Penetration testing companies specialize in evaluating the security of an organization’s IT infrastructure by simulating real-world cyberattacks. These companies use ethical hacking techniques to identify vulnerabilities in networks, applications, and systems before malicious hackers can exploit them. What Do Penetration…
Tag: Cyber Security News
PoC Exploit Released for Actively Exploited Linux Kernel Out-Of-Bounds Write Vulnerability
A proof-of-concept (PoC) exploit has been released for a high-severity out-of-bounds write vulnerability in the Linux kernel, identified as CVE-2024-53104. The vulnerability exists within the USB Video Class (UVC) driver and can lead to privilege escalation. The flaw stems from…
Hackers Registered 10K Domains With Same Name for Smishing Attack Via iMessage
A large-scale SMS phishing (smishing) campaign distributed via iMessage involving more than 10,000 domains registered by a threat actor was discovered recently. These domains are designed to impersonate toll services and package delivery platforms across multiple U.S. states and one…
Lumma Stealer Launch “Click Fix” Style Attack via Fake Google Meet & Windows Update Sites
Recent Palo Alto research investigations have revealed the ongoing evolution of “click fix” style campaigns used to distribute the Lumma Stealer malware. These campaigns exploit user interaction by leveraging malicious scripts that are inserted into the copy-paste buffer, tricking victims…
Getting Access to Internal Networks Via Physical Pentest – Case Study
Physical penetration testing provides crucial insights into real-world security vulnerabilities that might be overlooked in purely digital assessments. A recent case study conducted by Hackmosphere for a furniture retailer, referred to as ExCorp, revealed how physical access to facilities could…
Threat Actors Leverage YouTubers to Attack Windows Systems Via SilentCryptoMiner
Security researchers have uncovered a sophisticated malware campaign where threat actors are coercing popular YouTubers to distribute SilentCryptoMiner malware disguised as restriction bypass tools. This campaign has already affected more than 2,000 victims in Russia, with the actual number potentially…
New Malware Attacked ‘Desert Dexter’ Compromised 900+ Victims Worldwide
Security researchers at Positive Technologies have uncovered a sophisticated malware campaign dubbed “Desert Dexter” that has compromised more than 900 victims worldwide since September 2024. The attack, discovered in February 2025, primarily targets countries in the Middle East and North…
Beware of Fake Tax Claims that Tricks Users to Steal Over $10,000 From Victims
Tax season has become a high-stakes battleground for cybercriminals, who leverage advanced technologies like deepfake audio and AI-generated phishing campaigns to steal over $10,000 from unsuspecting victims. According to a 2025 McAfee survey, 10% of tax scam losses exceeded $10,000,…
Linux Distro Tails 6.13 Released with Improved Wi-Fi Hardware Detection
The Tails Project announced the release of Tails 6.13 on March 6, 2025, marking a significant update to its privacy-centric Linux distribution. This iteration introduces improved diagnostics for Wi-Fi hardware compatibility, updates to the Tor Browser and client, and critical…
Hackers Leveraging x86-64 Binaries on Apple Silicon to Deploy macOS Malware
Advanced threat actors increasingly leverage x86-64 binaries and Apple’s Rosetta 2 translation technology to bypass execution policies and deploy malware on Apple Silicon devices. The technique exploits architectural differences between Intel and ARM64 processors while leaving behind forensic artifacts that…
Beware of Fake CAPTCHA Prompts That May Silently Install LummaStealer on Your Device
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign using fake CAPTCHA prompts to deliver LummaStealer, a dangerous information-stealing malware. This emerging threat, first discovered in January 2025, represents a new approach for LummaStealer distribution which previously spread…
YouTube Warns of Phishing Emails Attacking Creators to Steal Login Credentials
YouTube has issued an urgent alert to content creators regarding a highly sophisticated phishing campaign exploiting AI-generated deepfake technology to hijack accounts. The attack, first detected in late February 2025, uses fabricated videos of YouTube CEO Neal Mohan to deceive…
Multiple Jenkins Vulnerability Let Attackers Expose Secrets
Jenkins, the widely adopted open-source automation server central to CI/CD pipelines, has disclosed four critical security vulnerabilities enabling unauthorized secret disclosure, cross-site request forgery (CSRF), and open redirect attacks. These flaws, patched in versions 2.500 (weekly) and 2.492.2 (LTS), affect…
Critical Vulnerabilities in DrayTek Routers Exposes Devices to RCE Attack
A series of critical vulnerabilities in DrayTek Vigor routers widely deployed in small office/home office (SOHO) environments have been uncovered, exposing devices to remote code execution (RCE), denial-of-service (DoS) attacks, and credential theft. The flaws discovered during firmware reverse-engineering efforts…
Operation Sea Elephant Attacking Organizations to Steal Research Details
A sophisticated cyber espionage campaign dubbed “Operation Sea Elephant” has been discovered targeting scientific research organizations, with a particular focus on ocean-related studies. The operation, attributed to a threat actor group known as CNC with South Asian origins, aims to…
AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches
Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a…
CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a severe vulnerability in the Edimax IC-7100 IP Camera. This vulnerability, CVE-2025-1316, allows attackers to execute remote code on the device by sending specially crafted requests, exploiting…
North Korean IT Workers Using GitHub To Attack Organization Globally
Cybersecurity research firm NISOS has uncovered a network of suspected North Korean IT workers who are leveraging GitHub to create elaborate fake personas aimed at securing employment with companies in Japan and the United States. These individuals pose as Vietnamese,…
GitHub Details How Security Professionals Can Use Copilot to Analyze Logs
GitHub has unveiled groundbreaking applications of its AI-powered coding assistant, Copilot, specifically tailored for security professionals analyzing system logs and operational data. The tool now demonstrates unprecedented capabilities in parsing security event information, identifying anomalies, and accelerating incident response workflows…
Enabling Incognito Mode in RDP to Hide All the Traces
Microsoft’s Remote Desktop Protocol (RDP) has introduced a lesser-known but critical security feature colloquially referred to as “incognito mode” through its /public command-line parameter. This functionality, formally called public mode, prevents the client from storing sensitive session artifacts—a development with…