Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from…
Tag: Cyber Security News
Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks
Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation, as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote code execution, posing severe risks to enterprise security monitoring systems. CVE-2025-64155 stems from improper neutralization…
MonetaStealer Malware Powered with AI Code Attacking macOS Users in the Wild
A new information-stealing malware named MonetaStealer has been discovered actively targeting macOS users through deceptive file disguises and social engineering tactics. Security researchers at Iru first identified this threat on January 6, 2026, when they found a suspicious Mach-O binary…
Turla’s Kazuar v3 Loader Leverages Event Tracing for Windows and Bypasses Antimalware Scan Interface
Turla, a sophisticated threat actor known for targeted cyber attacks, has deployed an upgraded version of its Kazuar v3 loader that introduces advanced evasion techniques designed to bypass modern security defenses. This latest iteration, discovered in January 2026, showcases a…
New Sicarii RaaS Operation Attacks Exposed RDP Services and Attempts to Exploit Fortinet Devices
In December 2025, a previously unknown ransomware-as-a-service operation named Sicarii emerged across underground platforms, introducing itself as an Israeli or Jewish affiliated group. The operation stands apart from typical financially motivated ransomware due to its explicit use of Hebrew language,…
Critical WordPress Plugin Vulnerability Exploited in the Wild to Gain Instant Admin Access
A critical unauthenticated privilege escalation vulnerability in the Modular DS WordPress plugin allows attackers to gain instant admin access, with exploitation confirmed in the wild. Affecting over 40,000 sites, the flaw in versions up to 2.5.1 has prompted urgent patches…
Firefox 147 Released With Fixes for 16 Vulnerabilities that Enable Arbitrary Code Execution
Mozilla released Firefox 147 on January 13, 2026, addressing 16 security vulnerabilities detailed in the Mozilla Foundation Security Advisory. The update patches critical issues across components such as graphics, JavaScript, and networking, addressing six high-impact flaws, including multiple sandbox escapes,…
Critical Cal.com Vulnerability Let Attackers Bypass Authentication and Hijack any User Account
A critical authentication bypass vulnerability in Cal.com’s scheduling platform enables attackers to hijack any user account by exploiting a flaw in the NextAuth JWT callback mechanism. Tracked as CVE-2026-23478, this vulnerability affects versions from 3.1.6 up to but not including…
Microsoft and Authorities Dismatles BEC Attack Chain Powered by RedVDS Fraud Engine
A joint operation led by Microsoft and international law enforcement has dismantled a business email compromise (BEC) attack chain powered by the RedVDS fraud engine. RedVDS operated as a low‑cost “cybercrime subscription” platform, giving criminals disposable virtual machines that looked…
HPE Aruba Vulnerabilities Enables Unauthorized Access to Sensitive Information
Hewlett Packard Enterprise (HPE) has disclosed four high-severity vulnerabilities in its Aruba Networking Instant On devices that could allow attackers to access sensitive network information and disrupt operations. The security flaws, identified as CVE-2025-37165, CVE-2025-37166, CVE-2023-52340, and CVE-2022-48839, affect devices…
Chinese Threat Actors Hosted 18,000 Active C2 Servers Across 48 Hosting Providers
Threat actors linked to Chinese hosting infrastructure have established a massive network of over 18,000 active command-and-control servers across 48 different hosting providers in recent months. This widespread abuse highlights a serious issue in how malicious infrastructure can hide within…
Palo Alto Networks Firewall Vulnerability Allows Attacker to Trigger DoS Attacks
Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from…
Palo Alto Networks Firewall Vulnerability Allows Attackers to Trigger Denial of Service
Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from…
Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network
Microsoft released security updates on January 13, 2026, addressing a critical elevation of privilege vulnerability in SQL Server that enables authorized attackers to bypass authentication controls and gain elevated system privileges remotely. Tracked as CVE-2026-20803, the vulnerability stems from missing…
Palo Alto Networks Firewall Vulnerability Allows Unauthenticated Attackers to Trigger Denial of Service
Palo Alto Networks has patched a critical denial-of-service vulnerability in its PAN-OS firewall software, tracked as CVE-2026-0227, which lets unauthenticated attackers disrupt GlobalProtect gateways and portals. The flaw carries a CVSS v4.0 base score of 7.7 (HIGH severity), stemming from…
Stealthy CastleLoader Malware Attacking US Government Agencies and Critical Infrastructure
A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks…
New One-Click Microsoft Copilot Vulnerability Grants Attackers Undetected Access to Sensitive Data
A novel single-click attack targeting Microsoft Copilot Personal that enables attackers to silently exfiltrate sensitive user data. The vulnerability, now patched, allowed threat actors to hijack sessions via a phishing link without further interaction. Attackers initiate Reprompt by sending a…
Researchers Breakdown DragonForce Ransomware Along with Decryptor for ESXi and Windows Systems
DragonForce is the latest ransomware brand to move from noisy forum posts to full RaaS operations, targeting both Windows and VMware ESXi environments. First seen in December 2023 on BreachForums, the group advertises stolen data and uses a dark web…
North Korean Hackers use Code Abuse Tactics for ‘Contagious Interview’ Campaign
North Korean threat actors have launched a sophisticated social engineering campaign targeting software developers through fake recruitment offers. The campaign, known as Contagious Interview, uses malicious repositories disguised as technical assessment projects to deploy a dual-layer malware system. Victims are…
VVS Stealer Attacking Discord Users to Exfiltrate Credentials and Tokens
Discord users are facing a growing threat from VVS Stealer, a Python-based information-stealing malware that targets sensitive account data, including credentials and tokens. This stealer was actively marketed on Telegram as early as April 2025, promoting its ability to steal…