An important security vulnerability has been discovered in Apache Jackrabbit, a popular open-source content repository used in enterprise content management systems and web applications. This flaw could allow unauthenticated attackers to achieve arbitrary code execution (RCE) on servers running vulnerable…
Tag: Cyber Security News
Microsoft Azure Cloud Disrupted by Undersea Cable Cuts in Red Sea
Microsoft’s Azure cloud platform is facing significant disruptions after multiple undersea fiber optic cables were severed in the Red Sea. The US technology giant confirmed that users would experience delays and increased latency for services relying on internet traffic moving…
Salesloft Drift Cyberattack Linked to GitHub Compromise and OAuth Token Theft
A sophisticated supply-chain attack that impacted over 700 organizations, including major cybersecurity firms, has been traced back to a compromise of Salesloft’s GitHub account that began as early as March 2025. In an update on September 6, 2025, Salesloft confirmed…
Australian Authorities Uncovered Activities and Careers of Ransomware Criminal Groups
Ransomware has emerged as one of the most devastating cybercrime threats in the contemporary digital landscape, with criminal organizations operating sophisticated billion-dollar enterprises that target critical infrastructure across multiple nations. Between 2020 and 2022, ransomware groups conducted over 865 documented…
Atomic Stealer Disguised as Cracked Software Attacking macOS Users
A sophisticated malware campaign targeting macOS users has emerged, exploiting the widespread desire for free software to deliver the notorious Atomic macOS Stealer (AMOS). This information-stealing malware masquerades as cracked versions of popular applications, tricking unsuspecting users into compromising their…
U.S. Authorities Investigating Malicious Email Targeting Trade Talks with China
U.S. federal authorities have launched an investigation into a sophisticated malware campaign that targeted sensitive trade negotiations between Washington and Beijing. The attack, which surfaced in July 2025, involved fraudulent emails purportedly sent by Representative John Moolenaar, chairman of the…
How Microsoft Azure Storage Logs Aid Forensics Following a Security Breach
After a security breach, forensic investigators work quickly to follow the attacker’s trail. Security experts have analyzed this situation and found that a key source of evidence is often overlooked: Microsoft Azure Storage logs. While frequently overlooked, these logs provide…
Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details
Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers. The company stated the incident is part of a broader data theft campaign targeting an integration between Salesforce and the…
Lazarus APT Hackers Using ClickFix Technique to Steal Sensitive Intelligence Data
The notorious Lazarus APT group has evolved its attack methodology by incorporating the increasingly popular ClickFix social engineering technique to distribute malware and steal sensitive intelligence data from targeted organizations. This North Korean-linked threat actor, internally tracked as APT-Q-1 by…
Weekly Cybersecurity News Recap : Palo Alto Networks, Zscaler, Jaguar Land Rover, and Cyber Attacks
Welcome to your weekly cybersecurity briefing. In a digital landscape where the only constant is change, this past week has been a stark reminder that vigilance is not just a best practice, but a necessity for survival. From corporate giants…
Top 10 Best AI Penetration Testing Companies in 2025
AI is no longer just a buzzword; it’s a fundamental part of business operations, from customer service chatbots to complex financial models. However, this adoption has created a new and specialized attack surface. Traditional penetration testing, which focuses on network…
10 Best Cloud Penetration Testing Companies in 2025
As more businesses migrate their infrastructure to the cloud, cloud penetration testing has become a critical service. Unlike traditional network tests, cloud pentesting focuses on unique attack vectors such as misconfigured services, insecure APIs, and overly permissive IAM (Identity and…
“GPUGate” Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload
A sophisticated malware campaign, dubbed “GPUGate,” abuses Google Ads and GitHub’s repository structure to trick users into downloading malicious software. The Arctic Wolf Cybersecurity Operations Center, the attack chain uses a novel technique to evade security analysis by leveraging a…
Critical Argo CD API Vulnerability Exposes Repository Credentials
A critical vulnerability has been discovered in Argo CD that allows API tokens with limited permissions to access sensitive repository credentials. The flaw in the project details API endpoint exposes usernames and passwords, undermining the platform’s security model by granting…
Kali Linux vs Parrot OS – Which Penetration Testing Platform is Most Suitable for Cybersecurity Professionals?
Penetration testing and ethical hacking have been dominated by specialized Linux distributions designed to provide security professionals with comprehensive toolsets for vulnerability assessment and network analysis. Among the most prominent options, Kali Linux and Parrot OS have emerged as leading contenders, each offering unique…
New Report Claims Microsoft Used China-Based Engineers For SharePoint Support and Bug Fixing
A recent investigation has revealed that Microsoft employed China-based engineers to maintain and support SharePoint software, the same collaboration platform that was recently compromised by Chinese state-sponsored hackers. This revelation raises significant concerns about cybersecurity practices and potential insider threats…
TAG-150 Hackers Deploying Self-Developed Malware Families to Attack Organizations
A sophisticated new threat actor designated TAG-150 has emerged as a significant cybersecurity concern, demonstrating rapid development capabilities and technical sophistication in deploying multiple self-developed malware families since March 2025. The group has successfully created and deployed CastleLoader, CastleBot, and…
SafePay Ransomware Claiming Attacks Over 73 Victim Organizations in a Single Month
A new ransomware threat has emerged as one of 2025’s most prolific cybercriminal operations, with SafePay ransomware claiming attacks against 73 victim organizations in June alone, followed by 42 additional victims in July. This surge has positioned SafePay as a…
143,000 Malware Files Attacked Android and iOS Device Users in Q2 2025
Cybercriminals unleashed a massive wave of mobile malware attacks during the second quarter of 2025, with security researchers detecting nearly 143,000 malicious installation packages targeting Android and iOS devices. This surge represents a significant escalation in mobile cyber threats, affecting…
Wealthsimple Data Breach Exposes Personal Information of Some Users
Canadian fintech giant Wealthsimple announced today that it has suffered a data breach, resulting in the unauthorized access of personal information belonging to a small fraction of its client base. The company stressed that all funds and accounts remain secure…