A sophisticated threat cluster tracked as UAC-0212 has escalated efforts to compromise critical infrastructure systems in Ukraine, according to a recent advisory from CERT-UA (Government Computer Emergency Response Team of Ukraine). These attacks, active since July 2024, focus on energy,…
Tag: Cyber Security News
16 Malicious Chrome Extensions Infected Over 3.2 Million Users
A coordinated campaign involving at least 16 malicious Chrome extensions infected over 3.2 million users worldwide, leveraging browser security vulnerabilities to execute advertising fraud and search engine optimization manipulation. Discovered by GitLab Threat Intelligence in February 2025, these extensions, ranging…
Research Jailbreaked OpenAI o1/o3, DeepSeek-R1, & Gemini 2.0 Flash Thinking Models
A recent study from a team of cybersecurity researchers has revealed severe security flaws in commercial-grade Large Reasoning Models (LRMs), including OpenAI’s o1/o3 series, DeepSeek-R1, and Google’s Gemini 2.0 Flash Thinking. The research introduces two key innovations: the Malicious-Educator benchmark…
200 Malicious GitHub Repos Attacking Developers to Deliver Malware
In an era where open-source collaboration drives software innovation, a sophisticated cyber campaign dubbed GitVenom has emerged as a critical threat to developers. Security researchers have uncovered over 200 malicious GitHub repositories designed to distribute information stealers and remote access…
Linux Grub Read Command Buffer Overflow Vulnerability Enabling Potential Secure Boot Bypass
A newly disclosed vulnerability in the GRUB2 bootloader’s read command (CVE-2025-0690) has raised concerns about potential Secure Boot bypasses and heap memory corruption in Linux systems. Red Hat Product Security rates this integer overflow flaw as moderately severe. It could…
Qualcomm & Google Tied Up to Offer Eight Years of Software and Security Updates
In a transformative move for smartphone longevity, Qualcomm Technologies, Inc., and Google have announced a collaboration to enable eight years of Android software and security updates for devices powered by Snapdragon mobile platforms. This initiative, targeting smartphones launching with the…
Sliver C2 Server Vulnerability Let Attackers Open a TCP connection to Read Traffic
A critical server-side request forgery (SSRF) vulnerability (CVE-2025-27090) has been identified in the Sliver C2 framework’s teamserver implementation, enabling attackers to establish unauthorized TCP connections through vulnerable servers. Affecting versions 1.5.26 through 1.5.42 and pre-release builds below commit Of340a2, this…
Hackers Bypassing Outlook Spam Filter to Deliver Weaponized ISO Files
A newly uncovered technique allows threat actors to bypass Microsoft Outlook’s spam filtering mechanisms, enabling the delivery of malicious ISO files through seemingly benign email links. This vulnerability exposes organizations to increased risks of phishing and malware attacks, particularly when…
KernelSnitch – A New Side-Channel Attack Targeting Data Structures
Researchers have disclosed KernelSnitch, a novel side-channel attack exploiting timing variances in Linux kernel data structures, achieving covert data transmission rates up to 580 kbit/s and enabling website fingerprinting with 89% accuracy. The attack targets four critical container types: fixed/dynamic…
Critical MITRE Caldera Vulnerability Let Attackers Execute Remote Code – PoC Released
A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been identified in all versions of MITRE Caldera prior to commit 35bc06e, exposing systems to potential compromise via unauthenticated attackers. The flaw resides in the dynamic compilation mechanism of Caldera’s Sandcat…
TSforge – A New Tool Exploits Every Version of Windows Activation
Security researchers from MASSGRAVE have unveiled TSforge, a groundbreaking tool exploiting vulnerabilities in Microsoft’s Software Protection Platform (SPP) to activate every version of Windows from Windows 7 onward, including Office suites and add-ons. This exploit marks the first successful direct…
Threat Actors Mimic Commander Tool for Windows to Deploy LummaC2 Malware
Security researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated malware campaign distributing the LummaC2 information stealer disguised as a cracked version of Total Commander, a popular file management tool for Windows. The operation targets users seeking unauthorized…
10 Best Event Monitoring Tools – 2025
Event monitoring tools are software solutions designed to track, analyze, and manage events across various systems, applications, or environments. These tools are widely used in IT operations, security monitoring, application performance management, and even live event tracking. They help organizations…
100+ Malicious IPs Actively Exploiting Vulnerabilities in Cisco Devices
A malicious campaign targeting Cisco networking equipment through two critical vulnerabilities, with state-backed actors and other actors exploiting unpatched systems. GreyNoise Intelligence has identified 110 malicious IPs actively exploiting CVE-2023-20198, a privilege escalation flaw in Cisco IOS XE devices. There…
CISA Warns of Oracle Agile Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding CVE-2024-20953, a high-severity deserialization vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software that is being actively exploited in the wild. Added to CISA’s Known Exploited Vulnerabilities…
Threat Actors Stealing Users Browser Fingerprints To Bypass Security Measures & Impersonate Users
A sophisticated cybercriminal campaign leveraging stolen browser fingerprints to bypass fraud detection systems and impersonate legitimate users has been uncovered by cybersecurity researchers. Dubbed ScreamedJungle, the threat actor has been exploiting vulnerabilities in outdated Magento e-commerce platforms since May 2024…
Australia Prohibits Kaspersky Software in Government Networks Over Major Security Concerns
The Australian government has mandated the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage. Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the…
Android App on Google Play Attacking Indian Users To Steal Login Credentials
A sophisticated Android malware campaign dubbed “SpyLend” has infiltrated the Google Play Store, masquerading as a financial utility app to target Indian users. Disguised as “Finance Simplified” (package: com.someca.count), the app has amassed over 100,000 downloads since February 2025, leveraging…
SafeLine WAF vs CloudFlare: Which One Should You Choose?
When it comes to protecting your website from cyber threats, Web Application Firewalls (WAF) are an essential part of the security infrastructure. Two popular options in the market are SafeLine and CloudFlare, each with its own strengths and weaknesses. In…
GhostSocks Malware Exploiting SOCKS5 Proxy to Bypass Detection Systems
A new malware strain dubbed GhostSocks is leveraging SOCKS5 backconnect proxies to bypass anti-fraud mechanisms and geographic restrictions, according to a report by cybersecurity firm Infrawatch. The Golang-based malware, first advertised on Russian-language forums in October 2023, has recently expanded…