Tag: Cyber Security News

A critical XML external entity (XXE) injection vulnerability has been discovered in Apache Struts 2, potentially exposing millions of applications to data theft and server compromise. The vulnerability, tracked as CVE-2025-68493, affects multiple versions of the widely used framework and requires…

Read more →

Threat actor HawkSec claims to be auctioning a Discord dataset comprising 78,541,207 files. The collection, organized into messages, voice sessions, actions, and servers, stems from an abandoned OSINT/CSINT project spanning several months. HawkSec promoted the dataset in their Discord server,…

Read more →

Security researchers have identified critical vulnerabilities in React Router that allow attackers to access or modify server files via directory traversal. The flaws affect multiple packages within the React Router ecosystem and carry a CVSS v3 score of 9.8, classifying…

Read more →

The cryptocurrency crime landscape reached an unprecedented milestone in 2025, with illicit cryptocurrency addresses receiving at least 154 billion dollars. This staggering figure represents a 162 percent increase compared to the previous year, driven largely by nation-states moving into cryptocurrency…

Read more →

Cybersecurity threats continue to evolve with attackers using more creative social engineering techniques to target organizations. A recent threat has emerged involving the Guloader malware, which is being disguised as employee performance reports to trick users into downloading and executing…

Read more →

A new wave of attacks is using the ValleyRAT_S2 malware to quietly break into organizations, stay hidden for long periods, and steal sensitive financial information. ValleyRAT_S2 is the second-stage payload of the ValleyRAT family and is written in C++. Once…

Read more →

X has suspended the iconic @twitter handle on its platform, replacing its profile with a standard notice stating the account violates rules. Screenshots of the suspension screen began circulating widely late last week, igniting discussions about the platform’s rebranding efforts.…

Read more →

A severe global buffer overflow vulnerability has been discovered in the zlib untgz utility version 1.3.1.2. Allowing attackers to corrupt memory and potentially execute malicious code through specially crafted command-line input.​ The security flaw resides in the TGZfname() function of…

Read more →

Everest hacking group has allegedly claimed a major breach of Nissan Motor Co., Ltd., raising fresh concerns about data security at large automotive manufacturers. According to early reports, the cybercrime group says it exfiltrated around 900 GB of sensitive data…

Read more →

Critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, could allow attackers to inject UI inputs and cause denial-of-service conditions on affected systems. The SUSE researchers tracked as CVE-2025-66005 and CVE-2025-14338, which affect InputPlumber versions before v0.69.0 and stem from…

Read more →

A recent investigation has exposed the technical foundation of underground carding operations, revealing 28 unique IP addresses and 85 domains actively hosting illegal marketplaces where stolen credit card data is bought and sold. These platforms operate as sophisticated e-commerce sites…

Read more →

The world of cybercrime has taken a dangerous turn as pig butchering scams now operate as turnkey services, lowering entry barriers for bad actors worldwide. The “Penguin” operation represents a growing marketplace that provides everything scammers need to launch large-scale…

Read more →

Security researcher TwoSevenOneT, known for EDR evasion tools like EDR-Freeze and EDR-Redir, unveiled EDRStartupHinder this week. The tool blocks antivirus and EDR services at startup by redirecting critical System32 DLLs via Windows Bindlink, demonstrated on Windows Defender in Windows 11…

Read more →

Instagram has stated that its systems were not breached and that recent password reset emails some users received were triggered by an external party abusing a now-fixed issue. The company says user accounts remain secure and that the unexpected reset…

Read more →

Network security is paramount in today’s digital landscape, where organizations face increasingly sophisticated threats. This guide presents a detailed Network Security checklist with examples to help you establish robust protection and minimize vulnerabilities. Network Security Musts: The 7-Point Checklist –…

Read more →

Open Source Intelligence (OSINT) has become a cornerstone of cybersecurity threat intelligence. In today’s digital landscape, organizations face a constant barrage of cyber threats, ranging from data breaches and phishing attacks to sophisticated nation-state operations. To stay ahead of these…

Read more →

A cybersecurity incident at Gulshan Management Services, Inc., a gas station operator based in Sugar Land, Texas, has compromised the personal information of over 377,000 customers. The breach, discovered on September 27, 2025, exposed sensitive data over 10 days from…

Read more →

Cybercriminals are leveraging the recent arrest of Venezuelan President Nicolás Maduro to distribute sophisticated backdoor malware. The threat actors exploited news surrounding Maduro’s arrest on January 3, 2025, demonstrating how geopolitical events continue to serve as effective lures for malicious…

Read more →

The Spanish National Police, working alongside the Bavarian State Criminal Police Office and Europol, has conducted a major operation targeting the international Black Axe criminal organisation. The coordinated action resulted in 34 arrests and dealt a significant blow to the…

Read more →

A significant security breach has compromised approximately 17.5 million Instagram user accounts, exposing sensitive personal information that is now circulating on the dark web. The incident was discovered and reported by cybersecurity firm Malwarebytes earlier this week, raising urgent concerns…

Read more →