serisec

Category: Cyber Security

  • Prometei Botnet Attacking Linux Servers to Mine Cryptocurrency

    Prometei Botnet Attacking Linux Servers to Mine Cryptocurrency Cybersecurity researchers have uncovered a significant resurgence of the Prometei botnet, a sophisticated malware operation targeting Linux servers for cryptocurrency mining and credential theft. This latest campaign, observed since March 2025, demonstrates the evolving nature of cryptomining malware and its persistent threat to enterprise infrastructure worldwide. The…

  • Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT

    Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Cybersecurity professionals across East and Southeast Asia are facing a sophisticated new threat as China-linked attackers deploy a weaponized MSI installer disguised as a legitimate WhatsApp setup package. This malicious campaign represents a significant escalation in social engineering tactics, leveraging the popularity and…

  • Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds

    Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds The largest distributed denial-of-service (DDoS) attack ever documented was successfully stopped by Cloudflare in mid-May 2025, with attackers unleashing a devastating 7.3 terabits per second (Tbps) attack that delivered 37.4 terabytes of malicious traffic in just 45 seconds.  Summary 1. Cloudflare blocked…

  • Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

    Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack Apache SeaTunnel, the widely used distributed data integration platform, has disclosed a significant security vulnerability that enables unauthorized users to execute arbitrary file read operations and deserialization attacks through its RESTful API interface.  The vulnerability, tracked as CVE-2025-32896 and reported on April 12, 2025, affects…

  • Hackers Exploit Atlassian’s Model Context Protocol by Submitting a Malicious Support Ticket

    Hackers Exploit Atlassian’s Model Context Protocol by Submitting a Malicious Support Ticket A sophisticated attack vector targeting Atlassian’s Model Context Protocol (MCP) that allows external threat actors to gain privileged access to internal systems through malicious support tickets.  The attack, dubbed “Living off AI,” exploits the trust boundary between external users submitting support requests and…

  • PowerShell Loaders With In-Memory Execution Techniques To Evade Disk-Based Detection

    PowerShell Loaders With In-Memory Execution Techniques To Evade Disk-Based Detection Cybersecurity researchers have uncovered a sophisticated PowerShell-based attack campaign that leverages advanced in-memory execution techniques to bypass traditional disk-based security controls. The malicious infrastructure spans across Chinese, Russian, and global hosting providers, demonstrating the international scope of modern cyber threats. At the center of this…

  • Massive 16 Billion Passwords From Apple, Facebook, Google and More Leaked From 320 Million Computers

    Massive 16 Billion Passwords From Apple, Facebook, Google and More Leaked From 320 Million Computers A new report has uncovered a staggering 16 billion login credentials from major platforms, including Apple, Facebook, Google, GitHub, Telegram, and government services.  The massive leak, discovered through 30 separate datasets, represents an unprecedented threat to global cybersecurity and digital…

  • AntiDot – 3-in-1 Android Malware Let Attackers Full Control of Compromised Devices

    AntiDot – 3-in-1 Android Malware Let Attackers Full Control of Compromised Devices A sophisticated new Android botnet malware called AntiDot has emerged as a significant threat to mobile device security, offering cybercriminals unprecedented control over infected devices. This malicious software operates as part of a Malware-as-a-Service (MaaS) model, marketed by threat actor LARVA-398 on underground…

  • Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

    Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.  The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published on June 18, 2025, and…

  • Authorities Busted Ransomware Gang – Nine Laptops and 15 Mobile Devices Were Seized

    Authorities Busted Ransomware Gang – Nine Laptops and 15 Mobile Devices Were Seized Thai law enforcement successfully dismantled a sophisticated ransomware operation during a coordinated raid at the Antai Holiday Hotel in central Pattaya on Monday, June 16, 2025.  The operation resulted in the arrest of six Chinese nationals specifically tasked with distributing malicious links…

  • Hackers Leverage Cloudflare Tunnels to Infect Systems Using Stealthy Python-Based Malware

