Tag: Cyber Security News

Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems.  The patch comes shortly after Google…

Read more →

A sophisticated new phishing platform named Lucid has emerged as a significant cybersecurity threat, targeting 169 entities across 88 countries globally. Developed by Chinese-speaking threat actors, this Phishing-as-a-Service (PhAAS) platform operates through 129 active instances and over 1,000 registered domains.…

Read more →

The Tor Project has issued an emergency update for Windows users on March 27, 2025, releasing Tor Browser 14.0.8 with critical security patches.  This Windows-only release addresses “very urgent” security vulnerabilities in Firefox, the browser framework underpinning Tor Browser, and…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, affects the Chromium-based browsers on Windows systems…

Read more →

The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group. The attack, which security researchers trace to an infostealer infection from September 2024, has reportedly compromised over 403,000 customer accounts and granted…

Read more →

Organizations are facing an unbelievable surge in cloud-based security threats, with attacks nearly five times more frequent at the end of 2024 compared to the beginning of the year. Most concerning is the targeted attack on Identity and Access Management…

Read more →

A new botnet named “GorillaBot,” has orchestrated over 300,000 attack commands across more than 100 countries within a span of just three weeks. Built on the infamous Mirai botnet framework, GorillaBot represents a sophisticated malware evolution. It leverages advanced encryption…

Read more →

A recent security update for Windows Server 2025, released on February 11, 2025 (KB5051987), has caused a significant issue for users relying on Remote Desktop Protocol (RDP). The update, part of Microsoft’s February Patch Tuesday, has led to RDP sessions…

Read more →

Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). Users have reported unexpected disconnections, particularly after the release of the March 2025…

Read more →

Online marketplaces have become increasingly popular in developing countries since 2015, providing platforms for trading various goods from used electronics to brand-new items. This digitalization trend, however, has created fertile ground for sophisticated scam operations. Among these, Classiscam has emerged…

Read more →

A sophisticated technique was recently detected by researchers where attackers abuse Component Object Model (COM) objects to execute fileless malware for lateral movement across networks. This technique, detailed in research from March 2025, leverages legitimate Windows functionality to establish persistence…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.  The vulnerabilities, CVE-2019-9874 and CVE-2019-9875, both affect the Sitecore.Security.AntiCSRF…

Read more →

In a significant cybersecurity incident, approximately 9,000 sensitive court documents have been illegally downloaded from the NSW Online Registry Website (ORW), which authorities are calling a “major data breach.”  The attack has triggered an immediate investigation by the NSW Police…

Read more →

A moderate-severity vulnerability has been identified in Synology Mail Server. It allows remote authenticated attackers to read and write non-sensitive settings and disable certain non-critical functions.  The security flaw, tracked as CVE-2025-2848, affects multiple versions of the popular mail server software and…

Read more →

Credential stuffing has emerged as one of the most pervasive and effective attack vectors in today’s cybersecurity landscape. This technique, which leverages stolen username and password combinations across multiple platforms, has been significantly enhanced through a sophisticated automation tool called…

Read more →

Dark web carding marketplace B1ack’s Stash has announced the release of 4 million stolen credit card details at no cost to cybercriminals. This massive data leak, publicized on February 19, 2025, represents one of the largest freely distributed caches of…

Read more →

A proof-of-concept (PoC) exploit for a critical remote code execution vulnerability in Kubernetes Ingress-NGINX controllers, tracked as CVE-2025-1974.  The vulnerability uncovered by WiZ affects the validation webhook component and could allow attackers to execute arbitrary code on affected systems, potentially…

Read more →

Cybersecurity researchers have uncovered a sophisticated attack campaign leveraging a fraudulent website that impersonates the Indian Post Office to deliver malware to both Windows and Android users. The fake website, hosted at postindia[.]site, employs device detection techniques to serve tailored…

Read more →

A significant vulnerability in GitHub’s CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories.  The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts that created a small but…

Read more →

A sophisticated Linux-based backdoor dubbed “OrpaCrab” has emerged as a significant threat to operational technology (OT) systems, particularly those managing gas station infrastructure. Security researchers discovered the malware after it was uploaded to VirusTotal in January 2024 from the United…

Read more →

OpenAI has dramatically increased its maximum bug bounty reward to $100,000 for exceptional critical security vulnerabilities, up from the previous cap of $20,000.  This fivefold increase highlights the AI leader’s growing emphasis on cybersecurity as its models advance toward artificial…

Read more →

A critical security vulnerability has been identified in the widely used Exim mail transfer agent (MTA), potentially allowing attackers with command-line access to escalate privileges on affected systems.  The vulnerability, tracked as CVE-2025-30232, affects Exim versions 4.96 through 4.98.1 and…

Read more →

Irish and Spanish law enforcement authorities have successfully apprehended 12 members of a high-risk criminal network in a coordinated operation spanning both countries.  The arrests, announced on March 26, 2025, included six suspects in Ireland and six in Spain, all…

Read more →

Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. The vulnerability…

Read more →

Critical security vulnerabilities have been identified in industrial camera systems widely deployed across Japanese manufacturing facilities, allowing malicious actors to remotely access live footage and disrupt essential production monitoring. These flaws, present in the Inaba Denki Sangyo Co., Ltd. IB-MCT001…

Read more →

A sophisticated new malware strain dubbed SectopRAT has emerged, leveraging Cloudflare’s Turnstile challenge system as part of its attack methodology. This Remote Access Trojan specifically targets Windows users through a multi-staged infection process that begins with seemingly legitimate CAPTCHA verification…

Read more →

A sophisticated phishing campaign dubbed the “Clickflix Technique” has emerged targeting YouTube content creators through seemingly legitimate brand collaboration requests. This new attack vector exploits creators’ eagerness to secure sponsorship deals by disguising malware payloads as partnership documentation. Cybercriminals initiate…

Read more →

March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back.…

Read more →

In a startling revelation, a new report indicates that three out of four enterprise users are uploading data to generative AI (genAI) applications, including sensitive information such as passwords and keys. This alarming trend highlights the growing risks associated with…

Read more →

The NPM package repository remains active, and despite a decline in malware numbers between 2023 and 2024, this year’s numbers don’t seem to continue that downward trend. Recently, security researchers discovered two intriguing packages ethers-provider2 and ethers-providerz, which employed sophisticated…

Read more →

A critical issue affecting Windows 11 24H2 users has emerged, disrupting the connection between Veeam Recovery Media and backup servers.  The problem, linked to Microsoft’s February update (KB5051987), is preventing organizations from performing data recovery operations, potentially compromising business continuity…

Read more →

A sophisticated cyberattack campaign attributed to the North Korean Advanced Persistent Threat (APT) group Kimsuky has been observed utilizing new tactics and malicious scripts. The attack revolves around a ZIP file containing multiple components designed to steal sensitive information from…

Read more →

CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks. This discovery was made possible by their groundbreaking OmniSec vCISO platform, the first GenAI-powered autonomous security and compliance agent. During the implementation of OmniSec, CYFOX…

Read more →

In mid-March 2025, cybersecurity researchers uncovered “Operation ForumTroll,” targeting Russian media outlets and educational institutions. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy…

Read more →

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures.  Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927,…

Read more →

Researchers have discovered a major security vulnerability affecting multiple gaming laptop models using Clevo hardware.  Boot Guard private keys were found exposed within firmware update packages, potentially allowing attackers to bypass critical security protections in affected devices. Researchers at Binary…

Read more →

Raspberry Robin, a complex and evolving malware threat, has been operating since 2019, initially spreading through infected USB drives at print and copy shops. This sophisticated malware has transformed from a simple worm into a full-fledged initial access broker (IAB)…

Read more →

A credential rotation error led to widespread service disruptions across multiple Cloudflare products on March 21, 2025, affecting customers globally for over an hour.  The company disclosed that 100% of write operations and approximately 35% of read operations to their…

Read more →

A high-severity security vulnerability discovered in NetApp SnapCenter could allow authenticated users to gain administrative privileges on remote systems, posing significant risks to organizational data and infrastructure security.  Security researchers have identified this vulnerability, CVE-2025-26512, which carries a critical CVSS…

Read more →

Google’s Chrome browser installation process has been disrupted by a significant technical error affecting Windows users worldwide.  Users attempting to install Chrome on Intel or AMD-based Windows 10 and 11 systems are encountering an error message stating “This app can’t…

Read more →

Multiple internet service providers worldwide are reporting widespread disruptions as DrayTek routers enter continuous reboot loops, affecting businesses and consumers alike.  Security intelligence firm GreyNoise has identified the active exploitation of several DrayTek vulnerabilities, which could be linked to these…

Read more →

A newly identified malware strain dubbed “IOCONTROL” has emerged as a critical threat to operational technology (OT) and Internet of Things (IoT) systems, particularly targeting fuel-management infrastructure in the United States and Israel. First observed in December 2024, this Linux-based…

Read more →

A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.  This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo.  These vulnerabilities, with CVSS v4 scores ranging from 5.1…

Read more →

Security researchers have uncovered multiple critical vulnerabilities in Appsmith, a popular open-source developer platform for building internal applications.  Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20…

