Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts targeting this vulnerability. The flaw allows unauthenticated attackers to bypass the authentication required by the…
Tag: Cyber Security News
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild by Chinese APT Group
ClearSky Cyber Security has uncovered a user interface (UI) vulnerability in Microsoft Windows that is currently being exploited by a sophisticated threat actor known as Mustang Panda, a group believed to be affiliated with Chinese state interests. The exploitation involves…
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S – New Report
A groundbreaking report from the Alliance for Securing Democracy (ASD) at the German Marshall Fund has revealed a disturbing trend: foreign threat actors from Russia, China, and Iran are increasingly targeting local communities across the United States. These operations aim…
Burp AI – Burp Suite Now Integrate AI Powered Extension for Web Pentesting with 10,000 Free AI Credits
Burp AI, PortSwigger unveils AI-driven extensibility in Burp Suite Professional, revolutionizing the way security professionals approach application testing. In its latest stride toward innovation, PortSwigger, the creator of the widely acclaimed Burp Suite, has announced the integration of artificial intelligence…
APT43 Hackers Attacking Academic Institutions With Exposed Credentials
APT43, a notorious North Korean state-sponsored hacking group, has been actively targeting academic institutions worldwide, exploiting exposed credentials to gain unauthorized access. Linked to the Reconnaissance General Bureau (RGB), APT43 is known for its strategic intelligence gathering and financially motivated…
Security Researchers Now Analyse Any URL With ANY.RUN Safebrowsing Tool Extension for Free
ANY.RUN, a global leader in Interactive Malware sandboxes, has upgraded its browser extension to include the Safebrowsing feature, which is now available for free to all users. This tool is designed to help businesses and individuals combat phishing attempts, malicious…
New Phishing Attacks Abuses Webflow CDN & CAPTCHAs To Steal Credit Card Details
A recent phishing campaign has been uncovered by Netskope Threat Labs, highlighting a sophisticated technique where attackers exploit Webflow’s Content Delivery Network (CDN) and fake CAPTCHAs to steal sensitive financial information. This campaign, ongoing since the second half of 2024,…
Hackers Exploited Palo Alto’s Firewall Vulnerability to Deploy RA World Ransomware
In a significant cybersecurity breach, attackers exploited a critical vulnerability in Palo Alto Networks’ PAN-OS firewall software (CVE-2024-0012) to deploy the RA World ransomware. The attack, which occurred in late 2024, targeted a medium-sized software and services company in South…
Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale
A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face in prioritizing vulnerability management. CVE-2022-47945…
Winnti Hackers Attacking Japanese Organizations With New Malware
The China-based Winnti Group has targeted Japanese organizations in a recent cyberattack campaign known as “RevivalStone,” in the manufacturing, materials, and energy sectors. This campaign, confirmed in March 2024, utilizes a new version of the Winnti malware with enhanced capabilities.…
Threat Actors Exploiting DeepSeek’s Popularity To Deploy Malware
The Chinese AI startup DeepSeek has gained significant attention in the global AI market with its open-source inference model, DeepSeek-R1. This model has been touted as a more cost-effective alternative to existing AI solutions, outperforming OpenAI’s GPT-o1. However, this newfound…
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) To Hack Windows Systems
Russian-backed hackers, specifically the Sandworm APT group (also known as APT44 or UAC-0145), have been using weaponized Microsoft Key Management Service (KMS) activators to infiltrate Windows systems in Ukraine. This campaign, which has been active since late 2023, exploits pirated…
RedNote App Vulnerability Allows Access to User Files on iOS & Android Devices
Critical vulnerabilities were uncovered in the popular Chinese social media app RedNote (also known as XiaoHongShu), which boasts over 300 million active users globally. These security flaws, present in both Android and iOS versions, expose users’ browsing activity, device metadata,…
Windows 11’s New Compression Formats Pose Security Risks with libarchive
Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z. This update aimed to enhance user convenience by enabling file management directly within File Explorer. However, the integration of…
New Malware Exploiting Outlook As a Communication Channel via The Microsoft Graph API
A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. The malware is part…
KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques
Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors. Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from…
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource
Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs). Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts. …
Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS
Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface. This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected…
Have I Been Pwned Likely to Ban Resellers Subscriptions
Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships. Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the…
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications
Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server…