Cybersecurity has become one of the most vital aspects of the digital-first world, where organizations face advanced and persistent threats daily. The need for Cyber Threat Intelligence (CTI) companies has never been more important in 2025. These companies provide organizations…
Tag: Cyber Security News
Top 10 Best Digital Risk Protection (DRP) Platforms in 2025
In 2025, businesses are facing unprecedented challenges in the digital risk landscape. With cyber threats evolving rapidly, organizations need advanced solutions to detect, assess, and mitigate risks originating outside traditional network perimeters. Digital Risk Protection (DRP) platforms offer proactive visibility…
PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical vulnerability chain in VMware Workstation that allows an attacker to escape from a guest virtual machine and execute arbitrary code on the host operating system. The exploit successfully chains together…
New Obex Tool Blocks EDR Dynamic Libraries From Loading at Runtime
A new proof-of-concept (PoC) tool named Obex has been released, offering a method to prevent Endpoint Detection and Response (EDR) and other monitoring solutions’ dynamic-link libraries (DLLs) from loading into processes. The tool, created by a researcher known as “dis0rder0x00,”…
Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories
An extortion group known as the Crimson Collective claims to have breached Red Hat’s private GitHub repositories, making off with nearly 570GB of compressed data from 28,000 internal repositories. This data theft is being regarded as one of the most…
Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code. The update, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that…
Microsoft Outlook for Windows Bug Leads to Crash While Opening Email
Microsoft has confirmed it is investigating a significant bug in the classic Outlook for Windows desktop client that causes the application to fail upon launch. The issue, which appears to be linked to Microsoft Exchange logon attempts, prevents users from…
Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code
Splunk has released patches for multiple vulnerabilities in its Enterprise and Cloud Platform products, some of which could allow attackers to execute unauthorized JavaScript code, access sensitive information, or cause a denial-of-service (DoS) condition. The advisories, published on October 1,…
Threat Actors Leveraging Senior Travel Scams to Deliver Datzbro Malware
Cybersecurity researchers have uncovered a sophisticated Android malware campaign targeting seniors through fraudulent travel and social activity promotions on Facebook. The newly identified Datzbro malware represents a dangerous evolution in mobile threats, combining advanced spyware capabilities with remote access tools…
Ukraine Warns of Weaponized XLL Files Delivers CABINETRAT Malware Via Zip Files
Ukrainian security agencies have issued an urgent warning regarding a sophisticated malware campaign targeting government and critical infrastructure sectors through weaponized XLL files distributed via compressed archives. The malicious campaign leverages Microsoft Excel add-in files containing the CABINETRAT backdoor, representing…
New DNS Malware Detour Dog Delivers Strela Stealer Using DNS TXT Records
A sophisticated DNS-based malware campaign has emerged, utilizing thousands of compromised websites worldwide to deliver the Strela Stealer information-stealing malware through an unprecedented technique involving DNS TXT records. The threat, tracked as Detour Dog by security researchers, represents a significant…
New FlipSwitch Hooking Technique Bypasses Linux Kernel Defenses
The cybersecurity landscape witnessed the emergence of a sophisticated rootkit variation, FlipSwitch, targeting modern Linux kernels. First surfacing in late September 2025, FlipSwitch exploits recent changes in syscall dispatching to implant stealthy hooks directly into kernel code. Early indicators suggest…
New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks
Google has introduced a new AI-powered ransomware detection feature for Google Drive for desktop, designed to block cyberattacks and protect user files automatically. This enhancement adds a significant layer of security for users of Windows and macOS, addressing the persistent…
WestJet Confirms Data Breach – Customers Personal Information Exposed
WestJet announced a cybersecurity incident in which a sophisticated third-party actor gained unauthorized access to internal systems, exposing personal information of some customers. The breach, discovered on June 13, 2025, has since been contained and remediated, but not before sensitive…
MatrixPDF Attacks Gmail Users Bypassing Email Filters and Fetch Malicious Payload
In recent weeks, a novel malware campaign dubbed MatrixPDF has surfaced, targeting Gmail users with carefully crafted emails that slip past conventional spam and phishing filters. This campaign has been active since mid-September 2025 and leverages PDF attachments that, when…
CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in Attacks
Cisco’s Simple Network Management Protocol (SNMP) implementations in IOS and IOS XE have come under intense scrutiny following reports of active exploitation in the wild. First disclosed in August 2025, CVE-2025-20352 describes a critical buffer overflow in the SNMP engine…
Patchwork APT Using PowerShell Commands to Create Scheduled Task and Downloads Final Payload
Since mid-2025, cybersecurity researchers have tracked a resurgence of Patchwork Advanced Persistent Threat (APT) campaigns targeting government and telecommunications sectors across Asia and Eastern Europe. Initially leveraging spear-phishing emails containing malicious Office document attachments, this latest wave of activity has…
New Chinese Nexus APT Hackers Attacking Organizations to Deliver NET-STAR Malware Suite
In recent weeks, security teams worldwide have observed a surge in covert operations orchestrated by a clandestine group known colloquially as the “Chinese Nexus” APT. This actor has been tailoring highly targeted campaigns against organizations in the finance, telecommunication, and…
New Battering RAM Attack Bypasses Latest Defenses on Intel and AMD Cloud Processors
Confidential computing promised to protect sensitive workloads in the public cloud. Yet a new low-cost hardware attack, Battering RAM, demonstrates that even up-to-date memory-encryption schemes on Intel and AMD processors can be defeated with a simple interposer costing under 50 dollars. Modern…
Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure
Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable low-privileged attackers to elevate their permissions to full cluster administrator and compromise the entire platform. With a CVSS v3 base score…