A new critical security vulnerability in Apache Parquet Java has been disclosed that could allow attackers to execute arbitrary code through specially crafted Parquet files. The vulnerability, tracked as CVE-2025-46762, affects all versions of Apache Parquet Java through 1.15.1. Apache…
Tag: Cyber Security News
Critical Webmin Vulnerability Let Remote Attackers Escalate Privileges to Root-Level
A critical security vulnerability in Webmin, a widely-used web-based system administration tool, has been discovered, allowing remote attackers to escalate privileges and execute code with root-level access. Designated as CVE-2025-2774, this flaw poses severe risks to servers running affected versions…
Cybersecurity Weekly Newsletter: Key Attacks and Vulnerabilities From Last Week
In our fast-paced, interconnected world, the dangers of cyberattacks are becoming more frequent and complex. That’s why it’s more important than ever to stay updated and aware of the risks. Every week, our newsletter offers a simple roundup of the…
AsyncRAT Dark Mode – New Version of AsyncRAT on GitHub With Remote Access & Monitoring
A new, modified version of the popular AsyncRAT tool, dubbed AsyncRAT Dark Mode, has been released on GitHub, offering users a modernized interface and enhanced functionality for remote system monitoring and control. This open-source project introduces a stylish dark theme,…
CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks
CISA has issued an urgent advisory highlighting critical vulnerabilities in KUNBUS GmbH’s Revolution Pi industrial automation devices. These flaws, which include authentication bypass and remote code execution risks, threaten sectors like manufacturing, energy, and healthcare. Attackers can disrupt operations, manipulate…
AsyncRAT Dark Mode – New Version of AsyncRAT on GitHub With New Features
A new, modified version of the popular AsyncRAT tool, dubbed AsyncRAT Dark Mode, has been released on GitHub, offering users a modernized interface and enhanced functionality for remote system monitoring and control. This open-source project introduces a stylish dark theme,…
Yemeni Man Charged in U.S. for Black Kingdom Ransomware Deployed on Schools & Business Networks
A Yemeni national, Rami Khaled Ahmed, aged 36, has been indicted by federal authorities in the Central District of California for allegedly orchestrating a cyberattack campaign using Black Kingdom ransomware to extort victims, the U.S. Department of Justice announced. Ahmed…
Hackers Using Weaponized PDF To Deliver Remcos RAT Malware on Windows
Researchers at Trustwave SpiderLabs has uncovered a sophisticated malspam campaign distributing the notorious RemcosRAT malware on windows. The campaign leverages a deceptive fake payment notice disguised as a SWIFT copy to trick victims into downloading a malicious PDF, ultimately leading…
Post-Breach Recovery – A CISO’s Guide to Reputation Management
In an era where data breaches increasingly dominate headlines, Chief Information Security Officers (CISOs) face unprecedented pressure to mitigate technical fallout and salvage organizational trust. The 2024 FTC settlement with Marriott International, a $52 million penalty for systemic security failures,…
How to Configure Email Security With DMARC, SPF, And DKIM
Email is a critical business communication tool, but it is also a primary target for cybercriminals who exploit its openness to launch phishing attacks, impersonate brands, and distribute malware. To counter these threats, organizations must implement robust email authentication protocols…
The CISO’s Guide to Securing AI and Machine Learning Systems
As AI and machine learning reshape business operations, they also introduce new security challenges—making Securing AI Systems for CISOs essential, as traditional frameworks often fall short. For Chief Information Security Officers (CISOs), securing AI/ML systems requires expanding security mindsets beyond…
AI‑Powered Security Transformation with Tactical Approach to Integration
In the evolving landscape of cybersecurity, artificial intelligence has transitioned from an experimental technology to a core component of security operations. According to recent Gartner research, security and risk management leaders are pivoting toward a more tactical approach to AI…
Threat Actors Attacking Critical National Infrastructure With New Malware and Infrastructure
A sophisticated cyber intrusion targeting critical national infrastructure (CNI) in the Middle East has been uncovered, revealing a long-term espionage operation attributed to an Iranian state-sponsored threat group. The attack, which persisted from May 2023 to February 2025, with potential…
Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies
Multi-factor authentication (MFA) has long been touted as a robust security measure against phishing attacks, but sophisticated threat actors have developed new techniques to circumvent these protections. A concerning trend has emerged where cybercriminals are successfully bypassing MFA through adversary-in-the-middle…
New MintsLoader Drops GhostWeaver via Phishing & ClickFix Attack
A sophisticated new malware loader dubbed “MintsLoader” has emerged in the cybersecurity landscape, serving as a delivery mechanism for a previously undocumented backdoor called “GhostWeaver.” Security researchers have observed a significant spike in targeted attacks against financial institutions and healthcare…
New Subscription-Based Scams Attacking Users to Steal Credit Card Data
A sophisticated wave of subscription-based scams is sweeping across the internet, specifically designed to steal credit card information from unsuspecting users. These fraudulent operations have evolved beyond simple phishing attempts, now employing complex psychological tactics and convincing digital storefronts to…
New StealC V2 Expands to Include Microsoft Software Installer Packages and PowerShell Scripts
StealC, a popular information stealer and malware downloader that has been active since January 2023, has received a significant update with the introduction of version 2 (V2) in March 2025. This latest iteration brings substantial enhancements to the malware’s capabilities,…
New Report Warns of Ransomware Actors Building Organizational Structure For Complex Attacks
A new report by Coveware reveals a significant shift in the ransomware landscape, with threat actors evolving their organizational structures to execute increasingly complex attacks. As we approach the one-year anniversary of the collapse of prominent ransomware groups LockBit and…
New Stealthy NodeJS Backdoor Infects Users via CAPTCHA Verifications
A sophisticated malware campaign has emerged that deploys stealthy NodeJS backdoors through deceptive CAPTCHA verification screens, security researchers revealed today. This campaign represents a growing trend of threat actors exploiting seemingly legitimate security measures to distribute malicious code, targeting users…
Microsoft Exchange Online Flagging Gmail Emails as Spam – Fixes Issued
Microsoft has resolved a widespread issue with its Exchange Online service that caused legitimate emails from Gmail accounts to be incorrectly identified as spam and quarantined. The problem, which began on April 25, affected numerous organizations using Microsoft 365 and…