Tag: Cyber Security News

A serious security flaw was discovered in the AI-Bolit component of Imunify products. This vulnerability allows attackers to run arbitrary code and even become root on a server. Imunify released a fix on October 23, 2025, and most servers have…

Read more →

A critical command injection vulnerability has been discovered in the W3 Total Cache plugin, one of WordPress’s most popular caching solutions used by approximately 1 million websites. The vulnerability, tracked as CVE-2025-9501 with a CVSS severity score of 9.0 (Critical), allows unauthenticated attackers to execute…

Read more →

The Lazarus APT Group has unveiled a new Remote Access Trojan called ScoringMathTea, representing a significant advancement in their cyberattack capabilities. This C++ based malware was identified as part of Operation DreamJob, a campaign aligned with the North Korean government.…

Read more →

Since mid-2024, a sophisticated Iranian-backed threat group known as UNC1549 has been conducting targeted campaigns against aerospace, aviation, and defense organizations across the globe. The hackers employ an advanced dual approach, combining carefully crafted phishing campaigns with the exploitation of…

Read more →

The notorious Everest ransomware group has claimed responsibility for a major cyber breach against Under Armour, the global sportswear giant, alleging the theft of 343 GB of internal data that could impact millions of customers and employees worldwide. The announcement,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission. The flaw allows attackers to catch network traffic and obtain…

Read more →

Google has announced the public preview of its Alert Triage and Investigation agent, a significant advancement in artificial intelligence-driven security operations. The intelligent agent is now embedded directly within Google Security Operations, helping security teams process alerts faster and more effectively.…

Read more →

Lynx ransomware has emerged as a significant threat to enterprise environments, with recent intrusions demonstrating sophisticated attack strategies that prioritize data exfiltration and infrastructure destruction. The malware campaign combines compromised credentials with careful planning to ensure maximum impact on target…

Read more →

IBM has released critical security updates addressing two severe vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands on affected systems. Both vulnerabilities stem from improper process controls in essential IBM AIX services. Critical…

Read more →

Microsoft Azure thwarted what may be the largest distributed denial-of-service (DDoS) attack ever recorded in the cloud on October 24. The attack peaked at 15.72 terabits per second (Tbps) and unleashed nearly 3.64 billion packets per second (pps), targeting a…

Read more →

Google has rushed out a critical update for its Chrome browser to address a zero-day vulnerability actively exploited in the wild, urging users to update immediately to mitigate the risk posed by sophisticated attackers. The patch, rolled out in Chrome…

Read more →

Cyber threats are changing how they reach victims. A financially motivated criminal network called Payroll Pirates has been quietly attacking payroll systems, credit unions, and trading platforms across the United States since mid-2023. Their weapon of choice is malvertising, where…

Read more →

Cybersecurity researchers have uncovered a dangerous new tool making waves across darknet forums and criminal communities. Xanthorox, a malicious artificial intelligence platform, has emerged as a serious concern for the security industry. The tool works like a regular chatbot, similar…

Read more →

A new threat has emerged in the ransomware landscape with the discovery of Yurei ransomware, first publicly identified in early September 2025. This Go-based malware follows a typical ransomware operation model by infiltrating corporate networks, encrypting critical data, deleting backups,…

Read more →

Pig-butchering scams have grown into one of the most damaging global cybercrime threats, causing billions of dollars in losses every year. These long-term investment fraud schemes work by building trust through emotional grooming and fake trading platforms before draining victims…

Read more →

A new open-source security tool, TaskHound, helps penetration testers and security professionals identify high-risk Windows scheduled tasks that could expose systems to attacks. The tool automatically discovers tasks running with privileged accounts and stored credentials, making it a valuable addition to…

Read more →

As artificial intelligence infrastructure rapidly expands, critical security flaws threaten the backbone of enterprise AI deployments. Security researchers at Oligo Security have uncovered a series of dangerous Remote Code Execution (RCE) vulnerabilities affecting major AI frameworks from Meta, NVIDIA, Microsoft,…

Read more →

In November 2025, a new malware campaign emerged that combines social engineering tricks with advanced stealing tools. The attack starts when criminals trick users into running commands through the Windows Run window, a technique known as ClickFix. Once users follow…

Read more →

CISA has issued an urgent alert about a critical vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF), actively exploited by threat actors to seize administrative control of affected systems. Tracked as CVE-2025-64446, the flaw stems from a relative path traversal…

Read more →

A new phishing campaign has emerged that weaponizes Microsoft Entra guest user invitations to deceive recipients into making phone calls to attackers posing as Microsoft support. The attack leverages a critical security gap in how Microsoft Entra communicates with external…

Read more →