A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was…
Tag: Cyber Security News
AMOS macOS Stealer Distributed Via Clickfix Bypasses macOS Security & Execute Malware
A sophisticated malware campaign has emerged targeting macOS users through typo-squatted domains mimicking Spectrum, the major U.S. telecommunications provider. The attack employs a new variant of Atomic macOS Stealer (AMOS) disguised as a CAPTCHA verification system, demonstrating cybercriminals’ evolving tactics…
CISA Warns of Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code
CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome’s V8 JavaScript engine that is being actively exploited by cybercriminals to execute arbitrary code on victims’ systems. On June 5, 2025, CISA added CVE-2025-5419 to its…
DCRat Attacking Users In Latin America To Steal Banking Credentials
A sophisticated malware campaign targeting Latin American users has emerged as a significant threat to the region’s banking sector, with cybercriminals deploying the DCRat banking trojan through elaborate phishing schemes designed to steal financial credentials. The malicious operations, which have…
SCATTERED SPIDER Hackers Attacking IT Support Teams & Bypass Multi-Factor Authentication
A sophisticated cybercriminal group known as SCATTERED SPIDER has emerged as one of the most dangerous threats facing organizations today, demonstrating an alarming ability to bypass multi-factor authentication through cunning social engineering tactics targeting IT support teams. This threat actor,…
Threat Actors Using Malware Loaders To Bypass Android 13+ Accessibility Restrictions
Cybercriminals have successfully circumvented Google’s Android 13 security enhancements designed to prevent malicious applications from abusing accessibility services, according to recent threat intelligence findings. The tech giant implemented these restrictions specifically to block accessibility access for sideloaded applications, a measure…
Cisco IMC Vulnerability Attackers to Access Internal Services with Elevated Privileges
A significant vulnerability in Cisco’s Integrated Management Controller (IMC) that allows malicious actors to gain elevated privileges and access internal services without proper authorization. This vulnerability poses substantial risks to enterprise networks relying on Cisco’s server management infrastructure, potentially enabling…
New Eleven11bot Hacked 86,000 IP Cameras for Massive DDoS Attack
The cybersecurity landscape faces a growing threat from sophisticated botnet operations targeting Internet of Things (IoT) devices, with recent developments highlighting the vulnerability of connected cameras and smart devices. While specific details about the Eleven11bot malware remain limited in publicly…
Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate as Managed Devices
A high-severity vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC) that could allow unauthenticated attackers to impersonate managed network devices through compromised SSH connections. The vulnerability, tracked as CVE-2025-20163, carries a CVSS base score of 8.7 and…
VMware NSX XSS Vulnerability Allows Attackers to Inject Malicious Code
Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code. The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway…
WordPress Admins Beware! Fake Cache Plugin that Steals Admin Logins
A sophisticated malware campaign targeting WordPress administrators has been discovered, utilizing a deceptive caching plugin to steal login credentials and compromise website security. Security researchers have identified a malicious plugin disguised as “wp-runtime-cache” that specifically targets users with administrative privileges,…
Lumma Infostealers Developers Trying Hard To Conduct Business As Usual
In the high-stakes world of cybercrime, few tools have garnered as much attention as Lumma Infostealer. Emerging as a powerful malware-as-a-service (MaaS) offering, Lumma achieved notoriety for its wide-reaching impact on both individuals and enterprises. Its main function is to…
Play Ransomware Hacked 900 Organizations, CISA Released TTPs & IOCs
Federal authorities have revealed that the notorious Play ransomware group has successfully breached approximately 900 organizations worldwide as of May 2025, marking a dramatic escalation in cybercriminal activity that has prompted an urgent security advisory from multiple government agencies. The…
Top 10 GPT Tools For Hackers, Penetration Testers, & Security Analysts
A recent analysis has identified ten advanced GPT models that are transforming the methodologies employed by hackers, penetration testers, and security analysts in 2025. These models are enhancing the precision and efficiency of security assessments, threat modeling, and vulnerability exploitation, thereby…
Wireshark Vulnerability Enables DoS Attack Through Malicious Packet Injection
A critical vulnerability in the popular network protocol analyzer Wireshark has been discovered, allowing attackers to trigger denial-of-service (DoS) attacks through packet injection or the use of malformed capture files. The security flaw, identified as CVE-2025-5601, affects millions of users…
New Phishing Attack that Hides Malicious Link from Outlook Users
A sophisticated phishing technique that exploits Microsoft Outlook‘s HTML rendering capabilities to hide malicious links from corporate security systems while maintaining their effectiveness against end users. The attack leverages conditional HTML statements to display different content depending on whether the…
Cisco ISE Vulnerability Allows Remote to Access Sensitive Data – PoC Exploit Available
A critical vulnerability affecting its Identity Services Engine (ISE) when deployed on major cloud platforms, warning that proof-of-concept exploit code is now publicly available. The flaw, tracked as CVE-2025-20286 with a CVSS score of 9.9, enables unauthenticated remote attackers to…
Authorities Seized 145 Dark Web Marketplace Having 117,000 Registered Customers
Federal authorities have successfully dismantled BidenCash, one of the largest criminal marketplaces operating on both the dark web and the traditional internet. In a coordinated law enforcement operation, approximately 145 domains associated with the platform were seized. The BidenCash marketplace…
35,000 Solar Power Systems Exposed To Internet Are Vulnerable To Cyberattacks
A comprehensive cybersecurity investigation has revealed alarming vulnerabilities in the rapidly expanding solar energy infrastructure, with nearly 35,000 solar power devices found exposed to internet-based attacks across 42 vendors worldwide. The discovery underscores growing security concerns as renewable energy systems…
APT37 Hackers Mimic Academic Forum Invites To Deliver Malicious LNK Files Via Dropbox Platform
The North Korea-linked APT37 threat group has launched a sophisticated spear phishing campaign targeting South Korean activists and researchers focused on North Korean affairs, employing deceptive academic forum invitations to distribute malicious shortcut files through cloud-based infrastructure. The campaign, which…