    Hackers Leverage Cloudflare Tunnels to Infect Systems Using Stealthy Python-Based Malware A sophisticated malware campaign has emerged that exploits Cloudflare’s tunneling infrastructure to deliver multi-stage Python-based payloads, demonstrating an alarming evolution in cybercriminal tactics. The campaign, tracked as SERPENTINE#CLOUD, represents a significant escalation in the abuse of legitimate cloud services for malicious purposes, combining social…

  • Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion

    Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion.  The vulnerability, tracked as CVE-2025-49763, affects the Edge Side Includes (ESI) plugin and poses significant risks to organizations running affected…

  • Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts

    Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resources from arbitrary hosts.  The vulnerability, assigned CVE-2025-6087 with a CVSS score of 7.8, affects all versions…

  • Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen

    Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen A threat actor named “hensi” has reportedly claimed unauthorized access to Scania Financial Services’ insurance[.]scania.com subdomain and is allegedly selling around 34,000 files on cybercriminal marketplaces. While these claims remain unconfirmed by official sources, the incident highlights ongoing vulnerabilities in corporate digital infrastructure and…

  • Hackers Using ClickFix Technique to Deploy Remote Access Trojans and Data-Stealing Malware

    Hackers Using ClickFix Technique to Deploy Remote Access Trojans and Data-Stealing Malware Cybersecurity researchers have documented a significant surge in attacks utilizing the ClickFix social engineering technique, which has emerged as one of the most effective methods for initial access in modern cyber campaigns. This deceptive tactic tricks users into executing malicious PowerShell commands by…

  • Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!

    Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ systems.  The update, rolled out on Tuesday, June 17, 2025, patches three significant security flaws including two high-severity…

  • CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks

    CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks CISA has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that CVE-2023-0386 is being actively exploited in real-world attacks.  This improper ownership management flaw in the Linux kernel’s OverlayFS subsystem allows local attackers to escalate privileges through…

  • Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access

    Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions. Affecting millions worldwide, these vulnerabilities pose a severe security emergency that demands immediate patching. The first vulnerability exploits PAM configuration weaknesses in SUSE systems, while the…

  • Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages

    Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply chain. Over the past year, threat actors have significantly escalated their attacks against Web3 developers by publishing malicious packages to trusted registries…

  • China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure

    China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure Cross-strait tensions have escalated into a new domain as China and Taiwan engage in unprecedented mutual accusations of cyberwarfare targeting critical infrastructure systems. The diplomatic dispute has intensified following Taiwan President Lai Ching-te’s first year in office, during which both governments have publicly traded…

  • Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools

    Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools The penetration testing community has received a significant upgrade with the release of Kali Linux 2025.2, marking another milestone in the evolution of this essential cybersecurity platform. This latest version introduces groundbreaking smartwatch capabilities, a completely redesigned menu system, and a comprehensive suite…

  • Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection

    Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection Despite sustained international pressure, sanctions, and public exposures over the past two years, the sophisticated Predator mobile spyware has demonstrated remarkable resilience, continuing to evolve and adapt its infrastructure to evade detection while maintaining operations across multiple continents. The mercenary spyware, originally developed…

  • Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider

    Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) systems. The attack represents a concerning evolution in ransomware tactics, where threat actors are leveraging trusted remote access tools to establish…

  • Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware

    Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware The Fog ransomware group has evolved beyond conventional attack methods, deploying an unprecedented arsenal of legitimate pentesting tools in a sophisticated May 2025 campaign targeting a financial institution in Asia. This latest operation marks a significant departure from typical ransomware tactics, incorporating employee…

  • PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

    PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub.  The vulnerability, tracked as CVE-2025-33053, has reportedly been actively exploited by advanced persistent threat (APT) groups in targeted campaigns against enterprise…

  • Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

    Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists The advanced Graphite mercenary spyware, developed by Paragon, targets journalists through a sophisticated zero-click vulnerability in Apple’s iOS. At least three European journalists have been confirmed as targets, with two cases forensically verified. The spyware exploited a zero-day vulnerability in iOS that allowed attackers to compromise…

  • Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation

    Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Cybersecurity researchers have uncovered a sophisticated malware campaign that leveraged an advanced JavaScript obfuscation technique to compromise hundreds of legitimate websites and redirect unsuspecting visitors to malicious content. The campaign, which infected over 269,000 webpages between March and April 2025, employed a variant…

  • CISA Releases Guide to Protect Network Edge Devices From Hackers

    CISA Releases Guide to Protect Network Edge Devices From Hackers CISA and international cybersecurity partners have released a comprehensive suite of guidance documents aimed at protecting critical network edge devices from increasingly sophisticated cyberattacks.  This coordinated effort, involving cybersecurity authorities from nine countries, including Australia, Canada, the United Kingdom, and Japan, addresses the growing threat…

  • Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums

    Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums A sophisticated new threat platform, Nytheon AI, has emerged, which combines multiple uncensored large language models (LLMs) built specifically for malicious activities. The platform, discovered by Cato CTRL, is being actively promoted on popular hacking forums, including XSS and various Telegram channels, representing a…

  • 0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams

    0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak,” enables attackers to automatically exfiltrate sensitive organizational data without requiring any user interaction. The vulnerability represents a significant breakthrough in AI security research, introducing a new class of attack called “LLM Scope Violation”…

  • How to Conduct a Secure Code Review – Tools and Techniques

    How to Conduct a Secure Code Review – Tools and Techniques Secure code review represents a critical security practice that systematically examines software source code to identify and remediate security vulnerabilities before they reach production environments. This comprehensive examination serves as a proactive defense mechanism, enabling development teams to detect security flaws early in the…

  • Top 3 Evasion Techniques In Phishing Attacks: Real Examples Inside 

    Top 3 Evasion Techniques In Phishing Attacks: Real Examples Inside  Phishing attacks aren’t what they used to be. Hackers no longer rely on crude misspellings or sketchy email addresses. Instead, they use clever tricks to dodge detection tools and fool even cautious users.   Let’s break down three evasion techniques that are increasingly common in phishing…

  • CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks

    CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild.  The vulnerability, tracked as CVE-2025-32433, enables attackers to achieve unauthenticated remote code execution on affected systems, prompting its immediate addition to CISA’s…

  • ManageEngine Exchange Reporter Plus Vulnerability Allows Remote Code Execution

    ManageEngine Exchange Reporter Plus Vulnerability Allows Remote Code Execution A severe security vulnerability has been identified in ManageEngine Exchange Reporter Plus that could allow attackers to execute arbitrary commands on target servers.  Designated as CVE-2025-3835, this critical remote code execution vulnerability affects all Exchange Reporter Plus installations with build 5721 and below.  ManageEngine has responded…

  • 84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks

    84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks A critical security vulnerability affecting Roundcube webmail installations has exposed over 84,000 systems worldwide to remote code execution attacks. The vulnerability, tracked as CVE-2025-49113, allows authenticated users to execute arbitrary code remotely, presenting a significant security risk to organizations relying on this popular open-source webmail…

  • SAP June 2025 Patch Day – 14 Vulnerabilities Patched Across Multiple Products

    SAP June 2025 Patch Day – 14 Vulnerabilities Patched Across Multiple Products SAP released its monthly Security Patch Day update addressing 14 critical vulnerabilities across multiple enterprise products.  The comprehensive security update includes patches addressing critical authorization bypass issues and cross-site scripting vulnerabilities, with CVSS scores ranging from 3.0 to 9.6.  Organizations using SAP enterprise…

  • Sensata Technologies Hit by Ransomware Attack – Operations Impacted

    Sensata Technologies Hit by Ransomware Attack – Operations Impacted Sensata Technologies, Inc., a prominent industrial technology company based in Attleboro, Massachusetts, has disclosed a significant cybersecurity incident that compromised the personal information of hundreds of individuals.  The external system breach, classified as a hacking incident, occurred on March 28, 2025, but remained undetected for nearly…

  • New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware

    New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems.  This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing…

  • PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution

    PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The vulnerability, tracked as CVE-2025-32756, carries a maximum CVSS score of 9.8 and enables unauthenticated remote code execution through…

  • Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux

    Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike. Kali GPT represents a significant breakthrough in the integration of artificial intelligence with penetration…

  • New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers

    New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with…

  • Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts

    Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional security measures by…

  • Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

    Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools and game cheats,…

  • New ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware Silently

    New ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware Silently A sophisticated new social engineering attack campaign has emerged that exploits users’ familiarity with routine security checks to deliver malware through deceptive Cloudflare verification pages. The ClickFix attack technique represents a concerning evolution in phishing methodology, abandoning traditional file downloads in favor of…

  • Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely

    Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and access sensitive enterprise data.  The vulnerabilities affect HPE StoreOnce VSA versions prior to 4.3.11 and present significant risks to enterprise backup and…

  • Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads

    Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads Cybercriminals are increasingly leveraging misconfigured artificial intelligence tools to execute sophisticated attacks that generate and deploy malicious payloads automatically, marking a concerning evolution in threat actor capabilities. This emerging attack vector combines traditional configuration vulnerabilities with the power of AI-driven content generation, enabling attackers to…

  • Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code

    Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code A significant security vulnerability in the Splunk Enterprise platform could allow low-privileged attackers to execute unauthorized JavaScript code through a reflected Cross-Site Scripting (XSS) flaw.  The vulnerability, tracked as CVE-2025-20297, affects multiple versions of Splunk Enterprise and Splunk Cloud Platform, prompting the company to issue…

  • SentinelOne Global Service Outage Root Cause Revealed

    SentinelOne Global Service Outage Root Cause Revealed Cybersecurity company SentinelOne has released a comprehensive root cause analysis revealing that a software flaw in an infrastructure control system caused the global service disruption that affected customers worldwide on May 29, 2025. The outage, which lasted approximately 20 hours, was fully restored by May 30 at 10:00…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code

    Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code Google has released an emergency security update for Chrome after confirming that a critical zero-day vulnerability is being actively exploited by attackers in the wild. The vulnerability, tracked as CVE-2025-5419, allows threat actors to execute arbitrary code on victims’ systems through out-of-bounds read…

  • Denodo Scheduler Vulnerability Let Attackers Execute Remote Code

    Denodo Scheduler Vulnerability Let Attackers Execute Remote Code A significant security vulnerability has been discovered in Denodo Scheduler, a data management software component, that allows attackers to execute remote code on affected systems.  The flaw, identified as CVE-2025-26147, exploits a path traversal vulnerability in the Kerberos authentication configuration feature, potentially compromising the security of enterprise…

  • Threat Actors Actively Exploiting Critical vBulletin Vulnerability in the Wild

    Threat Actors Actively Exploiting Critical vBulletin Vulnerability in the Wild A critical, unauthenticated remote code execution vulnerability in vBulletin forum software is now being actively exploited. The vulnerability, which impacts vBulletin versions 5.0.0 through 6.0.3, has been assigned CVE-2025-48827 and CVE-2025-48828 and is now being actively targeted by threat actors, marking it as a Known…

  • Critical Roundcube Vulnerability Let Attackers Execute Remote Code

    Critical Roundcube Vulnerability Let Attackers Execute Remote Code A critical vulnerability in the widely used Roundcube Webmail software allows authenticated attackers to execute arbitrary code remotely.  The vulnerability, discovered through PHP object deserialization flaws, affects all installations running versions 1.6. x and 1.5. One of the popular open-source webmail clients.  Security researcher firs0v reported the…

  • AI-Driven Threat Intelligence Staying Ahead of Attackers

    AI-Driven Threat Intelligence Staying Ahead of Attackers As cyber threats evolve at an unprecedented pace in 2025, organizations worldwide are turning to artificial intelligence to stay one step ahead of increasingly sophisticated attackers. The global threat intelligence market, valued at $14.29 billion in 2024, is projected to reach $26.31 billion by 2032, reflecting the urgent…