Read more →

Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.  The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through…

Read more →

A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC). The vulnerability, CVE-2025-26633, allows attackers to bypass security features and execute malicious code on targeted systems. Trend Research identified the Russian hacking…

Read more →

VMware addressed a significant authentication bypass vulnerability in its VMware Tools for Windows suite. The vulnerability, CVE-2025-22230, could allow malicious actors with non-administrative privileges on a Windows guest virtual machine to perform high-privilege operations within that VM. VMware has classified…

Read more →

Mobile banking malware has seen an alarming surge in 2024, with nearly 248,000 users encountering these dangerous threats—a staggering 3.6 times increase compared to the 69,000 users affected in 2023. This dramatic uptick, particularly pronounced in the second half of…

Read more →

Microsoft has announced a significant expansion of its AI-powered security capabilities, introducing autonomous security agents and enhanced protections for artificial intelligence systems.  The new offerings aim to address the exponential growth in cyberattacks, which now include more than 30 billion…

Read more →

Cybersecurity researchers have unveiled a new autonomous penetration testing agent that leverages large language models (LLMs) to execute commands on real Linux shell systems. ARACNE, as the agent is called, represents a significant advancement in automated security testing, demonstrating the…

Read more →

Security Onion 2.4.140 has been officially released, featuring significant upgrades to core components including Suricata 7.0.9, Zeek 7.0.6, and a host of improvements to the Security Operations Center (SOC) configuration interface.  This release focuses on enhancing security, fixing bugs, and…

Read more →

In recent years, malware authors have increasingly turned to emerging programming languages like Rust, Nim, and Go for their nefarious creations. This shift represents a tactical evolution as threat actors seek to bypass modern security solutions and complicate reverse engineering…

Read more →

Microsoft has unveiled significant new data protection capabilities for its Edge for Business browser, specifically targeting the challenges posed by Bring Your Own Device (BYOD) environments and the growing integration of AI in daily workflows.  Announced on March 24, 2025,…

Read more →

SnakeKeylogger has emerged as a sophisticated credential-stealing malware, targeting both individuals and organizations with its multi-stage infection chain and stealthy in-memory execution techniques. This malware is specifically designed to harvest sensitive login credentials while remaining undetected by traditional security measures,…

Read more →

In the ever-evolving landscape of cyber threats, security professionals need robust tools to analyze malicious software safely. CAPE (Config And Payload Extraction) has emerged as a powerful malware sandbox derived from Cuckoo v1, offering advanced capabilities for executing and analyzing…

Read more →

As of March 2025, the National Institute of Standards and Technology (NIST) continues to face mounting challenges in processing the ever-growing backlog of Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD).  Despite previous efforts to clear the…

Read more →

Cybercriminals have developed sophisticated malware campaigns targeting Android users by exploiting .NET MAUI, a cross-platform development framework, to evade traditional security measures. These threats disguise themselves as legitimate banking and social networking applications to harvest sensitive information from unsuspecting users.…

Read more →

The Federal Bureau of Investigation’s Denver Field Office has issued an urgent alert regarding a sophisticated cybersecurity threat that has been increasingly targeting individuals and organizations across the United States.  Threat actors are now deploying malicious software disguised as free…

Read more →

The best Managed Detection and Response (MDR) solutions are designed to enhance an organization’s cybersecurity posture by providing comprehensive threat detection and response capabilities. These solutions typically combine advanced technologies with expert security teams to monitor and respond to threats…

Read more →

Linus Torvalds has officially announced the release of Linux kernel 6.14, the latest stable version of the open-source operating system kernel.  Originally expected on Sunday, the release was pushed to Monday due to what Torvalds humorously described as “pure incompetence.” …

Read more →

A sophisticated new phishing campaign has emerged targeting the gaming community, specifically Counter-Strike 2 players, using an advanced technique known as Browser-in-the-Browser (BitB). This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam…

Read more →

Researchers have uncovered a series of critical security vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively dubbed “IngressNightmare.”  These flaws could allow unauthenticated attackers to execute remote code and gain complete control over vulnerable Kubernetes clusters. Ingress NGINX Remote…

Read more →

A sophisticated malware strain dubbed “Rilide” has emerged as a significant threat to Chrome and Edge browser users, operating as a deceptive browser extension designed to harvest login credentials. Security researchers have discovered this malware in active campaigns targeting corporate…

Read more →

A sophisticated malware campaign targeting software developers has emerged, leveraging fake coding challenges to infiltrate systems with a stealthy backdoor dubbed FogDoor. First identified in March 2025, this threat specifically targets Polish-speaking developers and job seekers through socially engineered GitHub…

Read more →

A sophisticated phishing campaign targeting Google account credentials through fake Semrush advertisements has emerged, posing a significant threat to digital marketers and SEO professionals. Cybercriminals have deployed numerous malicious advertisements that appear legitimate in Google search results, leveraging Semrush’s growing…

Read more →

A groundbreaking security tool has emerged in the ongoing battle against sophisticated Linux malware. A new Rust-based kernel module designed specifically for detecting rootkits has been released, offering enhanced capabilities to identify these particularly elusive threats. The module represents a…

Read more →

A novel attack vector combining browser cache exploitation and DLL proxying has emerged as a significant threat to organizations using Microsoft Teams and OneDrive. Dubbed Browser Cache Smuggling, this technique allows attackers to bypass traditional security defenses by leveraging browsers’ caching…

Read more →

INTERPOL led a multi-national law enforcement operation dubbed “Operation Red Card,” which has resulted in the arrest of over 300 suspected cyber criminals.  Operation Red Card, conducted from November 2024 to February 2025, targeted cross-border criminal syndicates responsible for mobile…

Read more →

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting…

Read more →

Cloudflare has launched AI Labyrinth, an innovative tool designed to combat unauthorized web-scraping bots by redirecting them into an endless maze of AI-generated content.  Introduced on March 19, 2025, this free, opt-in feature marks a significant shift in bot mitigation…

Read more →

A critical vulnerability in WP Ghost, a popular WordPress security plugin with over 200,000 active installations.  The high-severity flaw, tracked as CVE-2025-26909 with a CVSS score of 9.6, allows unauthenticated attackers to exploit a Local File Inclusion (LFI) vulnerability that…

Read more →

A critical vulnerability in GamiPress, a popular WordPress plugin used for gamification and rewards systems on websites.  The high-impact flaw, categorized as CVE-2024-13496 with a CVSS 3.1 score of 7.5, allowed unauthenticated attackers to inject malicious SQL queries that could…

Read more →

The Federal Communications Commission (FCC) has launched a sweeping investigation into nine Chinese technology and telecommunications companies that were previously placed on its Covered List, aiming to determine if these firms are evading U.S. restrictions.  FCC Chairman Brendan Carr announced…

Read more →

Clio has emerged as a revolutionary real-time logging solution developed by cybersecurity engineers at CyberLock Technologies in the evolving landscape of cybersecurity tools. Launched in January 2025, this sophisticated tool addresses critical gaps in traditional logging frameworks by providing comprehensive…

Read more →

Google has confirmed a critical security flaw in Chrome that affects billions of users across Windows, Mac, Linux, and Android platforms.  The vulnerability, which could allow attackers to execute arbitrary code through specially crafted web pages, prompted an urgent update…

Read more →

Memory corruption vulnerabilities remain a persistent threat to software systems, particularly those built using low-level languages like C/C++. These vulnerabilities can lead to devastating attacks, allowing malicious actors to execute arbitrary code or manipulate critical program data. Traditional protection mechanisms…

Read more →

The fitness technology landscape has undergone a dramatic transformation. Millions of weight machines worldwide now connect to the internet through standardized API endpoints, creating an unprecedented ecosystem of smart fitness equipment.  Industry analysts project this market will exceed $8 billion…

Read more →

A lone cybercriminal masquerading as a hacker group has been unmasked as the entity behind more than 90 data breaches worldwide over a four-year period. The individual, who operated under four distinct aliases, ALTDOS, DESORDEN, GHOSTR, and Omid16B targeted companies…

Read more →

A sophisticated threat actor dubbed “Weaver Ant,” Web Shell Whisperer has emerged from China, deploying advanced web shell payloads across critical infrastructure sectors worldwide. This persistent campaign, active since late 2024, targets vulnerable web applications and content management systems in…

Read more →

A critical security vulnerability (CVE-2025-29927) has been discovered in Next.js that allows attackers to completely bypass middleware-based security controls by manipulating the x-middleware-subrequest header.  This critical flaw affects authentication flows, authorization controls, path rewriting, and security header implementations across multiple…

Read more →

Cloudflare has unveiled a clientless, browser-based Remote Desktop Protocol (RDP) solution, expanding its Zero Trust Network Access (ZTNA) capabilities for secure Windows server access. This new offering, which follows the October 2024 release of short-lived SSH access, eliminates the need…

Read more →

Baidu, China’s leading search engine giant, has firmly denied allegations of an internal data breach after a controversial incident involving a senior executive’s teenage daughter.  The company got involved in a data security incident, which prompted significant concerns about personal…

