Tag: Cyber Security News

The Apache Software Foundation disclosed a significant security vulnerability in Apache Tomcat that could allow attackers to bypass security rules and trigger denial-of-service conditions through manipulated HTTP priority headers.  Identified as CVE-2025-31650, this high-severity vulnerability affects multiple Tomcat versions, posing…

Read more →

Kali Linux users worldwide are facing an imminent disruption as the security-focused distribution has announced that the update process will fail for virtually all users in the coming days. The issue arises from a change in the repository signing key,…

Read more →

Senior members of the World Uyghur Congress (WUC) living in exile became targets of a sophisticated spearphishing campaign delivering Windows-based surveillance malware. The attack utilized a trojanized version of UyghurEditPP, a legitimate open-source word processing tool developed to support the…

Read more →

The cybersecurity landscape is witnessing a significant shift as threat actors increasingly leverage Ransomware as a Service (RaaS) platforms enhanced by sophisticated Endpoint Detection and Response (EDR) killers. Despite successful law enforcement operations against established ransomware gangs like LockBit, new…

Read more →

In a significant shift observed during the first quarter of 2025, cybersecurity experts have documented a dramatic surge in phishing attacks, with threat actors increasingly using this vector to gain access to valid user accounts. According to recent incident response…

Read more →

A new Ransomware-as-a-Service (RaaS) group called RansomHub emerged in the cybercriminal ecosystem, specializing in targeting high-profile organizations through sophisticated attack vectors. The group advertises its criminal services on the Russian Anonymous Market Place (RAMP), a notorious Dark Web forum known…

Read more →

China claims that the United States conducted a targeted cyberattack against one of its leading commercial encryption providers.  A newly released report from China’s National Computer Network Emergency Response Technical Team (CNCERT) alleges that U.S. intelligence agencies used advanced hacking…

Read more →

A significant surge in sophisticated cyber threats has emerged across Asia, with NSFOCUS Fuying Laboratory identifying 19 distinct Advanced Persistent Threat (APT) attack activities in March 2025. These coordinated campaigns primarily targeted organizations in South Asia and East Asia, with…

Read more →

A critical security vulnerability in SEIKO EPSON printer drivers for Windows has been identified, allowing malicious actors to execute arbitrary code with SYSTEM-level privileges.  The vulnerability, tracked as CVE-2025-42598, was published by JPCERT/CC on April 28, 2025, and affects a…

Read more →

BreachForums, a notorious cybercrime marketplace and successor to RaidForums, has confirmed that its platform was the target of a sophisticated law enforcement operation exploiting a previously unknown vulnerability, commonly referred to as a “0-day”, in the MyBB forum software.  The…

Read more →

SAP released an emergency out-of-band patch addressing CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer with the highest possible CVSS score of 10.0.  This vulnerability stems from a missing authorization check in the Metadata Uploader component, allowing unauthenticated…

Read more →

As Microsoft continues to refine Windows 11, new leaks and technical insights indicate that the upcoming 25H2 update, slated for release in September or October 2025, will likely be a minor iteration.  Unlike the more substantial updates seen in previous…

Read more →

A sophisticated new red team tool called RedExt has recently been released, combining a Manifest V3 Chrome extension with a Flask-based Command and Control (C2) server to create a powerful framework for authorized security operations.  This innovative tool enables comprehensive…

Read more →

A massive power outage struck the Iberian Peninsula on April 28, 2025, plunging millions of people into darkness as electricity supplies were suddenly cut across Spain and Portugal. Sources from the electric sector suggest a cyberattack is the most likely…

Read more →

The dark web has rapidly become a central hub for cybercriminal activity, where stolen data, compromised credentials, and malicious tools are traded with alarming frequency. For Chief Information Security Officers (CISOs), this shadowy underworld poses a persistent and evolving threat…

Read more →

ESET, a global leader in cybersecurity solutions, has announced a significant enhancement to its ESET Endpoint Management Platform (ESET PROTECT), unveiling a seamless integration with Splunk, one of the world’s leading security information and event management (SIEM) platforms. This move…

Read more →

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has revealed unprecedented financial damages from cyber threats in 2024. According to the FBI’s annual report, victims reported a staggering $16.6 billion (approximately ₹1.38 lakh crore) in losses, marking a…

Read more →

In an era where cyber threats are growing in sophistication and frequency, Chief Information Security Officers (CISOs) face immense pressure to select cybersecurity vendors that address immediate technical needs and align with broader business objectives. The rapid evolution of threats,…

Read more →

Significant security flaws have been discovered in React Router, a widely-used routing library for React applications, potentially allowing attackers to corrupt content, poison caches, and manipulate pre-rendered data.  The vulnerabilities, which impact applications running in Framework mode with server-side rendering…

Read more →

A critical vulnerability in the FastCGI library could allow attackers to execute arbitrary code on embedded devices.  The flaw, tracked as CVE-2025-23016 with a CVSS score of 9.3, affects all FastCGI fcgi2 (aka fcgi) versions 2.x through 2.4.4 and poses…

Read more →