  • CISOs Guide to Regulatory Compliance in Global Landscapes

    CISOs Guide to Regulatory Compliance in Global Landscapes Chief Information Security Officers worldwide are grappling with an unprecedented surge in regulatory requirements as governments expand cybersecurity mandates across critical sectors, transforming the traditional CISO role into a strategic compliance leadership position that demands technical expertise and regulatory acumen. Rising Regulatory Complexity Reshapes CISO Responsibilities The…

  • Securing the Cloud Best Practices for Multi-Cloud Environments

    Securing the Cloud Best Practices for Multi-Cloud Environments As organizations increasingly embrace multi-cloud strategies to enhance flexibility and avoid vendor lock-in, securing the cloud in these complex environments has become a critical priority for 2025. With 89% of enterprises already implementing multi-cloud approaches and 98% using or planning to use multiple cloud providers, the security…

  • Quantum Threats Preparing Your Encryption Strategy

    Quantum Threats Preparing Your Encryption Strategy As quantum threats grow with advances in quantum computing, the cybersecurity landscape is undergoing its most significant transformation in decades, threatening to make current encryption methods obsolete. With experts predicting “Q-Day,” the moment quantum computers can break widely used encryption algorithms, could arrive as early as 2035, organizations worldwide…

  • Implementing NIST CSF 2.0 A Technical Blueprint

    Implementing NIST CSF 2.0 A Technical Blueprint After years of development and stakeholder feedback, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework (CSF) 2.0 in February 2024. This significant update represents the first major revision since the framework’s creation in 2014 and provides organizations with enhanced guidance for managing cybersecurity risks…

  • CISOs Guide to Navigating the 2025 Threat Landscape

    CISOs Guide to Navigating the 2025 Threat Landscape As we move through 2025, cybersecurity leaders rely on the CISO Threat Guide 2025 to navigate a volatile environment marked by AI-powered attacks, geopolitical tensions, and evolving criminal tactics. The landscape continues transforming rapidly, requiring Chief Information Security Officers (CISOs) to adapt their strategies and priorities to…

  • Ransomware 2.0 How AI-Powered Attacks Are Evolving

    Ransomware 2.0 How AI-Powered Attacks Are Evolving Ransomware attacks have entered a new era of sophistication and danger, with AI-powered ransomware attacks marking a significant evolution beyond encrypting payment files. It incorporates advanced tactics powered by artificial intelligence that make these attacks more devastating, harder to detect, and increasingly difficult to prevent. The Evolution of…

  • Threat Actors Leverage Google Apps Script To Host Phishing Websites

    Threat Actors Leverage Google Apps Script To Host Phishing Websites Cybercriminals have escalated their tactics by exploiting Google Apps Script, a trusted development platform, to host sophisticated phishing campaigns that bypass traditional security measures. This emerging threat represents a significant shift in how attackers leverage legitimate infrastructure to enhance the credibility of their malicious operations.…

  • Authorities Dismantled AVCheck, a Tool For Testing Malware Against Antivirus Detection

    Authorities Dismantled AVCheck, a Tool For Testing Malware Against Antivirus Detection Law enforcement agencies across multiple countries have successfully dismantled a sophisticated cybercriminal operation that provided malware testing services designed to evade antivirus detection systems. The coordinated international effort resulted in the seizure of four domains and their associated servers, dealing a significant blow to…

  • LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data

    LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data LexisNexis Risk Solutions has disclosed a significant data breach affecting approximately 364,000 individuals after discovering that an unauthorized third party gained access to sensitive personal information through a compromised third-party software development platform. The cybersecurity incident, which LexisNexis learned about on April 1, 2025, actually…

  • Tycoon2FA Infra Used by Dadsec Hacker Group to Steal Office365 Credentials

    Tycoon2FA Infra Used by Dadsec Hacker Group to Steal Office365 Credentials A sophisticated phishing campaign leveraging shared infrastructure between two prominent cybercriminal operations has emerged as a significant threat to Office 365 users worldwide. The Tycoon2FA Phishing-as-a-Service platform, which has been active since August 2023, has established operational connections with the notorious Storm-1575 group, also…

  • Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware

    Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Cybercriminals are increasingly exploiting the growing popularity of artificial intelligence tools by distributing sophisticated malware disguised as legitimate AI solution installers. This emerging threat landscape has seen malicious actors create convincing replicas of popular AI platforms, using these deceptive packages to deploy devastating…

  • New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER

    New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging deceptive CAPTCHA verification pages to distribute a newly discovered Rust-based infostealer dubbed EDDIESTEALER. This campaign represents a significant evolution in social engineering tactics, where threat actors exploit users’ familiarity with routine security verification processes to trick them into…

  • Implementing Identity and Access Management in Cloud Security

    Implementing Identity and Access Management in Cloud Security As organizations accelerate cloud adoption, securing digital identities has become a cornerstone of cybersecurity strategy. The 2025 Verizon Data Breach Investigations Report reveals that 80% of cyberattacks now leverage identity-based methods, with credential abuse and third-party vulnerabilities driving a 34% surge in breaches.  Meanwhile, the global cloud Identity…

  • CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits

    CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five urgent Industrial Control Systems (ICS) advisories on May 29, 2025, addressing critical vulnerabilities across widely deployed industrial automation and infrastructure systems.  These advisories highlight severe security flaws affecting Siemens access control systems, fire safety panels, environmental…

  • Ensuring Data Security in Cloud Storage and Collaboration Platforms

    Ensuring Data Security in Cloud Storage and Collaboration Platforms A surge in cloud adoption has been matched by escalating security challenges, with 82% of data breaches now involving cloud-stored information and 60% of organizations reporting public cloud-related incidents in 2024.  As enterprises increasingly rely on platforms like Google Drive, Microsoft Teams, and Slack for collaboration,…

  • Detecting and Remediating Misconfigurations in Cloud Environments

    Detecting and Remediating Misconfigurations in Cloud Environments As organizations accelerate cloud adoption, misconfigurations have emerged as a critical vulnerability, accounting for 23% of cloud security incidents and 81% of cloud-related breaches in 2024.  High-profile cases, such as the 2025 Capital One breach that exposed 100 million records due to a misconfigured firewall, underscore the urgency…

  • Advanced Detection Strategies for APT Campaigns in 2025 Networks

    Advanced Detection Strategies for APT Campaigns in 2025 Networks The cybersecurity landscape of 2025 has become a high-stakes battleground as Advanced Persistent Threat (APT) campaigns leverage artificial intelligence, zero-day exploits, and cloud vulnerabilities to bypass traditional defenses. With APT attacks on critical infrastructure surging by 136% in Q1 2025 alone, and global detection volumes rising…

  • Countermeasures Against State-Sponsored APT Operations Worldwide

    Countermeasures Against State-Sponsored APT Operations Worldwide State-sponsored Advanced Persistent Threats (APTs) have become the defining challenge for cybersecurity professionals in 2025, with attacks growing in sophistication, persistence, and global reach. High-profile breaches targeting critical infrastructure, telecommunications, and government entities underscore the urgent need for robust, adaptive countermeasures. This article examines the evolving tactics of state-sponsored…

  • New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key

    New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key A sophisticated botnet campaign dubbed “AyySSHush” has compromised over 9,000 ASUS routers worldwide, establishing persistent backdoor access that survives firmware updates and reboots.  The stealthy operation, first detected in March 2025, demonstrates advanced nation-state-level tradecraft by exploiting authentication vulnerabilities and legitimate…

  • Microsoft OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites

    Microsoft OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites A critical security flaw in Microsoft’s OneDrive File Picker has exposed millions of users to unauthorized data access, allowing third-party web applications to gain complete access to users’ entire OneDrive storage rather than just selected files.  Security researchers from Oasis Security reported on…

  • Microsoft Releases Emergency Fix for BitLocker Recovery Issue

    Microsoft Releases Emergency Fix for BitLocker Recovery Issue Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after numerous reports from enterprise customers experiencing system…

  • CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation

    CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose significant risks to organizations…

  • Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes

    Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution.  The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding pfSense Plus builds. These flaws, CVE-2024-57273,…

