Multiple critical security vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets could allow attackers to escalate privileges and compromise device security without requiring any user interaction. The Taiwan-based chipset manufacturer published its June 2025 Product Security Bulletin, revealing seven Common…
Tag: Cyber Security News
Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection
Significant vulnerabilities were uncovered in pre-installed applications on Ulefone and Krüger&Matz Android smartphones that expose users to significant risks, including unauthorized factory resets, PIN code theft, and malicious command injection. These flaws, published on May 30, 2025, demonstrate how Improper…
DSPM vs. DLP:Understanding the Key Differences
Modern organizations face a growing challenge in protecting sensitive data. As more people adopt the cloud and rules get tougher, smart and adaptable security is now a must. Two approaches often compared are DSPM and DLP. While both aim to…
Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users
Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android users worldwide. The company confirmed that patches for the vulnerabilities have been…
New PyPI Supply Chain Attacks Python & NPM Users on Windows and Linux
A sophisticated malicious package campaign has emerged targeting Python and NPM users across Windows and Linux platforms through an unusual cross-ecosystem attack strategy. The campaign exploits typo-squatting and name confusion tactics against popular packages including colorama, a widely-used Python library…
Haozi’s Plug-and-Play Phishing Attack Stolen Over $280,000 From Users
A sophisticated phishing-as-a-service operation known as Haozi has emerged as a significant threat in the cybercriminal landscape, facilitating over $280,000 in fraudulent transactions within just five months. Unlike traditional phishing kits that require technical expertise, Haozi offers a streamlined, user-friendly…
HuluCaptcha – A FakeCaptcha Kit That Trick Users to Run Code via The Windows Run Command
A new and sophisticated malware distribution framework dubbed “HuluCaptcha” has emerged, leveraging fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands through Windows Run dialogs. This advanced threat represents a significant evolution in social engineering attacks, combining…
Threat Actors Using ClickFix Technique to Deliver EddieStealer Malware
Cybersecurity researchers have identified a sophisticated new malware campaign leveraging the deceptive ClickFix technique to distribute EddieStealer, a dangerous information-stealing malware built using the Rust programming language. This emerging threat represents a significant evolution in social engineering tactics, exploiting user…
Prioritizing Vulnerabilities in a Sea of Alerts
According to recent industry analysis, cybersecurity professionals are overwhelmed by a flood of security alerts. Organizations process an average of 569,354 alerts annually, yet only 2-5% require immediate action, highlighting the importance of prioritizing vulnerabilities. This overwhelming volume of notifications…
Rise of Deepfake Attacks Detection and Prevention Tips
The digital landscape faces an unprecedented crisis as deepfake attacks surge across global networks, emphasizing the urgent need for deepfake attacks detection and prevention. Fraud attempts have skyrocketed by 2137% over the past three years. What once represented just 0.1%…
Hackers Could Use Stealth Syscall Execution to Bypass Event Tracing & EDR Detection
Security researchers have identified sophisticated new techniques that allow malicious actors to execute system calls while evading detection by modern endpoint security solutions. These stealth syscall execution methods represent a significant evolution in attack methodologies, potentially rendering traditional monitoring tools…
Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses
Underground cybercriminal forums are witnessing the proliferation of sophisticated malware tools, with recent intelligence revealing the sale of a Windows crypter that allegedly bypasses all major antivirus solutions. This tool is being advertised as fully activated and capable of making…
Bluetooth HCI Adaptor Realtek Vulnerability Let Attackers Delete Arbitrary Files
A high-severity vulnerability has been discovered in Realtek’s Bluetooth HCI Adaptor that allows local attackers to delete arbitrary files and potentially escalate privileges on affected systems. The vulnerability, tracked as CVE-2024-11857, was published to the GitHub Advisory Database just three…
CISO Roles Expand Beyond Cybersecurity as Organizations Embrace Strategic Security Leadership
The traditional boundaries of the Chief Information Security Officer role are rapidly dissolving as organizations recognize the strategic value of cybersecurity leadership beyond technical protection. A comprehensive analysis of more than 800 CISOs across diverse industries reveals that most security…
New Study Uncovers Vulnerable Code Pattern Exposes GitHub Projects To Path Traversal Attacks
A comprehensive security research study has revealed a widespread vulnerable code pattern affecting thousands of open-source projects on GitHub, exposing them to critical path traversal attacks that could allow malicious actors to access sensitive files and crash server systems. The…
Securing APIs Protecting Backbone of Modern Applications
As modern applications increasingly depend on APIs to drive everything from mobile banking to healthcare systems, a growing security crisis is emerging across the digital landscape, highlighting the critical importance of securing APIs. New data reveals that API security incidents…
50,000+ Azure AD Users Access Token Exposed From Unauthenticated API Endpoint
A critical security vulnerability affecting over 50,000 Azure Active Directory users has been discovered, exposing sensitive employee data through an unsecured API endpoint embedded within a JavaScript file. The incident, uncovered by cybersecurity firm CloudSEK, reveals how a single misconfiguration…
Role of Threat Intelligence in Proactive Defense Strategies
Organizations worldwide increasingly recognize that traditional reactive cybersecurity approaches are no longer sufficient to combat sophisticated cyber threats. A comprehensive analysis of current industry practices reveals that threat intelligence has become the cornerstone of effective proactive defense strategies, enabling organizations…
AI-Driven Threat Intelligence Staying Ahead of Attackers
As cyber threats evolve at an unprecedented pace in 2025, organizations worldwide are turning to artificial intelligence to stay one step ahead of increasingly sophisticated attackers. The global threat intelligence market, valued at $14.29 billion in 2024, is projected to…
Critical Roundcube Vulnerability Let Attackers Execute Remote Code
A critical vulnerability in the widely used Roundcube Webmail software allows authenticated attackers to execute arbitrary code remotely. The vulnerability, discovered through PHP object deserialization flaws, affects all installations running versions 1.6. x and 1.5. One of the popular open-source…