A sophisticated malware campaign has emerged that weaponizes seemingly legitimate productivity tools to infiltrate systems and steal sensitive information. The TamperedChef malware represents a concerning evolution in threat actor tactics, utilizing trojanized applications disguised as calendar tools and image viewers…
Tag: Cyber Security News
SVG Security Analysis Toolkit to Detect Malicious Scripts Hidden in SVG Files
As attackers increasingly leverage Scalable Vector Graphics (SVG) for stealthy code injection, security researchers face mounting challenges in detecting obfuscated payloads embedded within SVG assets. The SVG Security Analysis Toolkit by HackingLZ offers a comprehensive solution: a suite of four…
New Spear-Phishing Attack Delivers DarkCloud Malware to Steal Keystrokes, FTP Credentials and Others
A newly observed spear-phishing campaign is leveraging sophisticated social engineering lures to distribute DarkCloud, a modular malware suite designed to harvest keystrokes, exfiltrate FTP credentials and gather system information. Over the past month, targeted emails masquerading as legitimate software updates…
New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data
A sophisticated new cross-platform information stealer known as ModStealer has emerged, targeting macOS users and demonstrating concerning capabilities to evade Apple’s built-in security mechanisms. The malware represents the latest evolution in macOS-focused threats, which have seen a dramatic surge throughout…
Threat Actors Weaponizing Facebook and Google Ads as Financial Platforms to Steal Sensitive Data
In recent months, cybersecurity teams have observed an alarming trend in which malicious actors exploit Facebook and Google advertising channels to masquerade as legitimate financial services. By promoting free or premium access to well-known trading platforms, these threat actors have…
SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account
A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts. Tracked as CVE-2024-58260, this vulnerability affects Rancher Manager versions 2.9.0 through 2.12.1, enabling both username takeover and full…
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring…
Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild
The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day vulnerabilities affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) platforms. At the center of this security crisis lies CVE-2025-20333, a devastating…
Hackers Weaponizing SVG Files to Deliver PureMiner Malware and Steal Sensitive Information
In recent weeks, a sophisticated phishing campaign has emerged, targeting organizations in Ukraine with malicious Scalable Vector Graphics (SVG) files designed to propagate the PureMiner cryptominer and a data-stealing payload dubbed Amatera Stealer. Attackers masquerade as the Ukrainian police, sending…
Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W
A critical vulnerability in Windows heap management demonstrates how improper handling of record-size fields enables arbitrary memory read and write operations. Suraj Malhotra shared a detailed exploitation technique leveraging the Low Fragmentation Heap (LFH) mechanism to achieve code execution on…
Formbricks Signature Verification Vulnerability Let Attackers Reset User Passwords Without Authorization
A critical security flaw discovered in Formbricks, an open-source experience management platform, demonstrates how missing JWT signature verification can lead to complete account takeovers. The vulnerability tracked as CVE-2025-59934 affects all versions prior to 4.0.1 and stems from improper token…
Threat Actors Leveraging Dynamic DNS Providers to Use for Malicious Purposes
Cybersecurity researchers are raising alarms about a growing threat vector as malicious actors increasingly exploit Dynamic DNS providers to establish robust command and control infrastructure. These publicly rentable subdomain services, traditionally designed for legitimate hosting purposes, have become the preferred…
DataCenter Fire Takes 600+ South Korean Government Websites Offline
A fire caused by a lithium-ion battery explosion at a key government data center in South Korea has knocked more than 600 essential services offline, disrupting daily life across the highly digitized nation. The incident, which began Friday night at…
Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code
A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code on a victim’s machine. Tracked as CVE-2025-56383, the flaw exists in version 8.8.3 and potentially affects all installed versions of…
Cybersecurity Newsletter Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the escalating challenges facing defenders. At the forefront was Google’s emergency patch for yet another actively exploited zero-day vulnerability in its Chrome…
Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization
A Google Project Zero researcher has detailed a novel technique for remotely leaking memory addresses on Apple’s macOS and iOS. This method can bypass a key security feature, Address Space Layout Randomization (ASLR), without relying on traditional memory corruption vulnerabilities…
Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware
A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and abused code-signing certificates to deliver the Oyster backdoor malware. The attack was neutralized by Microsoft Defender’s Attack Surface Reduction (ASR)…
New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads
A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices across the globe. The campaign exploits SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces, demonstrating an alarming evolution in…
Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations
A sophisticated cybercriminal alliance between malware operators and covert North Korean IT workers has emerged as a significant threat to corporate organizations worldwide. This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting…
Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users
A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions. The vulnerability, tracked as CVE-2025-54831 and classified as “important” severity, fundamentally undermines the platform’s intended security model for handling sensitive…