Multiple security vulnerabilities affecting Sophos firewall products, with two enabling pre-authentication remote code execution that could allow attackers to compromise systems without valid credentials. The vulnerabilities, tracked as CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, and CVE-2024-13973, impact various configurations of Sophos Firewall…
Tag: Cyber Security News
New DCHSpy Android Malware Steals WhatsApp Data, Call Logs, Record Audio and Take Photos
A sophisticated new variant of DCHSpy Android surveillanceware, deployed by the Iranian cyber espionage group MuddyWater just one week after escalating tensions in the Israel-Iran conflict. This malicious tool represents a significant evolution in mobile surveillance capabilities, targeting sensitive communications…
UK Sanctions Russian APT 28 Hackers for Attacking Microsoft Cloud Service Login Details
The UK Government has imposed sanctions on Russian military intelligence units and 18 individuals following the exposure of a sophisticated cyber espionage campaign targeting Microsoft cloud services. The National Cyber Security Centre (NCSC) revealed that the Russian Advanced Persistent Threat…
Cisco Warns of Identity Services Engine RCE Vulnerability Exploited in the Wild
Cisco Systems has issued a critical security advisory warning of multiple remote code execution vulnerabilities in its Identity Services Engine (ISE) that are being actively exploited by attackers in the wild. The vulnerabilities, carrying the maximum CVSS severity score of…
Threat Actors Combine Android Malware With Click Fraud Apps to Steal Login Credentials
A fresh wave of malicious Android Package Kit (APK) files is weaving together two of cybercrime’s most reliable revenue streams—click-fraud advertising and credential theft—into a single, adaptable threat that has begun circulating across Southeast Asia, Latin America, and parts of…
ExpressVPN Windows Client Vulnerability Exposes Users Real IP Addresses With RDP Connection
A critical security vulnerability in ExpressVPN Windows desktop application that could expose users’ real IP addresses when using Remote Desktop Protocol (RDP) connections. The flaw, discovered through the company’s bug bounty program, affected specific versions of the Windows client and…
Wireshark 4.4.8 Released With Bug Fixes and Updated Protocol Support
Wireshark Foundation has announced the availability of Wireshark 4.4.8, the latest maintenance release of the world’s most widely used network-protocol analyzer. Although the update does not introduce brand-new protocols, it delivers a focused package of stability improvements, expanded dissector capabilities,…
GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments
A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u…
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day
Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft confirmed over the weekend that threat actors are actively exploiting two zero-day vulnerabilities in on-premises SharePoint servers,…
Dior, a Louis Vuitton Brand, Alerts Customers Following Cyber Attack
Christian Dior Couture, the luxury fashion house owned by Louis Vuitton, has begun notifying customers of a major cybersecurity incident that exposed sensitive personal information of clients. The breach, discovered in May 2025, involved unauthorized access to customer databases containing…
Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT
A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics,…
DeerStealer Malware Delivered Via Weaponized .LNK Using LOLBin Tools
A sophisticated new phishing campaign has emerged, delivering the DeerStealer malware through weaponized .LNK shortcut files that exploit legitimate Windows binaries in a technique known as “Living off the Land” (LOLBin). The malware masquerades as a legitimate PDF document named…
Developers Beware of npm Phishing Email That Steal Your Login Credentials
A sophisticated phishing campaign has emerged targeting Node.js developers through a meticulously crafted attack that impersonates the official npm package registry. The malicious operation utilizes the typosquatted domain npnjs.com, substituting the letter “m” with “n” to create a nearly identical…
Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens
A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate…
Threat Actors Leverage Zoho WorkDrive Folder to Deliver Obfuscated PureRAT Malware
Cybercriminals have escalated their attack sophistication by utilizing legitimate cloud storage services to distribute advanced malware, as demonstrated in a recent campaign targeting a certified public accounting firm in the United States. The attack, discovered in May 2025, showcases how…
NailaoLocker Ransomware Attacking Windows Systems Using Chinese SM2 Cryptographic Standard
FortiGuard Labs has discovered a sophisticated new ransomware strain called NailaoLocker that represents a significant departure from conventional encryption malware. This Windows-targeting threat introduces the first documented use of China’s SM2 cryptographic standard in ransomware operations, marking a notable shift…
Weak Password Let Ransomware Gang Destroy 158-Year-Old Company
A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses. One password is believed to have been all it took for a ransomware gang to…
Microsoft’s AppLocker Flaw Allows Malicious Apps to Run and Bypass Restrictions
A critical configuration flaw in Microsoft’s AppLocker block list policy has been discovered, revealing how attackers could potentially bypass security restrictions through a subtle versioning error. The issue centers on an incorrect MaximumFileVersion value that creates an exploitable gap in…
Surveillance Company Using SS7 Bypass Attack to Track the User’s Location Information
A surveillance company has been detected exploiting a sophisticated SS7 bypass technique to track mobile phone users’ locations. The attack leverages previously unknown vulnerabilities in the TCAP (Transaction Capabilities Application Part) layer of SS7 networks to circumvent security protections implemented…
CISA Warns of Microsoft SharePoint Server 0-Day RCE Vulnerability Exploited in Wild
CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-53770, poses a significant security risk to…