A sophisticated cyber campaign targeting corporate human resources departments has been uncovered, with attackers exploiting the routine practice of opening job application attachments to deploy a dangerous backdoor. The financially motivated threat group Venom Spider is behind this campaign, sending…
Tag: Cyber Security News
Hackers Weaponized 21 Apps to Gain Full Control of Ecommerce Servers
Security researchers have recently uncovered a sophisticated supply chain attack targeting ecommerce platforms through 21 widely-used applications. The backdoor, which remained dormant for six years after its initial injection between 2019 and 2022, has recently activated, providing attackers with complete…
RomCom RAT Attacking UK Organizations Via Customer Feedback Portals
A sophisticated Remote Access Trojan (RAT) dubbed “RomCom” has emerged as a significant threat targeting UK organizations through their customer feedback portals. Cybersecurity experts have identified a coordinated campaign exploiting these seemingly innocuous feedback mechanisms to deliver the malware, which…
Hackers Weaponizing Pahalgam Attack Themed Decoys to Attack Indian Government Personnel
In a sophisticated cyber espionage campaign, threat actors are actively targeting Indian government personnel using decoy documents referencing the recent Pahalgam attack. The malicious campaign, discovered in early May 2025, utilizes spear-phishing emails with attachments designed to exploit recipients’ interest…
Kelly Associates Data Breach Exposes 410,000+ Users Personal Data
A data breach at Kelly & Associates Insurance Group (operating as Kelly Benefits) has exposed sensitive personal information of more than 410,000 individuals, significantly more than initially reported. The Maryland-based benefits administration and payroll solutions provider confirmed that cybercriminals infiltrated…
Ransomware Groups Allegedly Breach IT Networks, Stealing Data from UK Retailers
A notorious ransomware group dubbed DragonForce has claimed responsibility for a series of cyber attacks targeting major UK retailers, with Co-op now confirming a significant data breach affecting its membership database. The attacks, which also targeted Marks & Spencer and…
Iranian Hackers Breaches Critical National Infrastructure With multiple Webshells & Backdoors
A sophisticated cyber intrusion targeting critical national infrastructure in the Middle East has been uncovered, with evidence pointing to an Iranian state-sponsored threat group. The attack, which persisted from May 2023 to February 2025, showcases advanced tactics and a concerning…
xAI Dev Leaked API Key on GitHub for Private SpaceX, Tesla & Twitter/X
A significant security lapse occurred at Elon Musk’s artificial intelligence company xAI, where a developer inadvertently leaked a private API key on GitHub that remained accessible for nearly two months. The exposed credentials provided unauthorized access to private large language…
MediaTek Patches Multiple Vulnerabilities Affecting Tablets, Smartphones & TV Chipsets
MediaTek has released critical security patches addressing six significant vulnerabilities affecting a wide range of devices powered by their chipsets. The vulnerabilities, disclosed in the company’s May 2025 Product Security Bulletin, impact smartphones, tablets, AIoT devices, smart displays, audio systems,…
Microsoft Shuts Down Skype After 23 Years, Urges Users to Switch to Teams
After more than two decades as a pioneer in internet-based calling and messaging, Skype has officially been retired by Microsoft as of May 5, 2025. The company is now urging all Skype users to migrate to Microsoft Teams, marking the…
Hackers Selling SS7 0-Day Vulnerability on Hacker Forums for $5000
A sophisticated SS7 protocol vulnerability that enables unauthorized SMS interception and real-time phone tracking is now being offered for sale on underground forums, raising serious concerns about mobile network security worldwide. The exploit, priced at $5,000, provides buyers with comprehensive…
Hackers Leveraging Email Input Fields to Exploit Vulnerabilities Ranging from XSS to SSRF
A surge in cyberattacks leveraging email input fields as a gateway to exploit a wide range of vulnerabilities, including Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and email header injection. Email input fields are ubiquitous in modern web applications, used…
North Korean Hacker Tries to Breach Kraken Platform by Submitting Job Application
Cryptocurrency exchange Kraken recently uncovered a sophisticated infiltration attempt by a North Korean hacker who applied for an engineering position at the company. Instead of immediately rejecting the suspicious application, Kraken’s security team strategically advanced the candidate through multiple interview…
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands
Cybersecurity experts have identified a sophisticated evolution of the LUMMAC credential stealer, now rewritten from C to C++ and operating with enhanced capabilities. This new variant, designated LUMMAC.V2, has been observed targeting a wide range of applications including browsers, cryptocurrency…
Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000
A sophisticated SS7 protocol vulnerability that enables unauthorized SMS interception and real-time phone tracking is now being offered for sale on underground forums, raising serious concerns about mobile network security worldwide. The exploit, priced at $5,000, provides buyers with comprehensive…
New Luna Moth Domains Attacking Users Via Weaponized Helpdesk Domains
Recently identified Luna Moth phishing operations reveal a sophisticated campaign targeting legal and financial institutions through expertly crafted typosquatted domains. Security researchers from EclecticIQ, supported by additional findings from Silent Push, have uncovered a methodical approach to domain registration that…
Researcher Integrated Copilot with WinDbg to Analyze Windows Crash Dumps
In a significant leap forward for software debugging, a researcher has successfully developed a groundbreaking tool that brings AI assistance to one of computing’s most archaic processes: Windows crash dump analysis. Sven Scharmentke recently unveiled “mcp-windbg,” an open-source project that…
New SonicBoom Attack Allows Bypass of Authentication for Admin Access
A critical new attack chain, dubbed “SonicBoom,” that enables remote attackers to bypass authentication and seize administrative control over enterprise appliances, including SonicWall Secure Mobile Access (SMA) and Commvault backup solutions. This sophisticated multi-stage exploit leverages a combination of pre-authentication…
New Chimera Malware That Outsmarts Antivirus, Firewalls, & Humans
A sophisticated new strain of malware dubbed “Chimera” has emerged in 2025, representing a significant evolution in cyber threats. This advanced malware first appeared in March 2025 when it infiltrated X Business, a small e-commerce company specializing in handmade home…
Microsoft to Block Emails With 550 5.7.15 Access denied Error
In a notable development that will affect numerous businesses globally, Microsoft has announced that it will commence the rejection of emails that do not adhere to strict authentication standards, resulting in the error code “550 5.7.15 Access denied.” This enforcement,…