GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances. These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints…
Tag: Cyber Security News
First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents
The first-ever malicious Model-Context-Prompt (MCP) server discovered in the wild, a trojanized npm package named postmark-mcp that has been secretly exfiltrating sensitive data from users’ emails. The package, downloaded approximately 1,500 times per week, contained a backdoor that copied every…
New Variant of The XCSSET Malware Attacking macOS App Developers
The macOS threat landscape has witnessed a significant escalation with the discovery of a new variant of the XCSSET malware targeting app developers. First observed in late September 2025, this variant builds upon earlier versions by introducing enhanced stealth techniques,…
Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch
A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as a zero-day at least a week before the company released a patch. The vulnerability, tracked as CVE-2025-10035, is a command injection…
Hackers Compromise Active Directory to Steal NTDS.dit that Leads to Full Domain Compromise
Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise. Attackers leveraged native Windows utilities to dump and exfiltrate…
Chinese State-Sponsored Hackers Attacking Telecommunications Infrastructure to Harvest Sensitive Data
In late 2024, a new wave of cyber espionage emerged targeting global telecommunications infrastructure. Operating under the moniker Salt Typhoon, this Chinese state-sponsored group has focused its efforts on routers, firewalls, VPN gateways, and lawful intercept systems within major telecom…
CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild
CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362, actively exploited against Cisco Adaptive Security Appliances (ASA) and select Firepower platforms. The vulnerabilities allow unauthenticated remote code execution and privilege escalation, enabling advanced threat actors…
New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys
Cybercriminals have launched a sophisticated supply chain attack targeting cryptocurrency developers through malicious Rust crates designed to steal digital wallet keys. Two fraudulent packages, faster_log and async_println, have infiltrated the Rust package registry by impersonating the legitimate fast_log logging library,…
Hackers Breach Active Directory to Exfiltrate NTDS.dit Leads to Full Domain and Credential Compromise
Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise. Attackers leveraged native Windows utilities to dump and exfiltrate…
Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers
Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms. Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS…
Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild
Cisco has issued an emergency security advisory warning of active exploitation of a critical zero-day vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software platforms. The vulnerability, tracked as CVE-2025-20333, carries a maximum…
Hackers Exploiting Cisco ASA Zero-Day to Deploy RayInitiator and LINE VIPER Malware
Cybersecurity authorities are urging organizations to take immediate action following the discovery of a sophisticated espionage campaign targeting Cisco Adaptive Security Appliance (ASA) firewalls. In a significant update, Cisco and the UK’s National Cyber Security Centre (NCSC) have revealed that…
Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses
Cybercriminals are increasingly turning to artificial intelligence to enhance their attack capabilities, as demonstrated in a sophisticated phishing campaign recently uncovered by security researchers. The campaign represents a significant evolution in malware obfuscation techniques, utilizing AI-generated code to disguise malicious…
RedNovember Hackers Attacking Government and Technology Organizations to Deploy Backdoor
In mid-2024, cybersecurity professionals began observing a surge of targeted intrusions against government, defense, and technology organizations worldwide. These incidents were linked to a previously uncharacterized threat group later christened RedNovember, which leverages open-source and commodity tools to deploy a…
New Phishing Attack Targeting PyPI Maintainers to Steal Login Credentials
A sophisticated phishing campaign has emerged targeting maintainers of packages on the Python Package Index (PyPI), employing domain confusion tactics to steal authentication credentials from unsuspecting developers. The attack leverages fraudulent emails designed to mimic official PyPI communications, directing recipients…
Hackers Exploiting WordPress Websites With Silent Malware to Gain Admin Access
A sophisticated malware campaign targeting WordPress websites has been discovered employing advanced steganographic techniques and persistent backdoor mechanisms to maintain unauthorized administrator access. The malware operates through two primary components that work in tandem to create a resilient attack infrastructure,…
Threat Actors Using Copyright Takedown Claims to Deploy Malware
A sophisticated malware campaign orchestrated by the Vietnamese Lone None threat actor group has been leveraging fraudulent copyright infringement takedown notices to deploy information-stealing malware onto unsuspecting victims’ systems. The campaign, which has been actively tracked since November 2024, represents…
Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data
A critical vulnerability chain in Salesforce’s Agentforce AI platform, which could have allowed external attackers to steal sensitive CRM data. The vulnerability, dubbed ForcedLeak by Noma Labs, which discovered it, carries a CVSS score of 9.4 and was executed through a sophisticated…
New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware
A recent wave of attacks leveraging malicious Windows shortcut files (.LNK) has put security teams on high alert. Emerging in late August 2025, this new LNK malware distribution exploits trusted Microsoft binaries to bypass endpoint protections and execute payloads without…
Hackers Leverage GitHub Notifications to Mimic as Y Combinator to Steal Funds from Wallets
Cybercriminals have orchestrated a sophisticated phishing campaign exploiting GitHub’s notification system to impersonate the prestigious startup accelerator Y Combinator, targeting developers’ cryptocurrency wallets through fake funding opportunity notifications. The attack leverages GitHub’s issue tracking system to mass-distribute phishing notifications, bypassing…