A sophisticated Russian state-sponsored cyber campaign has targeted prominent academics and critics of Russia through an innovative social engineering attack that exploited Google’s Application Specific Password (ASP) functionality. The operation, which ran from April through early June 2025, demonstrated a…
Tag: Cyber Security News
Microsoft Entra ID to Extend Passkey (FIDO2) Authentication Methods to Support Public Preview
Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features. The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …
Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts
A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resources from arbitrary hosts. The vulnerability, assigned CVE-2025-6087 with a CVSS score of 7.8, affects all…
Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion
A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion. The vulnerability, tracked as CVE-2025-49763, affects the Edge Side Includes (ESI) plugin and poses significant risks to…
Hackers Leverage Cloudflare Tunnels to Infect Systems Using Stealthy Python-Based Malware
A sophisticated malware campaign has emerged that exploits Cloudflare’s tunneling infrastructure to deliver multi-stage Python-based payloads, demonstrating an alarming evolution in cybercriminal tactics. The campaign, tracked as SERPENTINE#CLOUD, represents a significant escalation in the abuse of legitimate cloud services for…
Authorities Busted Ransomware Gang – Nine Laptops and 15 Mobile Devices Were Seized
Thai law enforcement successfully dismantled a sophisticated ransomware operation during a coordinated raid at the Antai Holiday Hotel in central Pattaya on Monday, June 16, 2025. The operation resulted in the arrest of six Chinese nationals specifically tasked with distributing…
Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack
A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services. The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published…
Password Reset Poisoning Attack Allows Account Takeover Using the Password Reset Link
A critical vulnerability in password reset mechanisms has been discovered that allows attackers to completely take over user accounts by manipulating password reset links. Security researcher Pratik Dabhi recently disclosed details of a Host Header Injection attack that exploits how…
Golden SAML Attack Let Attackers Gains Control of The Private Keyused by Federation Server
Cybersecurity professionals are facing a sophisticated new threat as Golden SAML attacks emerge as one of the most dangerous yet stealthy techniques targeting enterprise identity infrastructure. These attacks represent a significant escalation in the threat landscape, allowing malicious actors to…
Xiaomi Smartwatch Hacked Using Touch Point to Find Unlock PIN coordinates
Security researcher Sergei Volokitin has presented findings on hardware vulnerabilities discovered in Xiaomi devices, including the company’s S3 smartwatch, during a presentation at a major cybersecurity conference. The research was conducted as part of a collaborative security event where researchers…
5 New Trends In Phishing Attacks On Businesses – Must Aware Threats
Phishing remains one of the most effective ways attackers infiltrate corporate environments. Today’s phishing campaigns are no longer just poorly written emails with obvious red flags. They’re sophisticated, well-disguised, and tailored to exploit trust in everyday tools your teams use. …
New SuperCard Malware Using Hacked Android Phones to Relay Data from Users Payment Cards to Attackers Device
In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts…
Insecure GitHub Actions in Open Source Projects MITRE and Splunk Exposes Critical Vulnerabilities
A comprehensive security investigation has revealed widespread vulnerabilities in GitHub Actions workflows across major open source repositories, including those maintained by prestigious organizations such as MITRE and Splunk. The discovery highlights a concerning pattern of insecure continuous integration and continuous…
RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices
The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe. This sophisticated malware campaign represents one of the most persistent and evolving cyber threats currently plaguing internet-connected…
Microsoft Defender for Office 365 to Block Email Bombing Attacks
Microsoft has announced a new security capability within its Defender for Office 365 suite aimed at combating the growing threat of email bombing attacks. The feature, officially labeled “Mail Bombing Detection,” will automatically identify and quarantine high-volume email flooding campaigns…
PLA Rapidly Deploys AI Technology Across Military Intelligence Operations
China’s People’s Liberation Army has accelerated its integration of generative artificial intelligence across military intelligence operations, marking a significant shift in how the world’s largest military force approaches data collection, analysis, and strategic decision-making. This technological transformation represents the PLA’s…
Researchers Uncovered on How Russia Leverages Private Companies, Hacktivist to Strengthen Cyber Capabilities
A comprehensive new study reveals the sophisticated architecture behind Russia’s externalized cyber warfare strategy, exposing how the Kremlin systematically exploits private companies, hacktivist collectives, and cybercriminal groups to enhance its digital offensive capabilities while maintaining plausible deniability. The research demonstrates…
Beware of Fake CAPTCHA Pop-Up Windows That Silently Installs LightPerlGirl Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging fake CAPTCHA verification windows to trick users into manually executing malicious PowerShell commands. The newly identified threat, dubbed LightPerlGirl, represents a concerning evolution in social engineering tactics that exploits users’ trust…
System Admins Beware! Weaponized Putty Ads in Bing Installs Remote Access Tools
Cybersecurity experts are sounding the alarm about a sophisticated malware campaign that leverages malicious advertisements targeting system administrators through weaponized PuTTY downloads. This emerging threat represents a significant shift in attack vectors, with malicious advertisements now surpassing traditional phishing methods…
Qilin Emerges as a New Dominant Ransomware Attacking Windows, Linux, and ESXi Systems
Cybersecurity experts are raising alarms as a sophisticated new ransomware strain named Qilin has rapidly gained prominence in the threat landscape, demonstrating unprecedented cross-platform capabilities. The malware has been observed successfully compromising Windows workstations, Linux servers, and VMware ESXi hypervisors…