serisec

Category: cyber-security-news

  • Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition

    Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition Cisco has issued security advisories for multiple vulnerabilities affecting its IOS XR Software, with particular emphasis on a significant memory corruption vulnerability in the Border Gateway Protocol (BGP) confederation implementation.  The vulnerability tracked as CVE-2025-20115, with a CVSS score of 8.6, could…

  • Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication

    Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication Two critical authentication bypass vulnerabilities have been discovered in the ruby-saml library, potentially exposing numerous web applications to account takeover attacks.  Security researchers from GitHub Security Lab have identified parser differential vulnerabilities (CVE-2025-25291 and CVE-2025-25292) affecting ruby-saml versions up to 1.17.0, which could allow attackers to impersonate any…

  • Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover 

    Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover  Two sophisticated phishing campaigns were observed targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities combined with brand impersonation techniques.  Threat researchers are warning organizations about these highly targeted attacks designed to bypass traditional security controls and achieve account takeover (ATO). The malicious campaigns leverage familiar…

  • New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens

    New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python’s official third-party software repository.  This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud…

  • Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware

    Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand.  The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher, the malware uses the current time in…

  • SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware

    SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of a custom ransomware strain dubbed “SuperBlack.”…

  • Top 10 Best Cyber Attack Simulation Tools – 2025

    Top 10 Best Cyber Attack Simulation Tools – 2025 Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. These tools range from breach and attack simulation (BAS) platforms to adversary emulation frameworks. Here are some of the top cyber attack simulation tools: Cyberattack is…

  • Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days

    Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March patch tuesday update included fixes for: In addition to…

  • 400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild

    400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild A coordinated surge in Server-Side Request Forgery (SSRF) exploitation has been detected across multiple widely used platforms, affecting organizations worldwide. Security monitoring reveals approximately 400 unique IP addresses actively targeting multiple SSRF-related CVEs simultaneously, indicating a sophisticated and potentially dangerous campaign. The exploitation surge began…

  • CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

    CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633.  This improper neutralization flaw (CWE-707) enables remote attackers to execute arbitrary code over a network, posing significant…

  • Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations

    Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. Initial…

  • Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks

    Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable…

  • Enabling Incognito Mode in RDP to Hide All the Traces

    Enabling Incognito Mode in RDP to Hide All the Traces Microsoft’s Remote Desktop Protocol (RDP) has introduced a lesser-known but critical security feature colloquially referred to as “incognito mode” through its /public command-line parameter.  This functionality, formally called public mode, prevents the client from storing sensitive session artifacts—a development with significant implications for cybersecurity, digital…

  • GitHub Details How Security Professionals Can Use Copilot to Analyze Logs

    GitHub Details How Security Professionals Can Use Copilot to Analyze Logs GitHub has unveiled groundbreaking applications of its AI-powered coding assistant, Copilot, specifically tailored for security professionals analyzing system logs and operational data.  The tool now demonstrates unprecedented capabilities in parsing security event information, identifying anomalies, and accelerating incident response workflows through intelligent code suggestions…

  • North Korean IT Workers Using GitHub To Attack Organization Globally

    North Korean IT Workers Using GitHub To Attack Organization Globally Cybersecurity research firm NISOS has uncovered a network of suspected North Korean IT workers who are leveraging GitHub to create elaborate fake personas aimed at securing employment with companies in Japan and the United States. These individuals pose as Vietnamese, Japanese, and Singaporean nationals while…

  • CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a severe vulnerability in the Edimax IC-7100 IP Camera. This vulnerability, CVE-2025-1316, allows attackers to execute remote code on the device by sending specially crafted requests, exploiting an improper neutralization…

  • AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches

    AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a hash function during microcode validation—a…

  • Google Silently Tracks Android Device Even No Apps Opened by User

    Google Silently Tracks Android Device Even No Apps Opened by User Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently track users without seeking…

  • Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k

    Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k Two individuals were arrested this week in a sophisticated cybercrime operation targeting high-demand events. They were accused of orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s Eras Tour and other major concerts.  Queens District Attorney Melinda Katz revealed that Tyrone Rose, 34,…

  • SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details

    SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities.  This shift in strategy represents a significant evolution in ransomware operations, targeting organizations’ cybersecurity weaknesses rather…

  • Android App With 220,000+ Downloads From Google Play Installs Banking Trojan

    Android App With 220,000+ Downloads From Google Play Installs Banking Trojan A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection process. It deploys fake…