Read more →

A sophisticated new information stealer dubbed SvcStealer 2025 has emerged, targeting sensitive user data through spear phishing email attachments. First observed in late January 2025, this malware harvests extensive personal and financial information from infected systems, including machine data, installed…

Read more →

North Korean leader Kim Jong Un has ordered the establishment of a new cyber warfare research center, codenamed “Research Center 227,” under the military’s Reconnaissance General Bureau (RGB). This move, confirmed in late February 2025, signals a significant escalation in…

Read more →

A new and rapidly evolving ransomware-as-a-service (RaaS) operation called VanHelsingRaaS has emerged in the cybercrime landscape. Launched on March 7, 2025, this sophisticated threat has already claimed three victims in less than two weeks, demanding ransoms of $500,000 paid to…

Read more →

At present, many computers are connected via numerous networks. Monitoring all traffic and having something to filter out good and harmful traffic is critical, and we achieve this with an application or service known as a firewall. Early firewalls were…

Read more →

Endpoint Detection and Response (EDR) solutions have become crucial for organizations to protect their devices and data from cyber threats. As of 2025, several top EDR solutions stand out in the market. CrowdStrike Falcon Insight XDR is widely recognized for…

Read more →

A threat actor named “rose87168” claimed to have stolen six million records from Oracle Cloud servers. The stolen data reportedly includes Java Key Store (JKS) files, encrypted Single Sign-On (SSO) passwords, hashed Lightweight Directory Access Protocol (LDAP) passwords, key files,…

Read more →

A surge of ransomware attacks leveraging critical VMware virtualization vulnerabilities has triggered global alerts. Threat actors exploit flaws in ESXi, Workstation, and Fusion products to paralyze enterprise infrastructures. The vulnerabilities CVE-2025-22224 (CVSS 9.3), CVE-2025-22225 (CVSS 8.2), and CVE-2025-22226 (CVSS 7.1)…

Read more →

A Russian exploit brokerage firm, Operation Zero, has publicly announced bounties of up to $4 million for zero-day vulnerabilities in Telegram, signaling heightened state-sponsored interest in compromising the popular messaging app. The company, which exclusively serves the Russian government and…

Read more →

A growing attack trend since the second half of 2024 involves threat actors using fake CAPTCHA challenges to trick users into executing malicious PowerShell commands and infecting their systems with dangerous malware. These sophisticated social engineering tactics leverage users’ familiarity…

Read more →

Cybersecurity experts have identified a sophisticated new backdoor tool developed by the notorious financial cybercrime group FIN7. The Python-based malware, dubbed “Anubis Backdoor,” represents an evolution in the group’s tactics, techniques, and procedures (TTPs) that have historically caused billions in…

Read more →

A series of critical vulnerabilities discovered in JumpServer, an open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has raised significant security concerns. JumpServer serves as a bastion host to internal networks, offering a centralized point for accessing internal resources…

Read more →

Recent revelations about a critical vulnerability affecting macOS systems have raised significant concerns among cybersecurity professionals and users alike. The flaw, which potentially exposes sensitive system passwords, has been thoroughly analyzed and documented in a newly released report. This vulnerability…

Read more →

A remote code execution (RCE) vulnerability in Veeam Backup & Replication could allow any domain user to compromise backup servers with SYSTEM-level privileges.  The findings, assigned CVE-2025-23120, affect Veeam Backup & Replication 12.3.0.310 and all earlier version 12 builds, demonstrating how blacklist-based…

Read more →

Over 150 government database servers normally hidden behind layers of security are now directly exposed to the Internet, leaving Americans’ data vulnerable to cyberattacks.  A groundbreaking open-source investigation has revealed what experts describe as “one of history’s largest exposures of…

Read more →

A dangerous new phishing campaign targeting businesses that use Meta platforms for advertising has been discovered. The scam begins with users receiving an urgent email claiming “YOUR ADS ARE TEMPORARILY SUSPENDED” due to alleged violations of Instagram’s Advertising Policies and…

Read more →

Threat actors actively exploit a critical vulnerability in Apache Tomcat, tracked as CVE-2025-24813, which could enable unauthorized remote code execution (RCE) on vulnerable servers.  The vulnerability, first disclosed on March 10, 2025, has already seen exploitation attempts beginning just 30…

Read more →

A new cross-platform threat has emerged in the ransomware landscape as researchers uncover new versions of Albabat ransomware targeting Windows, Linux, and macOS systems simultaneously. The ransomware operators have implemented a sophisticated approach to manage their operations through GitHub repositories,…

Read more →