A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a…
Tag: Cyber Security News
NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code
NVIDIA has patched a critical vulnerability in its App for Windows that could allow local attackers to execute arbitrary code and escalate privileges on affected systems. Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant…
Sandworm Hackers Attacking Ukranian Organizations with Data Wiper Malwares
The Russia-aligned Sandworm threat group has intensified its destructive cyberattacks against Ukrainian organizations, deploying sophisticated data wiper malware designed to cripple critical infrastructure and economic operations. Unlike traditional cyberespionage campaigns, Sandworm’s recent operations focus exclusively on destruction, targeting governmental entities,…
Midnight Ransomware Decrypter Flaws Opens the Door to File Recovery
The cybersecurity landscape continues to evolve as new ransomware variants emerge from the remnants of previous campaigns. Midnight ransomware represents one such development, drawing substantial inspiration from the notorious Babuk ransomware family that first appeared in early 2021. Like its…
AI Browsers Bypass Content PayWall Mimicking as a Human-User
The emergence of advanced AI browsing platforms such as OpenAI’s Atlas and Perplexity’s Comet has created a sophisticated challenge for digital publishers worldwide. These tools leverage agentic capabilities designed to execute complex, multistep tasks that fundamentally transform how content is…
Iranian Hackers Targeting Academics and Foreign Policy Experts Using RMM Tools
A previously unidentified Iranian threat actor has emerged with sophisticated social engineering tactics aimed at academics and foreign policy experts across the United States. Operating between June and August 2025, this campaign demonstrates the evolving landscape of state-sponsored cyber espionage,…
List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities
The cybercrime landscape has undergone a dramatic transformation in 2025, with artificial intelligence emerging as a cornerstone technology for malicious actors operating in underground forums. According to Google’s Threat Intelligence Group (GTIG), the underground marketplace for illicit AI tools has…
Threat Actors May Abuse VS Code Extensions to Deploy Ransomware and Use GitHub as C2 Server
North Korean threat actors are evolving their attack strategies by leveraging developer-focused tools as infection vectors. Recent security discoveries reveal that Kimsuky, a nation-state group operating since 2012, has been utilizing JavaScript-based malware to infiltrate systems and establish persistent command…
New EndClient RAT Attacking Users by Leveraging Stolen Code-Signing to Bypass AV Detections
A sophisticated Remote Access Trojan labeled EndClient RAT has emerged as a significant threat targeting human rights defenders in North Korea, marking another escalation in advanced malware operations attributed to the Kimsuky threat group. This newly discovered malware represents a…
Multi-Staged ValleyRAT Uses WeChat and DingTalk to Attack Windows Users
ValleyRAT has emerged as a sophisticated multi-stage remote access trojan targeting Windows systems, with particular focus on Chinese-language users and organizations. First observed in early 2023, this malware employs a carefully orchestrated infection chain that progresses through multiple components—downloader, loader,…
Airstalk Malware Leverages AirWatch API MDM Platform to Establish Covert C2 Communication
Security researchers have uncovered a sophisticated new malware family targeting enterprise environments through a supply chain compromise. The malware, tracked as Airstalk, represents a significant shift in how attackers exploit legitimate enterprise management tools to evade detection and maintain persistent…
Critical RCE Vulnerabilities in Claude Desktop Let Attackers Execute Malicious Code
A critical remote code execution (RCE) flaw in three official extensions for Anthropic’s Claude Desktop. These vulnerabilities, affecting the Chrome, iMessage, and Apple Notes connectors, stem from unsanitized command injection and carry a high severity score of CVSS 8.9. Published…
SonicWall Confirms State-Sponsored Hackers Behind the Massive Firewall Backup Breach
SonicWall, a global cybersecurity company, confirmed that state-sponsored hackers were behind a recent incident involving unauthorized access to firewall backup files. The breach began in early September, when the company detected suspicious activity involving the download of backup firewall configuration…
Gootloader is Back with New ZIP File Trickery that Decive the Malicious Payload
The Gootloader malware campaign has resurfaced with sophisticated evasion techniques that allow it to bypass automated security analysis. This persistent threat has been targeting victims for over five years using legal-themed search engine optimization poisoning tactics. The malware operators deploy…
Cisco Unified Contact Center Express Vulnerabilities Let Remote Attacker Execute Malicious Code
Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges. The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire…
Checkpoint Details on How Attackers Drained $128M from Balancer Pools Within 30 Minutes
On November 3, 2025, blockchain security monitoring systems detected a sophisticated exploit targeting Balancer V2’s ComposableStablePool contracts. An attacker executed a precision loss vulnerability to drain $128.64 million across six blockchain networks in under 30 minutes. The attack leveraged a…
Three Infamous Cybercriminal Groups Form a New Alliance Dubbed ‘Scattered LAPSUS$ Hunters’
Three well-known threat groups have consolidated into a unified cybercriminal entity that represents a significant shift in underground tactics. Scattered LAPSUS$ Hunters (SLH) emerged in early August 2025 as a federated alliance combining Scattered Spider, ShinyHunters, and LAPSUS$, creating what…
Clop Ransomware Actors Exploiting the Latest 0-Day Exploits in the Wild
Cl0p, a prominent ransomware group operating since early 2019, has emerged as one of the most dangerous threats in the cybersecurity landscape. With over 1,025 confirmed victims and more than $500 million in extorted funds, this Russian-linked group has consistently…
Cisco Warns of Hackers Actively Exploiting ASA and FTD 0-day RCE Vulnerability in the Wild
Cisco has confirmed that threat actors are actively exploiting a critical remote code execution (RCE) flaw in its Secure Firewall Adaptive Security Appliance (ASA) and Threat Defense (FTD) software. First disclosed on September 25, 2025, the vulnerability tracked as CVE-2025-20333…
Authorities Dismanteled Major Credit Card Fraud Operation Impacting 4.3 Million Cardholders
International law enforcement agencies have taken down three sophisticated fraud and money laundering networks in a coordinated operation that uncovered one of the largest credit card fraud schemes in recent history. The operation, codenamed “Chargeback,” revealed criminal activity affecting over…