  • 50 World’s Best Cyber Security Companies – 2025

    50 World’s Best Cyber Security Companies – 2025 Cybersecurity has transformed from a niche technical field into a critical business priority that shapes organizational strategies worldwide. As we navigate through 2025, the cybersecurity industry continues to expand in response to increasingly sophisticated threats, digital transformation initiatives, and regulatory requirements. The global cybersecurity market is thriving, with projections showing growth to $345.4…

  • Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware

    Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware A sophisticated ransomware attack leveraging a critical Atlassian Confluence vulnerability (CVE-2023-22527, CVSS 10.0) has been uncovered, culminating in the deployment of LockBit Black ransomware across enterprise networks within two hours of initial compromise. The attackers orchestrated a multi-stage intrusion involving credential theft, lateral movement via RDP,…

  • Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released

    Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems.  All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the flaw identified as CVE-2024-34331, which…

  • DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast

    DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory bandwidth and 580 TFLOPS…

  • Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries

    Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.  The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN SMTP transactions when specific configuration…

  • PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability

    PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5’s BIG-IP application delivery controllers.  The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to execute arbitrary system commands through improper neutralization of special elements in…

  • Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code 

    Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses…

  • Russian Government Proposed New Penalties to Combat Cybercrime

    Russian Government Proposed New Penalties to Combat Cybercrime The Russian government announced a comprehensive legislative package on February 10, 2025, introducing severe penalties for cybercrimes.  The reforms, which amend over 30 existing laws, aim to modernize Russia’s cybersecurity framework by escalating prison terms, expanding asset confiscation protocols, and mandating public trials for high-profile cybercriminals.  The…

  • GPT-4o Copilot Trained in Over 30 Popular Programming Languages

    GPT-4o Copilot Trained in Over 30 Popular Programming Languages Microsoft has unveiled GPT-4o Copilot, a cutting-edge code completion model now available for Visual Studio Code (VS Code) users.  Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories spanning more than 30 popular programming languages, this update promises significant improvements in…

  • Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses

    Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection,…

  • CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities

    CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers.  These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical infrastructure sectors.  The disclosures underscore escalating…

  • Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication

    Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and “UTA0307.”…

  • Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number

    Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users.  This breach highlights the critical need for robust security measures in government-operated digital platforms,…

  • New Android Security Feature that Blocks Changing Sensitive Setting During Calls

    New Android Security Feature that Blocks Changing Sensitive Setting During Calls Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during active phone calls.  This feature, currently live in the beta version, prevents enabling permissions like sideloading apps and granting…

  • Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment

    Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. The scam involves a malicious binary named CITFIX#37.exe, which…

  • PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats

    PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an all-in-one lab environment, PurpleLab equips analysts with tools to enhance…

  • SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

    SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox,…

  • New Go-Based Malware Exploits Telegram and Use It as C2 Channel

    New Go-Based Malware Exploits Telegram and Use It as C2 Channel Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. While the malware appears to still be under development, it is already fully functional and capable of executing various malicious activities. This innovative use…

  • Beware of Fake BSOD Delivered by Malicious Python Script

    Beware of Fake BSOD Delivered by Malicious Python Script A recently discovered Python script has been flagged as a potential cybersecurity threat due to its use of a clever anti-analysis trick.  This script, which has a low detection rate on VirusTotal (4/59), uses the tkinter library to create a fake “Blue Screen of Death” (BSOD)…

  • Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly

    Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. The vulnerability discovered by two web development experts arises from the website’s use of an unsecured…

  • Lazarus Group Infostealer Malwares Attacking Developers In New Campaign

    Lazarus Group Infostealer Malwares Attacking Developers In New Campaign The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware, designed to steal sensitive information from developers’ systems. The attack leverages social engineering tactics, including fake…

  • New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

    New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack, attributed to a group called Storm-2372, has been active since August 2024 and targets a wide range…

  • RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access 

    RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as “Salt Typhoon,” also referred to as “RedMike.”  Between December 2024 and January 2025, the group exploited over 1,000 unpatched Cisco network devices globally, targeting telecommunications providers and universities.  The campaign highlights…

  • AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

    AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen Master Utility, a software tool designed to optimize the performance of AMD Ryzen processors.  The vulnerability, classified as DLL hijacking, could allow attackers to execute arbitrary code and escalate privileges on…

  • PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

    PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.  This flaw was identified during research into the exploitation of CVE-2024-12356, a remote code execution (RCE) vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products.  The discovery highlights…

  • WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

    WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files. The flaw, rated 7.8 on the CVSS scale, impacts WinZip 28.0 (Build 16022) and earlier versions, requiring users to update to…

  • Have I Been Pwned Likely to Ban Resellers Subscriptions

    Have I Been Pwned Likely to Ban Resellers Subscriptions Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships.  Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the service. HIBP is a collectivel that…

  • Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS

    Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.  This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected systems to significant threats…

  • Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource

    Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts.  The vulnerability arises from misconfigured…

  • KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques

    KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from exploitation.  The findings, presented at the…

  • Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications

    Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server capabilities make it an attractive choice…

  • Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications

    Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks.  These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers. CVE-2025-1193 Improper Host…

  • Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans

    Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans In honor of Safer Internet Day, Google has announced a significant milestone in online security, more than 1 billion Chrome users are now safeguarded by the browser’s Enhanced Protection mode. This advanced security feature, introduced in 2020 as part of Google Safe…

  • Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

    Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.  This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems.  The flaw is present in versions up to 22.7R2.5…

  • Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory

    Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory A sophisticated attack targeting Google’s Gemini Advanced chatbot.  The exploit leverages indirect prompt injection and delayed tool invocation to corrupt the AI’s long-term memory, allowing attackers to plant false information that persists across user sessions.  This vulnerability raises serious concerns about the security of…

  • Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely

    Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely A significant security vulnerability has been identified in Windows, allowing attackers to remotely delete targeted files on affected systems. This vulnerability, tracked as CVE-2025-21391, was disclosed on February 11, 2025, and is classified as an Elevation of Privilege vulnerability with a severity rating of…

  • USB Army Knife – A Powerful Red Team Tool for Penetration Testers

    USB Army Knife – A Powerful Red Team Tool for Penetration Testers The USB Army Knife is a versatile red-teaming tool for penetration testers that emulates a USB Ethernet adapter for traffic capture, enables custom attack interfaces, and functions as covert storage all in one compact device. This multi-functional firmware combines a variety of attack…

  • FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials

    FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials A sophisticated malware campaign dubbed “FinStealer” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. The malware, identified as Trojan.rewardsteal/joxpk, employs advanced tactics to steal banking credentials and personal information from unsuspecting users. The malicious campaign operates through a…

  • SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data

    SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data SEOUL, South Korea’s National Intelligence Service (NIS) has raised concerns over the Chinese AI app DeepSeek, accusing it of “excessively” collecting personal data and posing national security risks.  The NIS issued an advisory urging government agencies to adopt stringent security measures when dealing with the app,…

  • Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account

    Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account Eric Council Jr., a 25-year-old from Athens, Alabama, pleaded guilty on February 10, 2025, to charges stemming from the January 2024 hacking of the U.S. Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter).  The breach involved a fraudulent…

  • Akira Ransomware Leads The Number of Ransomware Attacks For January 2025

    Akira Ransomware Leads The Number of Ransomware Attacks For January 2025 January 2025 marked a significant month in the ransomware landscape, with Akira emerging as the leading threat. According to recent reports, Akira was responsible for 72 attacks globally, highlighting its rapid rise in prominence. This surge in activity is part of a broader trend…

  • SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account

    SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2 library, specifically related to XML entities, to deceive the verification process. The…

  • Tor Browser 14.0.6 Released, What’s New!

    Tor Browser 14.0.6 Released, What’s New! The Tor Project has officially launched Tor Browser 14.0.6, addressing a critical crash issue affecting users on older macOS systems. This latest update incorporates several technical improvements, ensuring enhanced stability and performance across platforms. Tor Browser is built on Firefox ESR (Extended Support Release) and incorporates advanced privacy features…

  • Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

    Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities that pose serious risks to its users.  These vulnerabilities, identified as CVE-2025-25064 and CVE-2025-25065, allow attackers to exploit the system for unauthorized access to sensitive data and internal network…

  • PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

    PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers A recently disclosed vulnerability in AnyDesk, a popular remote desktop software, identified as CVE-2024-12754, enables local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files.  This could potentially escalate their privileges to administrative levels,…

  • Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites

    Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving tactics of cybercriminals in leveraging legitimate tools for malicious purposes. Google Tag Manager…

  • TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30

    TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30 In an impressive demonstration of cost-effective AI research, a group of researchers has successfully replicated DeepSeek’s R1-Zero model for just $30. Dubbed TinyZero, this project focuses on countdown and multiplication tasks, leveraging reinforcement learning (RL) to enable a 3-billion-parameter (3B) base language model (LM) to…

  • Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access

    Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access The eSentire Threat Response Unit (TRU) revealed that threat actors are actively exploiting a six-year-old IIS vulnerability in Progress Telerik UI for ASP.NET AJAX to gain remote access to systems. This vulnerability, identified as CVE-2019-18935, allows attackers to execute arbitrary code on vulnerable servers, posing…

  • 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

    0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows A critical 0-Day vulnerability has been identified in nearly all Microsoft Sysinternals tools, presenting a significant risk to IT administrators and developers who rely on these utilities for system analysis and troubleshooting. This vulnerability, outlining how attackers can exploit DLL injection…

  • Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access

    Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.  This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions. …

  • CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers

    CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with international cybersecurity authorities, has issued comprehensive guidance aimed at securing network edge devices.  These devices, which include firewalls, routers, VPN gateways, Internet of Things (IoT) devices, internet-facing servers, and operational technology (OT) systems, are critical…

  • New Attack Technique to Bypassing EDR as Low Privileged Standard User

    New Attack Technique to Bypassing EDR as Low Privileged Standard User A new cyberattack technique has emerged, enabling attackers to bypass Endpoint Detection and Response (EDR) systems while operating under a low-privileged standard user account.  Traditionally, EDR evasion requires elevated privileges, such as administrative or system-level access.  However, this innovative approach leverages masquerading and path…

  • Canadian National Charged for Stealing $65 Million in Crypto 

    Canadian National Charged for Stealing $65 Million in Crypto  U.S. prosecutors have charged Andean Medjedovic, a 22-year-old Canadian, with five counts of criminal indictment for allegedly orchestrating a sophisticated cryptocurrency theft.  Medjedovic is accused of exploiting vulnerabilities in the KyberSwap and Indexed Finance DeFi protocols, resulting in significant financial losses. The alleged schemes carried out…

  • Roundcube XSS Vulnerability Let Attackers Inject Malicious Files

    Roundcube XSS Vulnerability Let Attackers Inject Malicious Files A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2024-57004, has been discovered in Roundcube Webmail version 1.6.9.  This flaw allows remote authenticated users to upload malicious files disguised as email attachments, posing significant risks to individuals and organizations using the popular open-source webmail client. The vulnerability stems…

  • Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access

    Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue, allowing attackers to bypass authentication mechanisms via spoofing, escalating their privileges over a network. However, Microsoft has confirmed that…

  • Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System 

    Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System  Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.  These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary code.  Organizations relying on these systems for…

  • Parrot 6.3 Released With Improved Security & New Hacking Tools

    Parrot 6.3 Released With Improved Security & New Hacking Tools ParrotOS, the cybersecurity-focused Linux distribution, has recently released its latest update, Parrot 6.3, which includes a number of new features, performance improvements, and updated tools to enhance the user experience. This release is designed to make ParrotOS faster, more stable, and even more secure for…

  • APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File

    APT37 Hackers Abusing Group Chats To Attack Via Malicious LNK File The North Korean state-sponsored hacking group APT37 (aka ScarCruft, Reaper), has been identified leveraging group chat platforms to distribute malicious LNK files. This latest tactic highlights the group’s evolving methods to infiltrate systems and exfiltrate sensitive data. APT37’s recent campaign involves sending malicious LNK…

  • BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised

    BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabilities and has since been linked to the China-based hacking group Silk Typhoon.  While…

  • 10 Best Web Application Firewall (WAF) – 2025

    10 Best Web Application Firewall (WAF) – 2025 A Web Application Firewall (WAF) is a security solution designed to protect web applications by monitoring, filtering, and blocking malicious HTTP/S traffic. Operating at the OSI model’s application layer (Layer 7), a WAF acts as a reverse proxy between users and web applications, analyzing incoming requests and…

  • Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks

    Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks A new threat to cybersecurity has emerged in the form of Devil-Traff, a bulk SMS platform designed to facilitate large-scale phishing campaigns. Leveraging advanced features such as sender ID spoofing, API integration, and support for malicious content, this platform has become a favorite tool…

