In recent months, a sophisticated campaign has emerged in which state-linked threat actors are leveraging fake job offers to ensnare unsuspecting job seekers and deliver advanced malware. These attackers craft convincing phishing emails that direct victims to look-alike career portals,…
Tag: Cyber Security News
SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices
SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and remove known rootkit malware. The advisory, SNWLID-2025-0015, published on September 22, 2025, strongly recommends that all users of SMA…
Tata-Owned Jaguar Land Rover Delays Factory Reopening Following Major Cyber Attack
Jaguar Land Rover (JLR), the United Kingdom’s largest automotive manufacturer, has announced an additional delay in resuming production at its factories following a significant cyber-attack that occurred earlier this month. The company has extended its current production pause until Wednesday,…
Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content
A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known as search engine optimization (SEO) poisoning. Palo Alto Networks uncovered the operation in March 2025,…
EV Charging Provider Confirm Data Breach – Customers Personal Data Exposed
Digital Charging Solutions GmbH (DCS), a leading provider of white-label charging services for automotive OEMs and fleet operators, has confirmed a data breach affecting a limited number of its customers. DCS disclosed that unauthorized access to personal data occurred in…
GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and Trusted Publishing
Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the npm ecosystem. “GitHub Enhances npm’s security with strict authentication, granular tokens, and trusted publishing” marks…
Hackers Abusing GitHub Notifications to Deliver Phishing Emails
In recent weeks, security researchers have uncovered an elaborate phishing campaign that leverages legitimate GitHub notification mechanisms to deliver malicious content. Victims receive seemingly authentic repository alerts, complete with real-looking commit messages and collaborator updates. Upon closer inspection, the notification…
European Airport Disruptions Caused by Sophisticated Ransomware Attack
Over the weekend, a sophisticated ransomware attack compromised Collins Aerospace’s Muse check-in and boarding systems, forcing key hubs including Heathrow, Brussels, and Berlin to return to manual processes. Airlines reported hundreds of delayed and cancelled flights as security teams raced…
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security…
22.2 Tbps DDoS Attack Breaks Internet With New World Record
Cloudflare announced it had autonomously mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for…
Top 10 Best Supply Chain Risk Management Solutions in 2025
In today’s rapidly evolving global market, supply chain risk management has become more crucial than ever before. Organizations face risks like geopolitical issues, market unpredictability, compliance challenges, supplier failures, and even cyber threats. To maintain resilience, companies must adopt robust…
Threat Actors Leverage Oracle Database Scheduler to Gain Access to Corporate Environments
In recent weeks, security researchers have observed a surge in attacks exploiting Oracle Database Scheduler’s External Jobs feature to gain a foothold in corporate environments. This technique abuses the scheduler’s ability to execute arbitrary commands on Windows-based database servers, allowing…
BlockBlasters Steam Game Downloads Malware to Computer Disguised as Patch
A seemingly innocent patch update for the popular 2D platformer game BlockBlasters has transformed into a sophisticated malware campaign, exposing hundreds of Steam users to data theft and system compromise. The malicious patch, deployed on August 30, 2025, demonstrates how…
Lucid PhaaS With 17,500 Phishing Domains Mimics 316 Brands From 74 Countries
The cybersecurity landscape faces a growing threat from sophisticated Phishing-as-a-Service (PhaaS) platforms that are democratizing cybercrime by lowering technical barriers for fraudsters worldwide. Among these emerging threats, the Lucid PhaaS platform has established itself as a formidable force in the…
Microsoft, SentinelOne, and Palo Alto Networks Withdraw from 2026 MITRE ATT&CK Evaluations
Three of the cybersecurity industry’s most prominent vendors, Microsoft, SentinelOne, and Palo Alto Networks, have announced they will not participate in the 2026 MITRE ATT&CK Evaluations. The coordinated withdrawal marks a significant shift in how leading security companies approach independent product validation,…
Kawa4096 Ransomware Attacking Multinational Organizations to Exfiltrate Sensitive Data
A sophisticated new ransomware group has emerged from the shadows, targeting multinational organizations across diverse sectors with precision and systematic approach. Kawa4096, first detected in June 2025, has rapidly established itself as a formidable threat to enterprises spanning finance, education,…
Subtle Snail Mimic as HR Representatives to Engage Employees and Steal Login Credentials
A sophisticated Iran-nexus espionage group known as Subtle Snail has emerged as a significant threat to European telecommunications, aerospace, and defense organizations through an elaborate recruitment-themed social engineering campaign. The group, also identified as UNC1549 and linked to the broader…
New Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evade Detection
Attackers increasingly exploit Microsoft Exchange inbox rules to maintain persistence and exfiltrate data within enterprise environments. A newly released tool, Inboxfuscation, leverages Unicode-based obfuscation to craft malicious inbox rules that slip past conventional security controls. Developed by Permiso, the Inboxfuscation…
Stellantis, the Maker of Citroën, FIAT, Jeep, and Other Cars, Confirms Data Breach
Automotive giant Stellantis, the parent company of major brands including Citroën, FIAT, Jeep, Chrysler, and Peugeot, has confirmed a data breach affecting its customers in North America. The company announced on Sunday that it detected unauthorized access to the platform…
Top 10 Best Autonomous Endpoint Management Tools in 2025
In 2025, organizations demand robust, intelligent solutions to manage, secure, and optimize their growing endpoint fleets. With cyber threats escalating and workforces becoming more distributed, the need for autonomous endpoint management tools has never been greater. These platforms automate device…