Tag: Cyber Security News

A prominent Instagram influencer with over 2.5 million followers became the unwitting host of a sophisticated phishing campaign this week. The unnamed lifestyle blogger’s account was compromised on Monday, with attackers using their trusted platform to distribute malicious links disguised…

Read more →

In a significant security enhancement announced today, Microsoft has successfully rolled out SafeLinks protection worldwide for M365 Copilot Chat across Desktop, Web, Outlook Mobile, Teams Mobile, and the Microsoft 365 Copilot Mobile app on both iOS and Android platforms.  This…

Read more →

Microsoft security researchers have issued an urgent warning that default Helm chart configurations widely used for deploying Kubernetes applications could inadvertently expose sensitive data to attackers.  According to a report published on May 5, 2025, by Microsoft Defender for Cloud…

Read more →

The Mobile Security Framework (MobSF), a widely utilized tool, contains two critical zero-day vulnerabilities. These vulnerabilities, designated as CVE-2025-46335 and CVE-2025-46730, impact all versions of MobSF up to and including version 4.3.2. If exploited, they could result in system compromise…

Read more →

As the clock ticks down to October 14, 2025, Microsoft has intensified its efforts to alert Windows 10 users about the impending end of support deadline. After this date, the decade-old operating system will no longer receive security updates, bug…

Read more →

Google has released the Android Security Bulletin for May 2025, addressing multiple vulnerabilities, including a high-severity remote code execution flaw that is actively being exploited in the wild.  The most severe issue identified in the May 2025 security patch is…

Read more →

A sophisticated social engineering tactic dubbed “ClickFix” has emerged as a significant threat to Windows users, tricking victims into executing malicious PowerShell scripts through fake browser error pages. First identified in spring 2024, this attack vector has rapidly gained popularity…

Read more →

A coordinated wave of cyberattacks has struck major UK retailers in recent weeks, with the DragonForce ransomware group claiming responsibility for breaches at Marks & Spencer, Co-op, and luxury department store Harrods.  These attacks have caused significant operational disruptions and…

Read more →

Managed Security Service Providers (MSSPs) deliver outsourced cybersecurity services, focusing on monitoring, managing, and mitigating threats for organizations. Threat intelligence actionable data about potential cyber threats enhances their ability to predict, detect, and respond to attacks. Below are five critical…

Read more →

CISA has added a critical Langflow vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.  The vulnerability, identified as CVE-2025-3248, allows unauthenticated remote attackers to execute arbitrary code on vulnerable servers running the…

Read more →

The new GPOHound is a powerful new open-source tool designed to analyze Group Policy Objects (GPOs) in Active Directory environments for privilege escalation vulnerabilities and misconfigurations.  The tool, released on May 2, 2025, automatically detects insecure settings that attackers could…

Read more →

Cybersecurity experts have identified a sophisticated new malware campaign dubbed “ClickFix” that employs advanced social engineering tactics to compromise both Windows and Linux systems. The attack creates convincing replicas of Ministry of Defense websites across multiple countries, tricking users into…

Read more →

Microsoft has officially acknowledged that the April 2025 security update is preventing Windows 11 systems from upgrading to version 24H2 when using Windows Server Update Services (WSUS). The issue affects organizations attempting to deploy the latest feature update across their…

Read more →

When most people think of DDoS attacks, they envision tsunami-like floods of traffic overwhelming servers. That’s the classic Layer 3/4 strategy brute force attacks meant to crash services by clogging up bandwidth. But over the last quarter, I’ve seen a…

Read more →

Security researchers have uncovered one of the largest credit card theft operations in recent history, with a sophisticated Phishing-as-a-Service (PhaaS) platform called “Darcula” responsible for stealing approximately 884,000 credit card details through a massive campaign that generated over 13 million…

Read more →

A sophisticated new attack method that disables endpoint security protection has been identified by security researchers, enabling threat actors to deploy ransomware undetected.  The technique, dubbed “Bring Your Own Installer,” was recently discovered by Aon’s Stroz Friedberg Incident Response team…

Read more →

A newly discovered vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to remotely crash servers with zero user interaction or authentication.  The flaw, which targets the UDP-based TFTP service at the WDS, could allow even low-skilled attackers to paralyze…

Read more →

Most executives still treat PCI DSS like paperwork something to file away after a quarterly scan. But that mindset is dangerous. PCI compliance isn’t just a checklist it’s a survival test. Every rule in PCI exists because someone got breached.…

Read more →

A sophisticated credential theft technique, identified as T1555.003 in the MITRE ATT&CK framework, has emerged as a significant threat to organizations worldwide.  This technique enables adversaries to extract usernames and passwords directly from web browsers, which commonly store these credentials…

Read more →

A critical vulnerability in Microsoft Telnet Server enables attackers to bypass authentication completely, potentially gaining administrator access without valid credentials. Organizations running legacy Windows systems are advised to take immediate action, as no official patch is available. The critical flaw,…

Read more →