In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency under the Ministry of Commerce, Industry, and Tourism, leveraging a highly effective strategy to bypass…
Tag: Cyber Security News
Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution
Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling out to Windows and Mac users, with Linux receiving version 143.0.7499.146. Full deployment is expected…
APT-C-35 Infrastructure Activity Leveraged Using Apache HTTP Response Indicators
A significant discovery in threat intelligence reveals that APT-C-35, commonly known as DoNot, continues to maintain an active infrastructure footprint across the internet. Security researchers have identified new infrastructure clusters linked to this India-based threat group, which has long been…
Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
Microsoft has released comprehensive mitigations for a critical vulnerability dubbed React2Shell (CVE-2025-55182), which poses severe risks to React Server Components and Next.js environments. With a maximum CVSS score of 10.0, this pre-authentication remote code execution flaw allows threat actors to…
Hackers Can Manipulate Internet-Based Solar Panel Systems to Execute Attacks in Minutes
A new class of internet-based attacks is turning solar power infrastructure into a high‑risk target, allowing hackers to disrupt energy production in minutes using nothing more than open ports and free tools. Modern solar farms rely on networked operational technology,…
LLMs are Accelerating the Ransomware Operations with Functional Tools and RaaS
The integration of Large Language Models (LLMs) into ransomware operations marks a pivotal shift in the cybercrime landscape, functioning as a potent operational accelerator rather than a fundamental revolution. This technology dramatically lowers barriers to entry, enabling even low-skill actors…
Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure
A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intelligence Directorate (GRU) and the notorious Sandworm group, represents a major shift…
NoName057(16) Hackers Using DDoSia DDoS Tool to Attack Organizations in NATO
NoName057(16), also known as 05716nnm or NoName05716, has emerged as a significant threat targeting NATO member states and European organizations. The group, which originated as a covert project within Russia’s Centre for the Study and Network Monitoring of the Youth…
Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges
A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. Tracked as CVE-2025-64669, the flaw stems from insecure directory permissions on the folder C:\ProgramData\WindowsAdminCenter, which is…
Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrator accounts and gain full control of exposed devices. Researchers at watchTowr Labs first detailed the…
Malicious NuGet Package Uses .NET Logging Tool to Steal Cryptocurrency Wallet Data
The cybersecurity landscape has once again been rattled by a subtle yet dangerous supply chain attack. A malicious NuGet package named Tracer.Fody.NLog was discovered masquerading as a legitimate .NET tracing library. Published in 2020, this package successfully deceived developers for…
FreePBX Vulnerabilities Enables Authentication Bypass that Leads Remote Code Execution
FreePBX has addressed critical vulnerabilities enabling authentication bypass and remote code execution in its Endpoint Manager module. Discovered by Horizon3.ai researchers, these flaws affect telephony endpoint configurations in the open-source IP PBX system. Researchers identified three high-severity issues distinct from…
Dark Web Omertà Market Shut Downed Following the Leak of Real Server IPs
The dark web landscape constantly shifts between emerging platforms and sudden closures, often driven by the very anonymity they promise. On November 21, 2025, a new contender named Omertà Market emerged, positioning itself as a bastion of stability and security.…
SantaStealer Attacks Users to Exfiltrates Sensitive Documents, Credentials, and Wallet Data
A new information stealer called SantaStealer has emerged as a serious threat to Windows users worldwide. This malware-as-a-service tool is being aggressively marketed through Telegram channels and underground hacker forums, with plans for full release before the end of 2025.…
Critical ScreenConnect Vulnerability Let Attackers Expose Sensitive Configuration Data
ConnectWise has issued a security update for ScreenConnect™ to address a critical vulnerability that could enable attackers to expose sensitive configuration data and install untrusted extensions. The flaw, identified as CVE-2025-14265, affects only the ScreenConnect server component, leaving host and…
Popular Chrome Extension with Over 6 Million Installs Captures User Inputs to AI Chatbots
A widely trusted Chrome extension with more than 6 million users has been discovered secretly collecting and selling conversations from major AI platforms. Urban VPN Proxy, which carries Google’s “Featured” badge indicating it passed manual review for quality standards, contains…
SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data
SoundCloud has confirmed a security incident involving unauthorized access to user data, revealing that hackers exfiltrated email addresses and public profile information from approximately 20% of its user base. The company disclosed the breach in a transparency blog post on…
New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number
A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities. The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp’s legitimate device linking feature to…
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild
An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 to perform unauthenticated single sign-on (SSO) logins via malicious SAML messages, granting attackers administrative access. Fortinet disclosed…
PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen
The notorious hacking collective ShinyHunters has claimed responsibility for a major data breach at Mixpanel, a popular analytics provider, exposing limited user data tied to Pornhub Premium accounts. The incident, which has only affected select Premium subscribers, has raised concerns…