Critical vulnerabilities in LibreOffice (CVE-2024-12425 and CVE-2024-12426) allow attackers to overwrite arbitrary files and retrieve sensitive system data via malicious documents. These flaws affect both desktop users and server-side implementations, posing significant risks to enterprises and individual users relying on…
Tag: Cyber Security News
WinRAR 7.10 Latest Version Released For 500 Million Users – What’s New
The latest version of the widely-used file compression tool, WinRAR 7.10, introduces a suite of significant updates aimed at enhancing user experience, performance, and security. Released on February 18, 2025, this iteration marks a major overhaul of the software’s interface,…
Beware of Fake Timesheet Report Email Leading to the Tycoon 2FA Phishing Kit
A new wave of phishing attacks is exploiting fake timesheet report emails to lure victims into the sophisticated Tycoon 2FA phishing kit. This campaign leverages Pinterest Visual Bookmarks as intermediaries, adding a deceptive layer of legitimacy to its tactics. Spider…
ChatGPT Operator Prompt Injection Exploit Leaking Private Data
OpenAI’s ChatGPT Operator, a cutting-edge research preview tool designed for ChatGPT Pro users, has recently come under scrutiny for vulnerabilities that could expose sensitive personal data through prompt injection exploits. ChatGPT Operator is an advanced AI agent equipped with web…
Ransomware Gangs Encrypt Systems After 17hrs From Initial Infection
New research reveals ransomware gangs are accelerating encryption timelines while adopting advanced evasion techniques and data extortion strategies. A 2025 threat report by cybersecurity firm Huntress reveals ransomware gangs now take just 17 hours on average to encrypt systems after…
Xerox Printers Vulnerability Let Attackers Capture Authentication Data From LDAP & SMB
Multiple vulnerabilities in enterprise-grade Xerox Versalink C7025 multifunction printers (MFPs) enable attackers to intercept authentication credentials from Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) services. Designated as CVE-2024-12510 and CVE-2024-12511, these flaws allow malicious actors to execute…
CISA Warns of Apple iOS Vulnerability Exploited in Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, tracked as CVE-2025-24200, being actively exploited in targeted attacks. The flaw, an authorization bypass in Apple’s USB…
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems
The RansomHub ransomware group has rapidly emerged as one of the most prolific cybercrime syndicates of 2024–2025. As this ransomware group done by expanding its arsenal to target Windows, VMware ESXi, Linux, and FreeBSD systems in global attacks. RansomHub ransomware…
New XCSSET Malware Attacking macOS Users by Infecting Xcode Projects
Microsoft Threat Intelligence has identified an evolved iteration of the XCSSET malware family actively exploiting macOS developers via weaponized Xcode projects. This modular backdoor, first documented in 2020, now employs advanced obfuscation techniques, refined persistence mechanisms, and novel infection vectors…
Hidden Malware in WordPress Websites Allows Attackers to Execute Malicious Code Remotely
A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This attack chain allows remote execution of malicious code, enabling full server compromise, data theft,…
IDOR Vulnerability in ExHub Let Attacker Modify Web Hosting Configuration
A critical Insecure Direct Object Reference (IDOR) vulnerability was recently discovered in ExHub, a cloud-based platform for hulia-based development. This flaw allowed attackers to modify web hosting configurations of any project without proper authorization, posing significant risks to affected systems. …
New Android Security Feature that Blocks Changing Sensitive Setting During Calls
Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during active phone calls. This feature, currently live in the beta version, prevents enabling permissions like…
Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number
The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users. This breach highlights the critical need for robust security measures in government-operated digital…
Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication
Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and…
Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment
A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. The scam involves a malicious binary…
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry
Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. This technique exploits Windows registry redirection, making it challenging for standard tools to identify and remove these…
Meta Paid Out $2.3 Million to Researchers via Bug Bounty Program
In 2024, Meta, the parent company of Facebook, Instagram, and WhatsApp, continued its commitment to cybersecurity by awarding over $2.3 million through its bug bounty program. This initiative, which began in 2011, has now surpassed $20 million in total payouts,…
PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats
In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an all-in-one lab environment, PurpleLab equips analysts with tools to enhance…
Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access
In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. This campaign, observed since August 2024, targets governments, NGOs, IT services, defense, telecommunications, health, education, and…
Linux Kernel 6.14 rc3 Released – What’s New!
Linus Torvalds has released Linux Kernel 6.14-rc3, the latest release candidate for the upcoming Linux 6.14 stable version. Paolo Bonzini, the maintainer of the Kernel-based Virtual Machine (KVM), has also submitted a series of fixes for the Linux Kernel 6.14-rc3,…