Decentralized applications (DApps) have revolutionized blockchain technology by enabling trustless, transparent operations across various industries. However, with over $6 billion lost to security breaches in 2024 alone, protecting these applications has become paramount for developers and organizations. This comprehensive guide…
Tag: Cyber Security News
APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware
A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, which exploited a previously unknown zero-day vulnerability to target a major Turkish defense company and execute malware remotely. The attack leveraged CVE-2025-33053, a remote code execution vulnerability that…
Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products
Fortinet has released security updates addressing multiple vulnerabilities across its product portfolio, including FortiOS, FortiAnalyzer, FortiProxy, and FortiWeb systems. The cybersecurity company’s Product Security Incident Response Team (PSIRT) published advisories covering flaws ranging from privilege escalation to command injection vulnerabilities…
Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild – All Versions Affected
Microsoft has confirmed that a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation is being actively exploited by attackers in the wild, prompting an urgent security update as part of June 2025’s Patch Tuesday. The vulnerability,…
Hackers Continue to Leverage ConnectWise ScreenConnect Tool to Deploy Malware
Cybercriminals are intensifying their exploitation of ConnectWise ScreenConnect, a legitimate remote monitoring and management (RMM) tool, to deploy sophisticated malware campaigns targeting global financial organizations. This alarming trend represents a significant evolution in threat actor tactics, as attackers leverage digitally…
Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support
India’s Central Bureau of Investigation successfully dismantled a sophisticated transnational cybercriminal network that impersonated Microsoft technical support services, targeting vulnerable older adults primarily in Japan. The coordinated operation on May 28, 2025, involved raids across 19 locations throughout India, resulting…
How to Secure Kubernetes Clusters – A Cybersecurity Perspective
Kubernetes has become the de facto standard for container orchestration, but its complex architecture introduces numerous security challenges that organizations must address proactively. Securing a Kubernetes cluster requires a multi-layered approach encompassing control plane protection, robust authentication mechanisms, network segmentation,…
Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched
Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is currently being actively exploited, as well as another vulnerability that has…
APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware
A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, which exploited a previously unknown zero-day vulnerability to target a major Turkish defense company and execute malware remotely. The attack leveraged CVE-2025-33053, a remote code execution vulnerability that…
Phishing Defense Strategies – Advanced Techniques for Email Security
Modern phishing attacks have evolved far beyond simple deceptive emails, now incorporating AI-generated content, deepfake impersonation, and sophisticated social engineering techniques that bypass traditional security measures. Organizations face an unprecedented challenge as cybercriminals leverage artificial intelligence to create compelling phishing…
FortiOS SSL-VPN Vulnerability Let Attackers Access full SSL-VPN settings
Fortinet has disclosed a new security vulnerability affecting its FortiOS SSL-VPN web-mode that allows authenticated users to gain unauthorized access to complete SSL-VPN configuration settings through specially crafted URLs. The vulnerability, designated as CVE-2025-25250, was published today and affects multiple…
Global Heroku Outage Disrupts Web Platforms Worldwide
Salesforce’s cloud platform Heroku is currently experiencing a widespread service disruption that has affected thousands of businesses around the globe. The outage, which began earlier today, has crippled critical platform services including authentication systems and deployment pipelines, leaving developers unable…
Free vs. Paid Threat Intelligence Feeds: What SOC Managers Need To Know
In today’s dynamic threat landscape, Threat Intelligence (TI) feeds have become a must-have for Security Operations Centers (SOCs). Whether free or paid, they offer vital insights helping teams identify threats, develop detection rules, enrich alerts, and accelerate incident response. Threat intelligence feeds…
New SharePoint Phishing Attacks Using Lick Deceptive Techniques
A sophisticated new wave of phishing attacks is exploiting Microsoft SharePoint’s trusted platform to bypass traditional security measures, representing a significant evolution in cyberthreat tactics. These attacks leverage SharePoint’s inherent legitimacy within corporate environments to deceive users into believing they…
Understanding and Preventing SQL Injection Attacks – A Technical Guide
SQL injection represents one of the most persistent and dangerous web application vulnerabilities, consistently ranking among the top security threats in the OWASP Top 10. This comprehensive technical guide explores the mechanics of SQL injection attacks, demonstrates practical exploitation techniques,…
Qtap – An Open-Source Tool to See Through Encrypted Traffic in Linux systems
Qpoint has released Qtap, an open-source eBPF agent for monitoring network traffic in Linux systems. It hooks into TLS/SSL functions to capture data before and after encryption, showing unencrypted traffic with details like process, container, host, user, and protocol. Qtap…
Hardening Linux Servers – A Comprehensive Cybersecurity Checklist
Linux servers power much of our digital infrastructure, from corporate intranets to cloud services. Their security is paramount in today’s threat landscape. This comprehensive hardening guide provides concrete steps to secure your Linux servers against various attack vectors, complete with…
Critical SAP NetWeaver Vulnerability Let Attackers Bypass Authorization Checks
A critical security vulnerability has been discovered in SAP NetWeaver Application Server for ABAP that allows authenticated attackers to bypass standard authorization checks and escalate their privileges within enterprise systems. The vulnerability, tracked as CVE-2025-42989 and assigned a CVSS score…
Fortinet OS Command Injection Vulnerability Lets Attackers Execute Unauthorised Code on FortiAnalyzer-Cloud
Fortinet, a leading provider of cybersecurity solutions, has recently addressed a significant security vulnerability, CVE-2023-42788, classified as an OS command injection issue under CWE-78. This vulnerability affects multiple products earlier including FortiManager, FortiAnalyzer, and today Fortinet confirmed that the vulnerability…
Ivanti Workspace Control Vulnerabilities Let Attackers Decrypt Stored SQL Credentials
Ivanti has issued urgent security updates for its Workspace Control platform after discovering three high-severity vulnerabilities that could allow attackers to decrypt stored SQL credentials. The company released patches addressing these security flaws, which affect versions 10.19.0.0 and earlier of…