  • National Change Your Password Day! – CISA Recommends to Enable MFA

    National Change Your Password Day! – CISA Recommends to Enable MFA February 1 marks National Change Your Password Day, a timely initiative to combat escalating cyber risks by promoting stronger password practices. With hacking incidents surging globally, the Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the critical role of multi-factor authentication (MFA) in safeguarding digital accounts. Despite annual reminders to update passwords, weak or reused…

  • WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives 

    WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives  The notorious WantToCry ransomware group leverages misconfigured Server Message Block (SMB) services to infiltrate networks and launch widespread attacks. The weaknesses in SMBs, such as weak credentials, outdated software, and poor security configurations, are providing attackers with an easy entry point through which attackers exploit…

  • Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware

    Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware WhatsApp revealed on Friday that a “zero-click” spyware attack, attributed to the Israeli firm Paragon, has targeted scores of users worldwide, including journalists and members of civil society. The spyware targeted nearly 100 WhatsApp users, including journalists, and did not require any user interaction, nor did…

  • WhatsApp New Privacy Let Users Control who Can See The Profile Photo

    WhatsApp New Privacy Let Users Control who Can See The Profile Photo In a move to enhance user privacy, WhatsApp has rolled out a significant update allowing users to control who can view their profile photos. This feature, available on both iOS and Android devices, provides users with more granular control over their privacy settings.…

  • Google Has Blocked 2.28 Million Malicious Apps Entering Into Play Store

    Google Has Blocked 2.28 Million Malicious Apps Entering Into Play Store Google announced today it blocked a record 2.28 million policy-violating apps from entering the Play Store in 2023, leveraging advanced machine learning, stricter developer vetting, and cross-industry collaborations to combat evolving cyberthreats.  The milestone underscores efforts to uphold its SAFE principles (Safeguard Users, Advocate…

  • New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History

    New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History As internet security evolves, SSL (Secure Sockets Layer) certificates, cornerstones of encrypted communication, are stepping into a brand-new role as vital tools in the fight against cyberattacks. Experts are now leveraging SSL intelligence and historical SSL data to expose hidden threat actor infrastructure, track…

  • Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000

    Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000 A significant extension of Microsoft’s Microsoft 365 (M365) Bounty Program has been announced. The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions.  This update underscores Microsoft’s commitment to…

  • D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely

    D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max Bellia of SECURE NETWORK BVTECH.…

  • Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users

    Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users In a law enforcement operation dubbed “Operation Talent,” an international coalition of law enforcement agencies led by Germany’s Bundeskriminalamt (BKA) and Europol has dismantled two of the world’s largest cybercrime forums: Cracked.io and Nulled.to. These platforms, which collectively hosted over 10 million…

  • Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely

    Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that exploits cross-process communication features in object-oriented remoting technologies like…

  • VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations 

    VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations  Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.  These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation.  The vulnerabilities affect the following VMware products:…

  • Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

    Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration. Over 1,500 infected devices have been…

  • PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability

    PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability A Cross-Site Scripting (XSS) vulnerability has been identified in the TP-Link Archer A20 v3 router, specifically in firmware version 1.0.6 Build 20231011 rel.85717(5553).  The issue stems from improper handling of directory listing paths on the router’s web interface. When a specially crafted URL is accessed,…

  • API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers

    API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers A vulnerability in a third-party travel service API has exposed millions of airline users to potential account takeovers, enabling attackers to exploit airline loyalty points and access sensitive personal information.  The flaw, discovered by Salt Labs, highlights the risks associated with API supply…

  • Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released

    Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability. The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.  It allows authenticated users with device management permissions to execute arbitrary commands on the server, posing significant risks to data…

  • DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts

    DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts DeepSeek R1, the latest AI model from China, is making waves in the tech world for its reasoning capabilities. Positioned as a challenger to AI giants like OpenAI, it has already climbed to 6th place on the Chatbot Arena benchmarking list, surpassing notable models such as Meta’s…

  • Akira’s New Linux Ransomware Attacking VMware ESXi Servers

    Akira’s New Linux Ransomware Attacking VMware ESXi Servers The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023 by deploying a Linux-based encryptor specifically designed…

  • Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges

    Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution.  This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations.  The issue affects only On-Premise installations and does not impact…