  • Intruder vs. Pentest Tools vs. Attaxion: Selecting The Right Security Tool

    Intruder vs. Pentest Tools vs. Attaxion: Selecting The Right Security Tool While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these organizations have to choose…

  • W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials

    W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its own marketplace called W3LL…

  • glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks

    glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems to local privilege escalation attacks.  Tracked as CVE-2025-4802 and publicly disclosed on May 16, 2025, this vulnerability could allow attackers to execute arbitrary code by manipulating the LD_LIBRARY_PATH environment…

  • Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution

    Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution A critical vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) that could allow attackers to execute malicious code on affected systems remotely. The vulnerability, tracked as CVE-2025-21297, was disclosed by Microsoft in their January 2025 security updates and has since been actively exploited in the…

  • Abusing dMSA with Advanced Active Directory Persistence Techniques 

    Abusing dMSA with Advanced Active Directory Persistence Techniques  Delegated Managed Service Accounts (dMSAs), introduced in Windows Server 2025, represent Microsoft’s latest innovation in secure service account management.  While designed to enhance security by preventing traditional credential theft attacks like Kerberoasting, security researchers have uncovered potential abuse vectors that could allow attackers to establish persistent access…

  • PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files

    PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files A new information-stealing malware dubbed “PupkinStealer” has been identified by cybersecurity researchers, targeting sensitive user data through a straightforward yet effective approach. First observed in April 2025, this .NET-based malware written in C# focuses on stealing browser credentials, messaging app sessions, and desktop files,…

  • APT Group 123 Actively Attacking Windows Systems to Deliver Malicious Payloads

    APT Group 123 Actively Attacking Windows Systems to Deliver Malicious Payloads North Korean state-sponsored threat actor APT Group 123 has intensified its cyber espionage campaign, specifically targeting Windows systems across multiple sectors globally. The group, active since at least 2012 and also tracked under aliases such as APT37, Reaper, and ScarCruft, has historically focused on…

  • VMware ESXi, Firefox, Red Hat Linux & SharePoint 0-Day Vulnerabilities Exploited – Pwn2Own Day 2

    VMware ESXi, Firefox, Red Hat Linux & SharePoint 0-Day Vulnerabilities Exploited – Pwn2Own Day 2 Security researchers uncovered critical zero-day vulnerabilities across major enterprise platforms during the second day of Pwn2Own Berlin 2025, earning a staggering $435,000 in bounties. The competition, hosted at the OffensiveCon conference, witnessed successful exploits against VMware ESXi, Microsoft SharePoint, Mozilla…

  • Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack

    Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack A sophisticated phishing operation exploiting compromised Indiana government sender accounts to distribute fraudulent TxTag toll collection messages.  The campaign, which emerged this week, leverages the GovDelivery communications platform to lend legitimacy to the scam emails targeting unsuspecting recipients nationwide. Sophisticated Phishing Targets Indiana Toll Users  The…

  • Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network

    Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network Microsoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services (AD CS) that could allow attackers to perform denial-of-service attacks over a network.  The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and has been…

  • Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files

    Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files Google Threat Intelligence has launched a new blog series aimed at empowering security professionals with advanced threat hunting techniques, kicking off with a deep dive into detecting malicious .desktop files on Linux systems. .desktop files, standard configuration files in Linux desktop environments, define…

  • Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges

    Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges A newly disclosed security flaw in Microsoft Defender for Endpoint could allow attackers with local access to elevate their privileges to SYSTEM level, potentially gaining complete control over affected systems.  The vulnerability, tracked as CVE-2025-26684, was patched as part of Microsoft’s May 2025 Patch Tuesday security updates…

  • 82,000+ WordPress Sites Exposed to Remote Code Execution Attacks

    82,000+ WordPress Sites Exposed to Remote Code Execution Attacks Critical vulnerabilities were identified in TheGem, a premium WordPress theme with more than 82,000 installations worldwide.  Researchers identified two separate but interconnected vulnerabilities in TheGem theme versions 5.10.3 and earlier.  When combined, these vulnerabilities create a dangerous attack vector that could lead to remote code execution…

