A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation. The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains…
Tag: Cyber Security News
MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges
MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE). The March 2025 Product Security Bulletin highlights three high severity vulnerabilities…
Apache Derby Vulnerability Let Attackers Bypass Authentication with LDAP Injection
A critical security vulnerability (CVE-2022-46337) in Apache Derby, an open-source relational database implemented entirely in Java, has exposed systems to authentication bypass attacks via LDAP injection. The flaw, rated with a CVSS score of 9.1, enables attackers to craft malicious…
Vidar & StealC 2.0 Released by Threat Actors With a Complete New Build
Threat actors have simultaneously released major updates for two prominent info-stealers, Vidar and StealC, marking their transition to version 2.0. These updates, announced in late February 2025, introduce redesigned builds, modernized features, and enhanced capabilities. However, cybersecurity experts have uncovered…
Why Off-the-Shelf Security Solutions Fail: The Need for Custom Cybersecurity Services
Have you ever wondered why businesses still face cyber threats, even with the latest security software? Cybercriminals are always finding new ways to attack. To stay safe, companies need strong and adaptable security measures. Many businesses rely on off-the-shelf security…
Trigon – A New Exploit Revealed for iOS 0-Day kernel Vulnerability
Security researchers have released a sophisticated new kernel exploit targeting Apple iOS devices, dubbed Trigon, which leverages a critical vulnerability in the XNU kernel’s virtual memory subsystem. The exploit, linked to the ith “Operation Triangulation” spyware campaign that first weaponized…
Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges – PoC Released
Threat actors have actively exploited CVE-2025-21333, a critical vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This heap-based buffer overflow vulnerability allows local attackers to escalate their privileges to the SYSTEM level, posing a significant security…
Critical Vulnerability in Wazuh Server Enables Remote Attackers to Execute Malicious Code
A critical remote code execution (RCE) vulnerability has been discovered in the Wazuh server, a popular open-source security platform used for threat detection and compliance monitoring. Identified as CVE-2025-24016, this flaw allows attackers with API access to execute arbitrary Python…
Android Phone’s Unlocked Using Cellebrite’s Linux USB Zero-day Exploit
Amnesty International’s Security Lab has uncovered a sophisticated cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain developed by Cellebrite to unlock the Android phone of a student activist. The attack, which occurred on December 25, 2024, leveraged…
Angel One Data Breach: 8 Million Users Personal Records at Risk
Angel One, a leading financial services platform, disclosed a breach involving unauthorized access to specific client data after some of its Amazon Web Services (AWS) resources were compromised. The incident was discovered on February 27, 2025, when the company received…
Microsoft Listed Hackers Abusing Azure OpenAI Service to Generate Malicious Content
Microsoft has initiated legal proceedings against a global cybercrime syndicate accused of developing sophisticated tools to bypass safety protocols in its Azure OpenAI Service. The complaint, filed in the U.S. District Court for the Eastern District of Virginia, alleges that…
Hackers Abused Google & PayPal’s Infrastructure to Steal Users Personal Data
Security researchers have uncovered a coordinated attack campaign exploiting vulnerabilities in Google’s advertising ecosystem and PayPal’s merchant tools to steal sensitive user data. The operation leverages Google Search ads impersonating PayPal’s official support channels and abuses PayPal’s no-code checkout system…
Microsoft to shut down Skype, Here is the Deadline
Microsoft has confirmed that Skype will be permanently retired on May 5, 2025. The move underscores the company’s strategic shift toward consolidating its consumer communication tools under Microsoft Teams, a unified platform designed to bridge personal, educational, and professional collaboration.…
Chinese Hackers Exploiting Check Point’s VPN Zero-Day Flaw to Attack Orgs Worldwide
A cyber attack leveraging Check Point’s patched CVE-2024-24919 vulnerability has targeted organizations across Europe, Africa, and the Americas. Security analysts have observed direct linkages to Chinese state-sponsored threat actors. The intrusion chain, which deploys the ShadowPad backdoor and NailaoLocker ransomware,…
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files – PoC Released
A critical vulnerability tracked as CVE-2024-48248, has been discovered in the Nakivo Backup & Replication tool, exposing systems to unauthenticated arbitrary file read attacks. Security researchers from watchTowr Labs disclosed the flaw, which affects version 10.11.3.86570 and potentially earlier versions…
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access
Ping Identity has issued an urgent security advisory for its PingAM Java Agent, revealing a critical severity vulnerability (CVE-2025-20059) that enables attackers to bypass policy enforcement mechanisms and gain unauthorized access to protected resources. The flaw, classified as a Relative…
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins
A surge in “Pass-the-Cookie” (PTC) attacks is undermining multi-factor authentication (MFA), enabling cybercriminals to hijack session cookies and bypass security measures to access sensitive accounts. Recent advisories from the FBI and cybersecurity firms highlight how attackers exploit stolen browser cookies…
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications
Security researchers have uncovered a new campaign leveraging the Njrat remote access trojan (RAT) to abuse Microsoft’s developer-oriented Dev Tunnels service for covert command-and-control (C2) communications. Historically associated with credential theft and USB-based propagation, the malware now utilizes Microsoft’s infrastructure…
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data
A new variant of the Poco RAT malware has emerged as a significant threat to Spanish-speaking organizations across Latin America, leveraging sophisticated PDF decoys and cloud-based delivery systems to infiltrate networks and exfiltrate sensitive data. Linked to the cyber-mercenary group…
Telegram as #1 Messenger Used by Cybercriminals for Communications
Telegram remains the undisputed leader in cybercriminal communications, with recent analysis revealing over 80 million unique identifiers and links to Telegram channels shared across underground forums, a figure exceeding competitors like Discord (2.8 million links) and Session (450,000 IDs). While…