Five critical memory vulnerabilities in Paragon Partition Manager’s BioNTdrv.sys driver have been discovered, allowing attackers to escalate privileges and cause denial-of-service conditions on affected systems. The vulnerabilities, identified in versions prior to 2.0.0, were officially disclosed on February 28, 2025,…
Tag: Cyber Security News
Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware
Cybersecurity experts have recently observed a concerning trend in attack methodologies, with threat actors increasingly leveraging fileless techniques that weaponize PowerShell and legitimate Microsoft applications to deploy malware while evading detection. These sophisticated attacks operate primarily in memory, leaving minimal…
Hackers Using ClickFix Tactic to Attack Windows Machine & Gain Full Control of System
A sophisticated phishing campaign in which threat actors are utilizing a multi-stage attack chain that combines social engineering tactics with modified open-source tools to compromise Windows systems. The campaign, active as of March 2025, employs the ClickFix technique to deceive…
Google’s New Email Shield Feature Let Users Hide Email From Apps
Google is advancing its email privacy arsenal with the development of Shielded Email, a feature designed to generate disposable email aliases for users signing up for apps and services. First uncovered in a Google Play Services v24.45.33 APK teardown by…
U.S. Halts Cyber Operations Targeting Russia
The United States has paused offensive cyber operations against Russia under an order from Defense Secretary Pete Hegseth, causing debates over geopolitical strategy and domestic cybersecurity priorities. While U.S. Cyber Command—a Unified Combatant Command overseeing military cyber operations—adheres to the…
Attackers Automating Vulnerability Exploits with Few Hours of Disclosure
The cybersecurity landscape of 2024 witnessed an unprecedented increase in mass internet exploitation, driven by attackers’ ability to automate vulnerability exploits within hours of disclosure. GreyNoise’s 2025 Mass Internet Exploitation Report reveals a systematic industrialization of cyberattacks, with threat actors…
HiveOS Vulnerabilities Let Attackers Execute Arbitrary Commands
Security researchers have uncovered three critical vulnerabilities in Extreme Networks’ IQ Engine (HiveOS) that collectively enable authenticated attackers to escalate privileges, decrypt passwords, and execute arbitrary commands on affected systems. The flaws—tracked as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227—were disclosed through coordinated…
North Korean IT Workers Using Astrill VPN To Hide Their IPs
Cybersecurity firm Silent Push have confirmed recently that North Korean IT workers continue to utilize Astrill VPN services to hide their true IP addresses when seeking employment with international companies. This finding, originally reported by Google’s Mandiant in September 2024,…
JavaGhost Leveraging Amazon IAM Permissions To Trigger Phishing Attack
Unit 42, the threat intelligence team at Palo Alto Networks, has identified a sophisticated threat actor group named JavaGhost that has evolved from website defacement to executing persistent phishing campaigns using compromised AWS environments. The group, active since at least…
US Army Soldier Arrested for Hacking 15 Telecom Carriers
U.S. Army Specialist Cameron John Wagenius, 21, is charged with federal offenses for allegedly hacking at least 15 telecom companies and trying to extort a major provider while leveraging stolen call detail records (CDRs) of high-ranking officials. The U.S. Department…
New Vulnerability in Substack let Attackers Take Over Subdomains
A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation. The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains…
MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges
MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE). The March 2025 Product Security Bulletin highlights three high severity vulnerabilities…
Apache Derby Vulnerability Let Attackers Bypass Authentication with LDAP Injection
A critical security vulnerability (CVE-2022-46337) in Apache Derby, an open-source relational database implemented entirely in Java, has exposed systems to authentication bypass attacks via LDAP injection. The flaw, rated with a CVSS score of 9.1, enables attackers to craft malicious…
Vidar & StealC 2.0 Released by Threat Actors With a Complete New Build
Threat actors have simultaneously released major updates for two prominent info-stealers, Vidar and StealC, marking their transition to version 2.0. These updates, announced in late February 2025, introduce redesigned builds, modernized features, and enhanced capabilities. However, cybersecurity experts have uncovered…
Why Off-the-Shelf Security Solutions Fail: The Need for Custom Cybersecurity Services
Have you ever wondered why businesses still face cyber threats, even with the latest security software? Cybercriminals are always finding new ways to attack. To stay safe, companies need strong and adaptable security measures. Many businesses rely on off-the-shelf security…
Trigon – A New Exploit Revealed for iOS 0-Day kernel Vulnerability
Security researchers have released a sophisticated new kernel exploit targeting Apple iOS devices, dubbed Trigon, which leverages a critical vulnerability in the XNU kernel’s virtual memory subsystem. The exploit, linked to the ith “Operation Triangulation” spyware campaign that first weaponized…
Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges – PoC Released
Threat actors have actively exploited CVE-2025-21333, a critical vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This heap-based buffer overflow vulnerability allows local attackers to escalate their privileges to the SYSTEM level, posing a significant security…
Critical Vulnerability in Wazuh Server Enables Remote Attackers to Execute Malicious Code
A critical remote code execution (RCE) vulnerability has been discovered in the Wazuh server, a popular open-source security platform used for threat detection and compliance monitoring. Identified as CVE-2025-24016, this flaw allows attackers with API access to execute arbitrary Python…
Android Phone’s Unlocked Using Cellebrite’s Linux USB Zero-day Exploit
Amnesty International’s Security Lab has uncovered a sophisticated cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain developed by Cellebrite to unlock the Android phone of a student activist. The attack, which occurred on December 25, 2024, leveraged…
Angel One Data Breach: 8 Million Users Personal Records at Risk
Angel One, a leading financial services platform, disclosed a breach involving unauthorized access to specific client data after some of its Amazon Web Services (AWS) resources were compromised. The incident was discovered on February 27, 2025, when the company received…