A highly sophisticated malware campaign targeting Microsoft Exchange servers in government and high-tech organizations across Asia. The malware, dubbed GhostContainer, exploits known N-day vulnerabilities to establish persistent backdoor access to critical infrastructure. Key Takeaways1. GhostContainer uses CVE-2020-0688 vulnerability to create…
Tag: Cyber Security News
Threat Actors Weaponized 28+ New npm Packages to Infect Users With Protestware Scripts
A sophisticated protestware campaign has emerged targeting Russian-language users through a network of compromised npm packages, with threat actors weaponizing at least 28 new packages containing nearly 2,000 versions of malicious code. The campaign represents a significant escalation in supply…
Europol Disrupted “NoName057(16)” Hacking Group’s Infrastructure of 100+ Servers Worldwide
A coordinated international cybercrime operation successfully dismantled the pro-Russian hacking network NoName057(16), taking down over 100 servers worldwide and disrupting their central attack infrastructure. The joint operation, dubbed “Eastwood,” coordinated by Europol involved 12 countries and resulted in multiple arrests,…
Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure
Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced. This memory overread vulnerability in Citrix NetScaler appliances enables adversaries to exfiltrate sensitive data from kernel space by sending malformed DTLS packets. …
Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025
The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured…
SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware
SonicWall’s end-of-life SMA 100 series appliances are again on the front line after investigators unearthed a covert campaign that couples a suspected zero-day remote-code-execution flaw with a sophisticated backdoor called OVERSTEP. The operation, attributed to the financially motivated group UNC6148,…
Microsoft Congratulates MSRC’s Most Valuable Security Researchers
Microsoft has officially announced its 2025 Most Valuable Security Researchers, recognizing the top 100 security researchers worldwide who have made significant contributions to protecting Microsoft customers through the Microsoft Security Response Center (MSRC) program. The recognition is based on a…
Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files
A critical vulnerability in Cisco’s Unified Intelligence Center (CUIC) web-based management interface has been classified with high severity, allowing authenticated remote attackers with Report Designer privileges to upload arbitrary files to affected systems. Tracked as CVE-2025-20274 and assigned a CVSS…
Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript
Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely…
Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files
A critical security vulnerability has been discovered in Vim, the popular open-source command line text editor used by millions of developers worldwide. The vulnerability, designated as CVE-2025-53906, affects the zip.vim plugin and enables attackers to overwrite arbitrary files through specially…
Oracle Critical Security Update – 309 Vulnerabilities with 145 Remotely Exploitable Patched
Oracle released its July 2025 Critical Patch Update on July 15, addressing 309 security vulnerabilities across its extensive product portfolio. This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems,…
New Attack Targeting Japanese Companies Exploiting Ivanti & Fortinet VPN Vulnerabilities
A sophisticated cyber espionage campaign has emerged targeting Japanese organizations through critical vulnerabilities in Ivanti Connect Secure and FortiGate VPN devices. The attack campaign, observed throughout fiscal year 2024, has primarily focused on manufacturing companies and government-related entities, with attackers…
Abacus Dark Web Market Possible Exit Scam with the Bitcoin Payments They Hold
Abacus Market, the largest Bitcoin-enabled Western darknet marketplace, has likely executed an exit scam after going offline in early July 2025, according to blockchain intelligence firm TRM Labs. The marketplace’s operators appear to have disappeared with users’ cryptocurrency funds, marking…
Hackers Use Polyglot Files to Bypass Email Filters to Deliver Malicious Emails
In the final week of June 2025 security teams across Russia’s healthcare and technology sectors began receiving an unusual flood of “routine” logistics and contract e-mails. Hidden behind familiar subject lines and legitimate sender addresses, the messages contained archives that…
Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks
The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities affecting Windows applications and V8 engine implementations. Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing a…
Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams
Microsoft has announced significant enhancements to its AI-powered security platform, marking the general availability of Microsoft Security Copilot capabilities within Microsoft Intune and Microsoft Entra. This development represents a critical milestone in the evolution of enterprise security management, as organizations…
Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager
A sophisticated new ransomware strain has emerged in the cybersecurity landscape, demonstrating advanced evasion techniques and destructive capabilities that pose significant risks to organizations worldwide. The Dark 101 ransomware represents a concerning evolution in malware design, utilizing an obfuscated .NET…
Authorities Dismantled “Diskstation” Ransomware Attacking Synology NAS Devices Worldwide
Italian State Police, in collaboration with French and Romanian law enforcement agencies, have successfully dismantled the dangerous “Diskstation” ransomware group that specifically targeted Synology Network-Attached Storage (NAS) devices across multiple countries. The operation, coordinated through EUROPOL, resulted in the arrest…
Albemarle County Hit By Ransomware Attack – Hackers Accessed Residents Personal Details
Albemarle County, Virginia, has fallen victim to a sophisticated ransomware attack that compromised the personal information of county residents, local government employees, and public school staff. The cybercriminal operation successfully infiltrated the county’s network infrastructure, forcing officials to launch an…
DShield Honeypot Scanning Reaches Record-High – 1,000,000+ Logs in a Day
The cybersecurity landscape has witnessed an unprecedented surge in malicious scanning activity, with DShield honeypots recording over one million log entries in a single day for the first time in their operational history. This dramatic escalation represents a significant shift…