A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique extends prior stack-spoofing research and reveals critical gaps in current endpoint detection strategies. The Evasion Challenge As…
Tag: Cyber Security News
CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary remediation measures. This action reflects the vulnerability’s active exploitation in the…
Singularity Linux Kernel Rootkit with New Feature Prevents Detection
Singularity, a sophisticated Linux kernel rootkit designed for Linux kernel versions 6.x, has gained significant attention from the cybersecurity community for its advanced stealth mechanisms and powerful capabilities. This kernel module represents a concerning evolution in rootkit technology, offering multiple…
New GhostPoster Attack Leverages PNG Icon to Infect 50,000+ Firefox Users
A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within…
NVIDIA Isaac Lab Vulnerability Let Attackers Execute Malicious Code
A critical security update addressing a dangerous deserialization vulnerability in NVIDIA Isaac Lab, a component of the NVIDIA Isaac Sim framework. The flaw could allow attackers to execute arbitrary code on affected systems, prompting the company to take immediate action.…
Cellik Android Malware with One-Click APK Builder Let Attackers Wrap its Payload Inside with Google Play Store Apps
Cellik represents a significant evolution in Android Remote Access Trojan capabilities, introducing sophisticated device control and surveillance features previously reserved for advanced spyware. This newly identified RAT combines full device takeover with an integrated Google Play Store connection, allowing attackers…
Chrome Zero-Day Vulnerabilities Exploited in 2025 – A Comprehensive Analysis
Throughout 2025, Google patched an unprecedented wave of actively exploited zero-day vulnerabilities affecting its Chrome browser, patching a total of eight critical flaws that threatened billions of users worldwide. These vulnerabilities, all classified as high severity with CVSS scores averaging…
New GhostPoster Attack Leverages PNG Icon to Infect 50,000 Firefox Users
A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily involves seemingly innocent browser extensions, such as “Free VPN Forever,” which conceal malicious payloads within…
BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls
In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass…
Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution
Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected…
APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators
A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been…
Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
Microsoft has released comprehensive mitigations for a critical vulnerability dubbed React2Shell (CVE-2025-55182), which poses severe risks to React Server Components and Next.js environments. With a maximum CVSS score of 10.0, this pre-authentication remote code execution flaw allows threat actors to…
Hackers Can Manipulate Internet-Based Solar Panel Systems to Execute Attacks in Minutes
A new class of internet-based attacks is turning solar power infrastructure into a high‑risk target, allowing hackers to disrupt energy production in minutes using nothing more than open ports and free tools. Modern solar farms rely on networked operational technology,…
LLMs are Accelerating the Ransomware Operations with Functional Tools and RaaS
The integration of Large Language Models (LLMs) into ransomware operations marks a pivotal shift in the cybercrime landscape, functioning as a potent operational accelerator rather than a fundamental revolution. This technology dramatically lowers barriers to entry, enabling even low-skill actors…
Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure
A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift…
NoName057(16) Hackers Using DDoSia DDoS Tool to Attack Organizations in NATO
NoName057(16), also known as 05716nnm or NoName05716, has emerged as a significant threat targeting NATO member states and European organizations. The group, which originated as a covert project within Russia’s Centre for the Study and Network Monitoring of the Youth…
Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges
A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked as CVE-2025-64669, the flaw stems from insecure directory permissions on the folder C:\ProgramData\WindowsAdminCenter, which is…
Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator accounts and gain full control of exposed devices. Researchers at watchTowr Labs first detailed the…
Malicious NuGet Package Uses .NET Logging Tool to Steal Cryptocurrency Wallet Data
The cybersecurity landscape has once again been rattled by a subtle yet dangerous supply chain attack. A malicious NuGet package named Tracer.Fody.NLog was discovered masquerading as a legitimate .NET tracing library. Published in 2020, this package successfully deceived developers for…
FreePBX Vulnerabilities Enables Authentication Bypass that Leads Remote Code Execution
FreePBX has addressed critical vulnerabilities enabling authentication bypass and remote code execution in its Endpoint Manager module. Discovered by Horizon3.ai researchers, these flaws affect telephony endpoint configurations in the open-source IP PBX system. Researchers identified three high-severity issues distinct from…