Tag: Cyber Security News

The Federal Bureau of Investigation (FBI) has issued an urgent alert regarding a sophisticated email-based extortion campaign targeting corporate executives, wherein threat actors impersonate the notorious BianLian ransomware group.  The scam, first identified in early March 2025, involves physical letters…

Read more →

A critical security vulnerability in Apache Pinot designated CVE-2024-56325, has been disclosed. It allows unauthenticated, remote attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems.  Researchers from the Knownsec 404 Team discovered the flaw and disclosed it…

Read more →

Microsoft has announced the immediate availability of Microsoft 365 E5 Security as a cost-effective add-on for Business Premium subscribers, marking a strategic expansion of enterprise-grade cybersecurity tools for small and medium businesses (SMBs).  The release introduces enhanced threat detection, identity…

Read more →

A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. The vulnerability lies within the interprocess communication (IPC) channel and can be exploited by an authenticated, local attacker to…

Read more →

Network traffic analysis has emerged as one of the most effective methods for detecting and investigating linux based malware infections . By scrutinizing communication patterns, security professionals can uncover signs of malicious activity, including command-and-control (C2) connections, data exfiltration, and…

Read more →

Cybersecurity researchers have uncovered a sophisticated campaign targeting the Albion Online gaming community through impersonation of the Electronic Frontier Foundation (EFF). The operation, discovered in early March 2025, leverages decoy documents designed to appear as official EFF communications while deploying…

Read more →

Network traffic analysis has emerged as one of the most effective methods for detecting and investigating linux based malware infections . By scrutinizing communication patterns, security professionals can uncover signs of malicious activity, including command-and-control (C2) connections, data exfiltration, and…

Read more →

A critical security oversight in widely used Apache Airflow instances has exposed credentials for platforms like AWS, Slack, PayPal, and other services, leaving organizations vulnerable to data breaches and supply chain attacks.  Researchers at Intezer discovered thousands of unprotected instances…

Read more →

A newly disclosed critical vulnerability in Sitecore Experience Platform (CVE-2025-27218) allows unauthenticated attackers to execute arbitrary code on unpatched systems.  The flaw, rooted in insecure deserialization practices, affects Sitecore Experience Manager (XM) and Experience Platform (XP) versions 8.2 through 10.4…

Read more →

Security researchers at SEC Consult have discovered a significant vulnerability in CrowdStrike’s Falcon Sensor that allowed attackers to bypass detection mechanisms and execute malicious applications. This vulnerability, dubbed “Sleeping Beauty,” was initially reported to CrowdStrike in late 2023 but was…

Read more →

Federal prosecutors unsealed criminal complaints today against David Jose Gomez Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, members of the Tren de Aragua Gang, for allegedly orchestrating a coordinated ATM “jackpotting” campaign across four U.S. states.  The defendants face charges…

Read more →

A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration tampering.  Rated 9.0/10 on the CVSS v3.1 scale, these flaws enable authenticated low-privilege users to…

Read more →

In its latest Android security update, Google has unveiled a dual-layer defense system combining AI-powered scam detection for both text messages and voice calls.  The new features, powered by Gemini Nano AI models operating entirely on-device, aim to combat the…

Read more →

A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs.  Patched in versions 24.8.5 and 25.2.1 released on March 4, 2025, this flaw allowed attackers to…

Read more →

Elastic has issued an urgent security advisory for a critical vulnerability in Kibana, tracked as CVE-2025-25012, that allows authenticated attackers to execute arbitrary code on affected systems.  The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype…

Read more →

Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently…

Read more →

A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection…

Read more →

A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities.  This shift in strategy represents a significant evolution in ransomware…

Read more →

In a sophisticated cybercrime operation targeting high-demand events, two individuals were arrested this week for allegedly orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s Eras Tour and other major concerts.  Queens District Attorney Melinda Katz revealed that Tyrone Rose,…

Read more →

In a landmark development for cybersecurity infrastructure, Google’s Mandiant subsidiary has unveiled GoStringUngarbler – an open-source deobfuscation framework designed to neutralize advanced string encryption techniques in Go-based malware.  This innovation specifically targets binaries obfuscated using garble, an increasingly prevalent obfuscation…

Read more →