A critical Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure (OCI) Code Editor that allowed attackers to silently hijack victim Cloud Shell environments through a single click. The vulnerability, now remediated, affected Code Editor’s integrated services, including Resource Manager,…
Tag: Cyber Security News
NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution
NVIDIA has released critical security updates addressing two significant vulnerabilities in its Container Toolkit and GPU Operator that could allow attackers to execute arbitrary code with elevated permissions. The vulnerabilities, identified as CVE-2025-23266 and CVE-2025-23267, affect all platforms running NVIDIA…
PyPI Bans Inbox.ru Domains Following Massive 1,500+ Fake Project Uploads
The Python Package Index (PyPI) has implemented an immediate ban on inbox.ru email domain registrations following a sophisticated spam campaign that resulted in over 1,500 fake project uploads across a month-long period. The attack, which began on June 9, 2025,…
Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part
A newly disclosed remote code execution (RCE) vulnerability in Microsoft SharePoint has been identified, affecting the deserialization process of WebPart properties. The vulnerability enables attackers to execute arbitrary code through carefully crafted XML payloads embedded within SharePoint Web Parts, potentially…
Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration
Cybercriminals are increasingly leveraging DNS (Domain Name System) tunneling to establish covert communication channels that bypass traditional network security measures. This sophisticated technique exploits the fundamental trust placed in DNS traffic, which typically passes through corporate firewalls with minimal inspection…
GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability
A highly sophisticated malware campaign targeting Microsoft Exchange servers in government and high-tech organizations across Asia. The malware, dubbed GhostContainer, exploits known N-day vulnerabilities to establish persistent backdoor access to critical infrastructure. Key Takeaways1. GhostContainer uses CVE-2020-0688 vulnerability to create…
Threat Actors Weaponized 28+ New npm Packages to Infect Users With Protestware Scripts
A sophisticated protestware campaign has emerged targeting Russian-language users through a network of compromised npm packages, with threat actors weaponizing at least 28 new packages containing nearly 2,000 versions of malicious code. The campaign represents a significant escalation in supply…
Europol Disrupted “NoName057(16)” Hacking Group’s Infrastructure of 100+ Servers Worldwide
A coordinated international cybercrime operation successfully dismantled the pro-Russian hacking network NoName057(16), taking down over 100 servers worldwide and disrupting their central attack infrastructure. The joint operation, dubbed “Eastwood,” coordinated by Europol involved 12 countries and resulted in multiple arrests,…
Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure
Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced. This memory overread vulnerability in Citrix NetScaler appliances enables adversaries to exfiltrate sensitive data from kernel space by sending malformed DTLS packets. …
Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025
The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured…
SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware
SonicWall’s end-of-life SMA 100 series appliances are again on the front line after investigators unearthed a covert campaign that couples a suspected zero-day remote-code-execution flaw with a sophisticated backdoor called OVERSTEP. The operation, attributed to the financially motivated group UNC6148,…
Microsoft Congratulates MSRC’s Most Valuable Security Researchers
Microsoft has officially announced its 2025 Most Valuable Security Researchers, recognizing the top 100 security researchers worldwide who have made significant contributions to protecting Microsoft customers through the Microsoft Security Response Center (MSRC) program. The recognition is based on a…
Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files
A critical vulnerability in Cisco’s Unified Intelligence Center (CUIC) web-based management interface has been classified with high severity, allowing authenticated remote attackers with Report Designer privileges to upload arbitrary files to affected systems. Tracked as CVE-2025-20274 and assigned a CVSS…
Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript
Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely…
Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files
A critical security vulnerability has been discovered in Vim, the popular open-source command line text editor used by millions of developers worldwide. The vulnerability, designated as CVE-2025-53906, affects the zip.vim plugin and enables attackers to overwrite arbitrary files through specially…
Oracle Critical Security Update – 309 Vulnerabilities with 145 Remotely Exploitable Patched
Oracle released its July 2025 Critical Patch Update on July 15, addressing 309 security vulnerabilities across its extensive product portfolio. This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems,…
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities
A sophisticated cyber espionage campaign has emerged targeting Japanese organizations through critical vulnerabilities in Ivanti Connect Secure and FortiGate VPN devices. The attack campaign, observed throughout fiscal year 2024, has primarily focused on manufacturing companies and government-related entities, with attackers…
Abacus Dark Web Market Possible Exit Scam with the Bitcoin Payments They Hold
Abacus Market, the largest Bitcoin-enabled Western darknet marketplace, has likely executed an exit scam after going offline in early July 2025, according to blockchain intelligence firm TRM Labs. The marketplace’s operators appear to have disappeared with users’ cryptocurrency funds, marking…
Hackers Use Polyglot Files to Bypass Email Filters to Deliver Malicious Emails
In the final week of June 2025 security teams across Russia’s healthcare and technology sectors began receiving an unusual flood of “routine” logistics and contract e-mails. Hidden behind familiar subject lines and legitimate sender addresses, the messages contained archives that…
Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks
The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities affecting Windows applications and V8 engine implementations. Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing a…