal that attackers can bypass authentication systems, extract sensitive data, and execute unauthorized commands using nothing…
Hackers Exploiting SAP NetWeaver Vulnerability to Deploy Auto-Color Linux Malware
A sophisticated cyberattack targeting a US-based chemicals company has revealed the first observed pairing of SAP NetWeaver exploitation with Auto-Color malware, demonstrating how threat actors are leveraging critical vulnerabilities to deploy advanced persistent threats on Linux systems. In April 2025,…
Chrome High-Severity Vulnerabilities Allow Memory Manipulation and Arbitrary Code Execution
Google has issued an urgent security update for its Chrome browser, patching several vulnerabilities, including a high-severity vulnerability that could allow attackers to manipulate memory and execute arbitrary code on a user’s system. The latest version, Chrome 138.0.7204.183 for Linux…
Lionishackers Threat Actors Exfiltrating and Selling Corporate Databases on Dark Web
A financially motivated threat actor known as Lionishackers has emerged as a significant player in the illicit marketplace for corporate data in recent months. Leveraging opportunistic targeting and a preference for Asian-based victims, the group employs automated SQL injection tools…
Threat Actors Attacking Fans and Teams of Belgian Grand Prix With Phishing Campaigns
Cybercriminals have launched a sophisticated multi-vector attack campaign targeting fans and teams ahead of the 2025 Belgian Grand Prix, scheduled for July 27 at the iconic Spa-Francorchamps circuit. The threat actors have deployed an arsenal of tactics including phishing emails,…
Chrome High-Severity Vulnerabilities Allows Memory Manipulation and Arbitrary Code Execution
Google has issued an urgent security update for its Chrome browser, patching several vulnerabilities, including a high-severity vulnerability that could allow attackers to manipulate memory and execute arbitrary code on a user’s system. The latest version, Chrome 138.0.7204.183 for Linux…
ArmouryLoader Bypassing System Security Protections and Inject Malicious Codes
ArmouryLoader burst onto the threat landscape in late 2024 after hijacking the export table of ASUS’s Armoury Crate utility, turning a trusted gaming companion into an initial entry point for sophisticated malware campaigns. Since then, security teams have watched a…
Want To Detect Incidents Before It’s Too Late? You Need Threat Intelligence
The difference between a minor security incident and a devastating breach often comes down to one critical factor: how quickly you can detect and respond to a threat. Hackers rarely target an isolated business: they typically launch campaigns that hit…
Chinese Hackers Weaponizes Software Vulnerabilities to Compromise Their Targets
Over the past year, a previously quiet Chinese threat cluster has surged onto incident-response dashboards worldwide, pivoting from single zero-day hits to an industrialized pipeline of weaponized vulnerabilities. First detected targeting unpatched Fortinet SSL-VPN appliances in late-2024, the group—dubbed “Goujian…
Orange Hit by Cyberattack – A French Telecom Giant’s Internal Systems Hacked
France’s leading telecommunications giant Orange confirmed on Monday that it detected a significant cyberattack targeting one of its information systems on Friday, July 25, 2025. The incident has resulted in widespread service disruptions affecting both corporate customers and consumer services,…