A critical security vulnerability has been discovered in Zimbra Classic Web Client that enables attackers to execute arbitrary JavaScript code through stored cross-site scripting (XSS) attacks. The vulnerability, designated as CVE-2025-27915, poses significant risks to organizations using affected Zimbra installations,…
Tag: Cyber Security News
Facebook, Netflix, Microsoft Hijacked to Insert Fake Phone Number
A sophisticated scam operation targeting major American companies, including Netflix, Microsoft, and Bank of America, where attackers manipulate legitimate websites to display fraudulent phone numbers. The attack, technically classified as a search parameter injection attack, exploits vulnerabilities in website search…
2,000+ Devices Hacked Using Weaponized Social Security Statement Themes
A sophisticated phishing campaign masquerading as official Social Security Administration (SSA) communications has successfully compromised more than 2,000 devices, according to a recent investigation. The attack, which leverages the trust associated with government correspondence, represents a concerning evolution in social…
Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers
A critical security vulnerability has been discovered in Performave Convoy that allows unauthenticated remote attackers to execute arbitrary code on affected servers. The vulnerability, identified as CVE-2025-52562, affects all versions from 3.9.0-rc.3 through 4.4.0 of the ConvoyPanel/panel package. Security researcher…
Xiaomi’s Interoperability App Vulnerability Let Hackers Gain Unauthorized Access to the Victim’s Device
A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device access. The vulnerability, assigned CVE-2024-45347, carries a severe CVSS score of 9.6, indicating its high-risk nature for affected users. Attackers can…
OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data
A critical security vulnerability has been discovered in OPPO’s Clone Phone feature that could expose sensitive user data through inadequately secured WiFi hotspots. The vulnerability, designated CVE-2025-27387, affects ColorOS 15.0.2 and earlier versions, presenting a high-severity risk with a CVSS…
Pro-Iranian Hacktivists Targeting US Networks Department of Homeland Security Warns
The Department of Homeland Security has issued a critical advisory warning of escalating cyber threats from pro-Iranian hacktivist groups targeting United States networks, as tensions between Iran and the US reach a dangerous new peak following recent military exchanges. The…
Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data
A sophisticated phishing campaign emerged in May 2025, targeting U.S. citizens through a coordinated impersonation of state Department of Motor Vehicles (DMV) agencies. This large-scale operation utilized SMS phishing techniques combined with deceptive web infrastructure to harvest personal and financial…
OWASP AI Testing Guide – A New Project to Detect Vulnerabilities in AI Applications
The Open Web Application Security Project (OWASP) has announced the development of a comprehensive OWASP AI Testing Guide, marking a significant milestone in addressing the growing security challenges posed by artificial intelligence implementations across industries. This specialized framework emerges as…
Aviatrix Cloud Controller Authentication Vulnerability Let Attackers Execute Remote Code
Two critical vulnerabilities in Aviatrix Controller, a Software-Defined Networking (SDN) utility that enables cloud connectivity across different vendors and regions. The vulnerabilities allowed attackers to bypass authentication and execute remote code with root privileges, potentially compromising entire cloud infrastructures. Critical…
WinRAR Directory Vulnerability Allows Arbitrary Code Execution Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring…
WinRAR Vulnerability Let Execute Arbitrary Code Using a Malicious File
A severe security vulnerability has been identified in RARLAB’s WinRAR software that enables remote attackers to execute arbitrary code through malicious archive files. The flaw, designated as CVE-2025-6218, carries a CVSS score of 7.8 and affects the handling of directory…
WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks
The U.S. House of Representatives has implemented a comprehensive ban on the WhatsApp messaging application across all government-issued devices used by congressional staffers, marking a significant escalation in federal cybersecurity protocols. The Chief Administrative Officer (CAO) issued the directive Monday,…
North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands
A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing…
LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly
A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in…
Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise. The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with…
Critical Teleport Vulnerability Let Attackers Remotely Bypass Authentication Controls
A critical vulnerability, designated as CVE-2025-49825 that enables attackers to remotely bypass authentication controls in Teleport, a popular secure access platform. The vulnerability affects multiple versions of Teleport infrastructure, prompting immediate security updates across all deployment environments. Cloud customers have…
UAC-0001 Hackers Attacking ICS Devices Running Windows Systems as a Server
Ukrainian government agencies have fallen victim to a sophisticated cyberattack campaign orchestrated by the UAC-0001 group, also known as APT28, targeting industrial control systems (ICS) devices running Windows operating systems as servers. The attacks, which occurred between March and April…
New Echo Chamber Attack Jailbreaks Most AI Models by Weaponizing Indirect References
A sophisticated new jailbreak technique that defeats the safety mechanisms of today’s most advanced Large Language Models (LLMs). Dubbed the “Echo Chamber Attack,” this method leverages context poisoning and multi-turn reasoning to guide models into generating harmful content without ever…