  • Recurring Supply‑Chain Lapses Expose UEFI Firmware to Pre‑OS Threats

    Recurring Supply‑Chain Lapses Expose UEFI Firmware to Pre‑OS Threats A disturbing pattern of security failures in the firmware supply chain continues to expose millions of devices to pre-OS threats, potentially undermining the foundation of computer security. Between 2022 and 2025, a series of critical security incidents involving leaked cryptographic keys and mismanagement of signing certificates…

  • Cobalt Strike 4.11.1 Released With Fix For ‘Enable SSL’ Checkbox

    Cobalt Strike 4.11.1 Released With Fix For ‘Enable SSL’ Checkbox Fortra has released Cobalt Strike 4.11.1, an out-of-band update addressing critical issues discovered in their recent 4.11 release.  This update, released on May 12, 2025, focuses primarily on resolving module stomping complications while also addressing issues with SSL certificate functionality and adding deprecation warnings for…

  • PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security

    PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security A proof-of-concept (PoC) exploit has been released for a recently patched vulnerability in Apple’s macOS operating system, tracked as CVE-2025-31258.  The flaw could allow malicious applications to break out of the macOS sandbox protection mechanism, potentially giving attackers access to sensitive system resources and user…

  • F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands

    F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands F5 Networks has disclosed a high-severity command injection vulnerability (CVE-2025-31644) in its BIG-IP products running in Appliance mode.  The vulnerability exists in an undisclosed iControl REST endpoint and BIG-IP TMOS Shell (tmsh) command, allowing attackers to bypass Appliance mode security restrictions.  Classified as CWE-78…

  • PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability

    PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809.  This flaw, rooted in the kernel’s netfilter infrastructure, exposes affected systems to local privilege escalation through a sophisticated double-free attack.  Security researchers, including the user…

  • New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis

    New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis Cybersecurity experts have identified a sophisticated phishing technique that exploits blob URIs (Uniform Resource Identifiers) to evade detection by Secure Email Gateways (SEGs) and security analysis tools. This emerging attack method leverages the unique properties of blob URIs, which are designed to display…

  • Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution

    Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution Defendnot, a sophisticated new tool that effectively disables Windows Defender by exploiting the Windows Security Center (WSC) API to register itself as a legitimate antivirus solution.  The Windows Security Center service is designed to ensure Windows computers maintain adequate security…

  • “PupkinStealer” A New .NET-Based Malware Steals Browser Credentials & Exfiltrate via Telegram

    “PupkinStealer” A New .NET-Based Malware Steals Browser Credentials & Exfiltrate via Telegram A newly identified information-stealing malware, dubbed PupkinStealer, Developed in C# using the .NET framework, this lightweight yet effective malware targets sensitive user data, including browser credentials, desktop files, messaging app sessions, and screenshots. According to a CYFIRMA detailed analysis shared with Cyber Security…

  • Microsoft Teams To Block Screen Capture During Meetings

    Microsoft Teams To Block Screen Capture During Meetings Microsoft has announced a new “Prevent Screen Capture” feature for Teams that will block unauthorized screenshots during meetings. The feature, scheduled for worldwide rollout in July 2025, represents Microsoft’s continued focus on enterprise security and regulatory compliance in an era where sensitive information is increasingly shared in…

  • 20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly

    20 Years old Proxy Botnet Network Dismantled That Exploits 1000 Unique Unpatched Devices Weekly In a coordinated effort, Lumen Technologies’ Black Lotus Labs, the U.S. Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), and the Dutch National Police have dismantled a sophisticated criminal proxy network that has operated since 2004. Proxy network homepage…

  • Beware! Fake AI Video Generation Platforms Drop Stealer Malware on Your Computers

    Beware! Fake AI Video Generation Platforms Drop Stealer Malware on Your Computers As artificial intelligence (AI) tools gain mainstream traction for content creation, cybercriminals are capitalizing on the hype with a sophisticated new attack vector, fake AI platforms promising advanced video and image editing capabilities. These fraudulent sites, amplified through viral social media campaigns and…