A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how…
Tag: Cyber Security News
New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click
A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft. Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL…
Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked
A data breach at a third-party customer service provider has exposed the personal data of some Discord users, including names, email addresses, and a small number of scanned government-issued photo IDs. The incident did not compromise Discord’s main systems, and…
Renault UK Suffers Cyberattack – Hackers Stolen Users Customers Personal Data
Renault UK has notified customers of a data breach after a cyberattack on one of its third-party service providers resulted in the theft of personal information. The company has assured its clients that its own internal systems were not compromised…
Scattered LAPSUS$ Hunters Announced Salesforce Breach List On New Onion Site
A cybercrime collective known as Scattered LAPSUS$ Hunters has launched a new data leak site on the dark web, claiming it holds nearly one billion records from Salesforce customers. The group is orchestrating a widespread blackmail campaign, setting a ransom…
Top 10 Best Supply Chain Intelligence Security Companies in 2025
The digital world continues to face growing threats around software vulnerabilities, data breaches, and cyber supply chain attacks. As companies rely more heavily on open-source software, third-party code, and cloud-native applications, the need for supply chain intelligence security solutions has…
Top 10 Best Fraud Prevention Companies in 2025
In 2025, digital transactions are at an all-time high, but so are the risks of fraud. Businesses in banking, e-commerce, fintech, and even social networks are facing increasing pressure to secure their platforms against identity theft, payment fraud, and cybersecurity…
New Android Spyware Attacking Android Users Mimic as Signal and ToTok Apps
In recent months, security teams have observed a surge in Android spyware campaigns that prey on privacy-conscious users by masquerading as trusted messaging apps. These malicious payloads exploit users’ trust in Signal and ToTok, delivering trojanized applications that request extensive…
How Fileless Malware Differs From Traditional Malware Attacks
The cybersecurity landscape has witnessed a dramatic evolution in attack methodologies, with fileless malware emerging as one of the most sophisticated and dangerous threats facing organizations today. Unlike traditional malware that relies on executable files stored on disk, fileless attacks…
Chinese Hackers Compromising High-Value IIS Servers to Manipulate Search Rankings
The Chinese-speaking cybercrime group UAT-8099 has been stealthily breaching valuable Internet Information Services (IIS) servers in India, Thailand, Vietnam, Canada, and Brazil to carry out extensive search engine optimization (SEO) fraud. This campaign, which began surfacing in early 2025, leverages…
DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently.…
TOTOLINK X6000R Router Vulnerabilities Let Remote Attackers Execute Arbitrary Commands
Critical security flaws have been discovered in the TOTOLINK X6000R wireless router, exposing users to severe risks of remote code execution and unauthorized system access. These vulnerabilities affect the router’s web interface and various administrative functions, creating multiple attack vectors…
Threat Actors Mimic Popular Brands to Deceive Users and Deploy Malware in New Wave of Attacks
Cybercriminals have launched a sophisticated campaign that leverages brand impersonation techniques to distribute malware through deceptive SMS phishing (smishing) attacks. This emerging threat demonstrates an evolution in social engineering tactics, where attackers strategically craft URLs containing trusted brand names to…
Top 10 Best Account Takeover Protection Tools in 2025
Account Takeover (ATO) attacks have become one of the most pressing security concerns for businesses in 2025. With the rise of credential stuffing, phishing, brute force attacks, and bot-driven fraud, organizations must reinforce their digital defenses. Account takeover can lead…
New ‘Point-and-Click’ Phishing Kit Bypasses User Awareness and Security Filters to Deliver Malicious Payloads
A novel phishing kit has surfaced that enables threat actors to craft sophisticated lures with minimal technical expertise. This “point-and-click” toolkit combines an intuitive web interface with powerful payload delivery mechanisms. Attackers can select from preconfigured templates, customize branding elements,…
Threat Actors Leveraging WhatsApp Messages to Attack Windows Systems With SORVEPOTEL Malware
Enterprise networks worldwide are facing an aggressive, self-propagating malware campaign that exploits WhatsApp as its primary delivery mechanism. First observed in early September 2025 targeting Brazilian organizations, SORVEPOTEL spreads through convincing phishing messages carrying malicious ZIP attachments. Upon execution, the…
SideWinder Hacker Group Hosting Fake Outlook/Zimbra Portals to Steal Login Credentials
APT SideWinder, a state-sponsored threat actor long associated with espionage across South Asia, has recently launched a campaign deploying phishing portals that mimic legitimate Outlook and Zimbra webmail services. Emerging in mid-2025, this operation uses free hosting platforms such as…
Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing Threats
Signal has announced a groundbreaking advancement in secure messaging with the introduction of the Sparse Post Quantum Ratchet (SPQR), a revolutionary cryptographic enhancement designed to protect against future quantum computing threats. This latest security upgrade represents a significant milestone in…
Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware
The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor…
HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers
HackerOne, a leading platform in offensive security, announced it has paid out a total of $81 million in bug bounties to its global community of white-hat hackers over the past year. This figure, detailed in the company’s 9th annual Hacker-Powered…