A critical security vulnerability in TeleMessageTM SGNL, an enterprise messaging system modeled after Signal, has been actively exploited by cybercriminals seeking to extract sensitive user credentials and personal data. The flaw, designated CVE-2025-48927, affects government agencies and enterprises using this…
Tag: Cyber Security News
CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits
CISA issued three significant Industrial Control Systems (ICS) advisories on July 17, 2025, addressing critical vulnerabilities affecting energy monitoring, healthcare imaging, and access control systems. These advisories highlight severe security flaws with CVSS v4 scores ranging from 8.5 to 8.7,…
Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains
In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Initially identified by unusual SMS-based phishing campaigns leveraging adversary-in-the-middle (AiTM) domains,…
Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role
A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications. The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active…
Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike
A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and…
Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier
Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN…
Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets
The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets…
4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities
Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. The flaws could allow attackers to bypass security controls, spoof their identity, access private networks, and…
Hackers Exploiting DNS Blind Spots to Hide and Deliver Malware
A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. This technique transforms the Internet’s Domain Name System into an unconventional file storage system, allowing attackers…
H2Miner Attacking Linux, Windows, and Containers to Mine Monero
The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux…
Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics
Iranian state-sponsored threat actors have significantly escalated their cyber operations, employing sophisticated artificial intelligence-enhanced phishing campaigns to target cybersecurity researchers and academic institutions across Western nations. The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound),…
UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks
Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April. The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations…
Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms
An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology firm in…
UNG0002 Actors Deploys Weaponize LNK Files Using ClickFix Fake CAPTCHA Verification Pages
A sophisticated espionage campaign targeting multiple Asian jurisdictions has emerged, utilizing weaponized shortcut files and deceptive social engineering techniques to infiltrate high-value targets across China, Hong Kong, and Pakistan. The threat actor, designated UNG0002 (Unknown Group 0002), has demonstrated remarkable…
Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data
Emerging in mid-2023 as an apparent successor to Meiya Pico’s notorious MFSocket, the newly identified Android application Massistant has begun surfacing on confiscated handsets at Chinese border checkpoints and police stations. Unlike conventional spyware that relies on covert remote delivery,…
1-Click Oracle Cloud Code Editor RCE Vulnerability Lets Attackers Upload Malicious Files
A critical Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure (OCI) Code Editor that allowed attackers to silently hijack victim Cloud Shell environments through a single click. The vulnerability, now remediated, affected Code Editor’s integrated services, including Resource Manager,…
NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution
NVIDIA has released critical security updates addressing two significant vulnerabilities in its Container Toolkit and GPU Operator that could allow attackers to execute arbitrary code with elevated permissions. The vulnerabilities, identified as CVE-2025-23266 and CVE-2025-23267, affect all platforms running NVIDIA…
PyPI Bans Inbox.ru Domains Following Massive 1,500+ Fake Project Uploads
The Python Package Index (PyPI) has implemented an immediate ban on inbox.ru email domain registrations following a sophisticated spam campaign that resulted in over 1,500 fake project uploads across a month-long period. The attack, which began on June 9, 2025,…
Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part
A newly disclosed remote code execution (RCE) vulnerability in Microsoft SharePoint has been identified, affecting the deserialization process of WebPart properties. The vulnerability enables attackers to execute arbitrary code through carefully crafted XML payloads embedded within SharePoint Web Parts, potentially…
Hackers Exploit DNS Queries for C2 Operations and Data Exfiltration
Cybercriminals are increasingly leveraging DNS (Domain Name System) tunneling to establish covert communication channels that bypass traditional network security measures. This sophisticated technique exploits the fundamental trust placed in DNS traffic, which typically passes through corporate firewalls with minimal inspection…