Tag: Cyber Security News

A sophisticated malware operation exploiting GitHub’s repository system has been uncovered, leveraging fake software cracks and gaming mods to deploy the Redox information stealer across 1,100+ repositories.  The campaign utilizes social engineering tactics and code obfuscation to harvest sensitive credentials,…

Read more →

A sophisticated botnet operation has compromised 1.6 million Android TV devices across 226 nations, leveraging advanced domain generation algorithms and cryptographic evasion techniques to create the largest known IoT threat since the 2016 Mirai attacks.  Dubbed Vo1d, this operation represents…

Read more →

Web filtering solutions involve monitoring and filtering internet traffic to prevent users from accessing specific websites, applications, or types of content that may be deemed inappropriate, unsafe, or non-compliant with organizational guidelines. Web filtering solutions are crucial in managing and…

Read more →

A study published ahead of NDSS 2025 revealed a critical vulnerability in China’s Great Firewall (GFW) DNS injection subsystem, called Wallbleed, which allowed sensitive memory data leaks for over two years before being patched in March 2024. The flaw exposed…

Read more →

Since late 2024, a sophisticated phishing operation leveraging 260 domains to host over 5,000 weaponized PDF files has targeted users across North America, Asia, and Southern Europe.  The campaign employs fake CAPTCHA screens, search engine optimization (SEO) poisoning, and PowerShell-based…

Read more →

A recent analysis uncovered 11,908 live DeepSeek API keys, passwords, and authentication tokens embedded in publicly scraped web data. According to cybersecurity firm Truffle Security, the study highlights how AI models trained on unfiltered internet snapshots risk internalizing and potentially…

Read more →

Dynamic malware analysis tools are critical for detecting and understanding modern cyber threats. These tools execute suspicious software in isolated environments to monitor its behavior, such as file modifications, network activity, or registry changes. Below is a list of the…

Read more →

Microsoft has addressed a significant issue affecting users of classic Outlook on devices running Windows 11, version 24H2. After installing recent Windows updates, including the January 2025 non-security preview update (KB5050094) and the February 11, 2025 update (KB5051987), many users…

Read more →

A cross-site scripting (XSS) vulnerability within the Krpano framework, a popular tool for embedding 360° images and creating virtual tours, has been exploited to inject malicious scripts into over 350 websites. This widespread campaign manipulates search engine results and spreads…

Read more →

A recent surge in user reports has revealed that Google’s Android System SafetyCore—a system service designed to enable on-device content scanning—has been silently installed on Android devices running Android 9 and later since October 2024.  The app, identified by the…

Read more →

The Open Source Security Foundation (OpenSSF) has launched the Open Source Project Security Baseline (OSPS Baseline), a tiered framework designed to standardize security practices for Linux and other open-source projects.  This initiative, aligned with global cybersecurity regulations like the EU…

Read more →

A new wave of phishing attacks impersonating Japanese electronics retail giant Yodobashi Camera has emerged, leveraging urgency and brand trust to steal customer credentials. Cybersecurity firm Symantec reported the campaign, which uses emails titled “Yodobashi.com: ‘Customer Information’ Change Request Notification”…

Read more →

A new attack dubbed nRootTag has exposed over 1.5 billion Apple devices, including iPhones, iPads, Apple Watches, and Macs, to covert tracking by malicious actors.  To be Detailed in a forthcoming USENIX Security Symposium 2025 paper by researchers Junming Chen,…

Read more →

Cisco Systems has issued a critical security advisory addressing a command injection vulnerability in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode.  Designated as CVE-2025-20161, the flaw allows authenticated local attackers with administrative privileges to execute…

Read more →

A major development in wireless security research has revealed a sophisticated Wi-Fi jamming technique capable of disabling individual devices with millimeter-level precision, leveraging emerging Reconfigurable Intelligent Surface (RIS) technology. Developed by researchers at Ruhr University Bochum and the Max Planck…

Read more →

Authorities arrested a prolific hacker responsible for over 90 data breaches across 65 organizations in the Asia-Pacific region and 25 additional global targets.  The cybercriminal, operating under aliases ALTDOS, DESORDEN, GHOSTR, and 0mid16B, exfiltrated 13 terabytes of sensitive data between…

Read more →

A North Korea-aligned cybercriminal campaign dubbed DeceptiveDevelopment has been targeting freelance software developers through fake job interviews since early 2024. Posing as recruiters on platforms like LinkedIn, Upwork, and cryptocurrency-focused job boards, attackers lure victims with promising job opportunities or…

Read more →

Enterprises require robust network security solutions to protect against evolving cyber threats and ensure the safety of sensitive data. Leading solutions include Palo Alto Networks, Fortinet, Cisco Secure, and Check Point, among others. Palo Alto Networks excels with its AI-driven…

Read more →

GitLab has issued a security advisory warning of multiple high-risk vulnerabilities in its DevOps platform, including two critical Cross-Site Scripting (XSS) flaws enabling attackers to bypass security controls and execute malicious scripts in user browsers.  The vulnerabilities – tracked as…

Read more →

A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale, exposes users to potential remote…

Read more →