Tag: Cyber Security News

A new family of malware has been discovered that leverages Microsoft Outlook as a communication channel via the Microsoft Graph API. This sophisticated malware includes a custom loader and backdoor, known as PATHLOADER and FINALDRAFT, respectively. The malware is part…

Read more →

Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from…

Read more →

Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts. …

Read more →

Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.  This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected…

Read more →

Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships.  Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the…

Read more →

Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server…

Read more →

Microsoft Threat Intelligence has exposed a subgroup within the Russian state actor Seashell Blizzard, known as the “BadPilot campaign.” This subgroup has been conducting a multiyear operation to compromise Internet-facing infrastructure globally, expanding Seashell Blizzard’s reach beyond Eastern Europe. The…

Read more →

CrowdStrike has disclosed a high-severity vulnerability in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability, identified as CVE-2025-1146, originates from a validation logic error in the Transport Layer Security (TLS) connection routine. This…

Read more →

A massive 2.7 billion records containing sensitive user data, including Wi-Fi network names, passwords, IP addresses, and device identifiers, were exposed in a massive IoT security breach linked to Mars Hydro, a China-based grow light manufacturer, and LG-LED SOLUTIONS LIMITED,…

Read more →

Google has rolled out an urgent security update for Chrome, addressing four high-severity vulnerabilities that could allow attackers to execute malicious code or compromise user data. The update, Chrome version 133.0.6943.98/.99 for Windows/Mac and 133.0.6943.98 for Linux, targets critical flaws…

Read more →

Palo Alto Networks has disclosed a critical vulnerability (CVE-2025-010) in its PAN-OS software that could allow attackers to bypass authentication on the management web interface. This flaw, which has been assigned a CVSS Base Score of 8.8, poses a significant…

Read more →

An Advanced Persistent Threat (APT) is a sophisticated and stealthy cyberattack designed to gain unauthorized, long-term access to a target’s network. These attacks are meticulously planned and executed by highly skilled threat actors, often state-sponsored groups or organized crime syndicates,…

Read more →

A significant threat has emerged in the form of the ZeroLogon ransomware exploit. This exploit targets a critical vulnerability in Microsoft’s Active Directory, specifically affecting domain controllers. The vulnerability, known as CVE-2020-1472, allows attackers to gain unauthorized access to domain…

Read more →

Researchers found a significant software supply chain vulnerability, which resulted in an outstanding $50,500 bounty from a major corporation’s bug bounty program. The duo’s success highlights the growing importance of securing the software supply chain and the risks posed by…

Read more →

A critical vulnerability in YouTube’s infrastructure allowed attackers to expose the email addresses tied to anonymous channels by combining flaws in Google’s account management system and an outdated Pixel Recorder API. The exploit chain, discovered by security researchers Brutecat and…

Read more →

zkLend, a prominent decentralized finance (DeFi) protocol built on Ethereum’s Layer-2 zk-rollup technology, has fallen victim to a major security breach resulting in the theft of approximately 3,300 ETH, valued at around $8.5 million at current market prices.  Unexpectedly, zkLend…

Read more →

Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over 30,000 users.  The leaked data reportedly includes email addresses, phone numbers, API keys, and over 34 million user-chatbot interactions.  A post on a hacking forum…

Read more →

A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of significant vulnerabilities in routers and smart devices, primarily targeting industrial and home networks worldwide.  The Shadowserver Foundation recently shared on X the botnet’s active exploitation…

Read more →

A critical vulnerability in SonicWall firewalls, identified as CVE-2024-53704, has been actively exploited by attackers to hijack SSL VPN sessions. This vulnerability affects SonicOS versions 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035. The exploit allows a remote attacker to bypass…

Read more →

A critical zero-day vulnerability has been discovered in a Windows driver, allowing attackers to gain remote access to systems. This vulnerability, identified as CVE-2025-21418, was disclosed on February 11, 2025, and is classified as “Important” with a CVSS score of…

Read more →