Tag: Cyber Security News

A sophisticated malware campaign has recently been uncovered by security researchers at Sucuri, targeting WordPress websites through hidden malware and backdoors in the mu-plugins directory. This attack chain allows remote execution of malicious code, enabling full server compromise, data theft,…

Read more →

A critical Insecure Direct Object Reference (IDOR) vulnerability was recently discovered in ExHub, a cloud-based platform for hulia-based development.  This flaw allowed attackers to modify web hosting configurations of any project without proper authorization, posing significant risks to affected systems. …

Read more →

Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during active phone calls.  This feature, currently live in the beta version, prevents enabling permissions like…

Read more →

The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users.  This breach highlights the critical need for robust security measures in government-operated digital…

Read more →

Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and…

Read more →

A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. The scam involves a malicious binary…

Read more →

Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. This technique exploits Windows registry redirection, making it challenging for standard tools to identify and remove these…

Read more →

In 2024, Meta, the parent company of Facebook, Instagram, and WhatsApp, continued its commitment to cybersecurity by awarding over $2.3 million through its bug bounty program.  This initiative, which began in 2011, has now surpassed $20 million in total payouts,…

Read more →

In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an all-in-one lab environment, PurpleLab equips analysts with tools to enhance…

Read more →

In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks.  This campaign, observed since August 2024, targets governments, NGOs, IT services, defense, telecommunications, health, education, and…

Read more →

Linus Torvalds has released Linux Kernel 6.14-rc3, the latest release candidate for the upcoming Linux 6.14 stable version. Paolo Bonzini, the maintainer of the Kernel-based Virtual Machine (KVM), has also submitted a series of fixes for the Linux Kernel 6.14-rc3,…

Read more →

In a significant update, Google has announced that its AI-powered security feature is now available to every Chrome user globally. This development marks a pivotal step in enhancing online safety through advanced machine learning techniques. The new security enhancement leverages…

Read more →

Welcome to this week’s Cybersecurity Newsletter, where we bring you the latest updates and key insights from the ever-changing world of cybersecurity. In today’s fast-paced digital environment, staying informed is crucial. Our goal is to provide you with relevant information…

Read more →

A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by…

Read more →

Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. While the malware appears to still be under development, it is already fully functional and capable of executing various malicious…

Read more →

A recently discovered Python script has been flagged as a potential cybersecurity threat due to its use of a clever anti-analysis trick.  This script, which has a low detection rate on VirusTotal (4/59), uses the tkinter library to create a…

Read more →

A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. The vulnerability discovered by two web development experts arises from the website’s…

Read more →

The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware, designed to steal sensitive information from developers’ systems. The attack…

Read more →

Job seekers have become the target of a sophisticated ransomware campaign in a recent cybersecurity threat, and this campaign dubbed as “XELERA.” This campaign uses fake job offers from the Food Corporation of India (FCI) to lure victims into opening…

Read more →

The notorious Lazarus Group in a recent escalation of cyber threats linked to North Korea, has unveiled a sophisticated new tactic to target developers worldwide. This campaign, dubbed “Operation Marstech Mayhem,” involves the deployment of an advanced malware implant known…

Read more →