Adidas Korea has announced a security breach affecting customer data, marking the second major incident in the fashion industry targeting Korean consumers this month. The sportswear giant revealed that unauthorized access was gained through a third-party customer service provider, compromising…
Tag: Cyber Security News
Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO
A sophisticated malware campaign leveraging search engine optimization (SEO) poisoning on Microsoft Bing has emerged, delivering the notorious Bumblebee malware to unsuspecting users. The campaign, identified in May 2025, specifically targets users searching for specialized software tools, demonstrating a concerning…
Tor Browser 14.5.2 Released With Bug Fixes & New Capabilities
The Tor Project has announced the release of Tor Browser 14.5.2, available since May 18, 2025. This latest version delivers important security updates to Firefox and addresses several bugs, continuing the organization’s commitment to providing robust privacy protection for users…
Malicious npm Package in Koishi Chatbots Silently Exfiltrate Sensitive Data in Real Time
Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting Koishi chatbot users through a malicious npm package. The package, identified as “koishi-plugin-pinhaofa,” appears innocuous but contains a hidden data exfiltration mechanism that monitors all messages processed by the chatbot.…
O2 VoLTE Vulnerability Exposes Location of Any Customer With a Phone Call
A severe privacy vulnerability in O2 UK’s Voice over LTE (VoLTE) implementation has allowed any caller to track the physical location of O2 customers without their knowledge or consent. The flaw leaked detailed location metadata and device identifiers during normal…
Telecommunications Companies in Spain Experiencing Downtime
Major telecommunications networks across Spain have gone down early on Tuesday, May 20, 2025, following a network update by Spanish telecommunications giant Telefónica. The outage has affected fixed-line infrastructure and mobile services nationwide, with particularly severe disruptions reported in Madrid,…
Intruder vs. Pentest Tools vs. Attaxion: Selecting The Right Security Tool
While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these…
Microsoft Releases Emergency Fix for BitLocker Recovery Issue
Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after…
Tycoon2FA Linked Phishing Attack Targeting Microsoft 365 Users to Steal Logins
A sophisticated phishing campaign linked to Tycoon2FA is actively targeting Microsoft 365 users by employing an unusual URL manipulation technique. The attack leverages malformed URL prefixes with backslash characters (https:\$$ instead of the standard forward slashes (https://) to bypass security…
W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials
A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its…
CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose…
Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes
Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution. The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding…
Accenture Files Leaked – New Investigation Exposed Dark Side of Accenture Projects Controlling Billion of Users Data
A secrete investigation by Progressive International, Expose Accenture, and the Movement Research Unit, dubbed the “Accenture Files,” has unveiled the pivotal role of Accenture, the world’s largest consultancy firm, in fueling a global surge toward surveillance, exclusion, and authoritarianism. The…
New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details
A sophisticated phishing campaign exploiting the popularity of Zoom meetings has emerged, targeting corporate users with fake meeting invitations that appear to come from colleagues. The attack uses social engineering tactics to create a sense of urgency, prompting victims to…
Malware Evasion Techniques – What Defenders Need to Know
In 2025, cybercriminals are raising the stakes by deploying sophisticated malware that bypasses traditional security measures, using advanced malware evasion techniques. Recent data shows that over 2,500 ransomware attacks were reported in just the first half of 2024, averaging more…
Chinese APT Hackers Attacking Orgs via Korplug Loaders and Malicious USB Drives
In a concerning development for cybersecurity professionals worldwide, a sophisticated Chinese advanced persistent threat (APT) group known as Mustang Panda has intensified its espionage campaigns across Europe, primarily targeting governmental institutions and maritime transportation companies. The group has been leveraging…
New Hannibal Stealer With Stealth & Obfuscation Evades Detection
A sophisticated new variant of information-stealing malware has been identified in the wild, representing an evolution of the previously documented Sharp Stealer. The Hannibal Stealer, as researchers have dubbed it, demonstrates advanced evasion capabilities and comprehensive data theft functionality, presenting…
Protecting Against Info-Stealers – A Practical Resource
Recent cybersecurity reports reveal a significant rise in infostealer malware attacks, with these stealthy threats now accounting for nearly a quarter of all cyber incidents, highlighting the importance of protecting against infostealers. As organizations struggle to defend against this growing…
ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats
A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented…
Cybercrime-as-a-Service – Countering Accessible Hacking Tools
In today’s digital landscape, cybercrime has undergone a dramatic transformation. No longer limited to skilled hackers, cyberattacks are now available to anyone with internet access and cryptocurrency, thanks to the rise of Cybercrime-as-a-Service (CaaS). This model has democratized cybercrime, creating…