A sophisticated cyberespionage campaign dubbed PassiveNeuron has resurfaced with infections targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. First detected in 2024, the campaign remained dormant for six months before re-emerging in December 2024, with the…
Tag: Cyber Security News
SOCs Have a Quishing Problem: Here’s How to Solve It
QR codes used to be harmless, now they’re one of the sneakiest ways attackers slip past defenses. Quishing, or QR code phishing, hides malicious links inside innocent-looking images that filters can’t read. One scan, and the victim lands on a fake login page designed to steal…
Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE) through seemingly innocuous prompts. According to Trail of Bits, these vulnerabilities exploit pre-approved system commands…
Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts
Since its emergence in August 2022, Lumma Infostealer has rapidly become a cornerstone of malware-as-a-service platforms, enabling even unskilled threat actors to harvest high-value credentials. Delivered primarily via phishing sites masquerading as cracked software installers, the malicious payload is encapsulated…
New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials
A sophisticated phishing kit dubbed Tykit, which impersonates Microsoft 365 login pages to harvest corporate credentials. First detected in May 2025, the kit has surged in activity during September and October, exploiting SVG files as a stealthy delivery mechanism. Unlike…
Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers
Oracle has disclosed two critical vulnerabilities in its E-Business Suite’s Marketing product that could hand full control to remote attackers. Dubbed CVE-2025-53072 and CVE-2025-62481, these flaws affect the Marketing Administration component and carry a perfect storm CVSS score of 9.8,…
Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies
China-based threat actors have exploited the critical ToolShell vulnerability in Microsoft SharePoint servers to infiltrate networks across multiple continents, targeting government agencies and critical infrastructure in a suspected espionage campaign. This vulnerability, identified as CVE-2025-53770, enables unauthenticated remote code execution…
Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique – Investigation Report
When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit logs capture identical authentication events but represent this critical security data using different formats. Security…
Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition
GitLab has urgently released patch versions 18.5.1, 18.4.3, and 18.3.5 for its Community Edition (CE) and Enterprise Edition (EE) to address multiple critical security flaws, including several high-severity denial-of-service (DoS) vulnerabilities. These updates fix issues allowing specially crafted payloads to…
Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams
Security flaws in Microsoft’s Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the “Azure Portal”. Varonis found that Azure’s safeguards, designed to block reserved names for cross-tenant apps, could be bypassed using invisible Unicode characters.…
New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace
Over the past week, cybersecurity professionals have been gripped by the emergence of GlassWorm, a highly sophisticated, self-propagating malware campaign targeting VS Code extensions on the OpenVSX Marketplace. The scale and technical complexity of this attack signal a turning point…
Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums
Monolock ransomware has surfaced in underground forums, with threat actors advertising version 1.0 for sale alongside stolen corporate credentials. First detected in late September, the malware exploits phishing emails containing malicious Word documents. Upon opening, the embedded macro downloads the…
Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable
Threat actors infiltrated the official Xubuntu website, redirecting torrent downloads to a malicious ZIP file containing Windows-targeted malware. The incident, uncovered on October 18, 2025, highlights vulnerabilities in community-maintained Linux distribution sites amid rising interest in alternatives to end-of-life operating…
Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code
Google has swiftly addressed a high-severity flaw in its Chrome browser’s V8 JavaScript engine, releasing an emergency update to thwart potential remote code execution attacks. The vulnerability, tracked as CVE-2025-12036, stems from an inappropriate implementation within V8, the open-source JavaScript…
Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework
The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors…
Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted…
Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers
Meta announced innovative tools on Tuesday to shield users of Messenger and WhatsApp from scammers. The updates, revealed during Cybersecurity Awareness Month, aim to detect suspicious activity in real-time and empower users with better account protections. This comes as scammers…
Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025
Microsoft has acknowledged a significant authentication problem affecting users of recent Windows versions, stemming from security enhancements in updates released since late August 2025. The company detailed how these updates are triggering Kerberos and NTLM failures on devices sharing identical…
How Threat Intelligence Can Save Money and Resources for Businesses
Cybersecurity is not just about defense; it is about protecting profits. Organizations without modern threat intelligence (TI) face escalating breach costs, wasted resources, and operational inefficiencies that hit the bottom line. Actionable intel can help businesses cut costs, optimize workflows,…
Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’
A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive…