serisec

Category: Cyber Security

  • SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details

    SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities.  This shift in strategy represents a significant evolution in ransomware operations, targeting organizations’ cybersecurity weaknesses rather…

  • Android App With 220,000+ Downloads From Google Play Installs Banking Trojan

    Android App With 220,000+ Downloads From Google Play Installs Banking Trojan A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection process. It deploys fake…

  • 50 World’s Best Cyber Security Companies – 2025

    50 World’s Best Cyber Security Companies – 2025 Cybersecurity has transformed from a niche technical field into a critical business priority that shapes organizational strategies worldwide. As we navigate through 2025, the cybersecurity industry continues to expand in response to increasingly sophisticated threats, digital transformation initiatives, and regulatory requirements. The global cybersecurity market is thriving, with projections showing growth to $345.4…

  • Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released

    Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems.  All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the flaw identified as CVE-2024-34331, which…

  • DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast

    DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory bandwidth and 580 TFLOPS…

  • Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries

    Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.  The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN SMTP transactions when specific configuration…

  • PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability

    PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5’s BIG-IP application delivery controllers.  The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to execute arbitrary system commands through improper neutralization of special elements in…

  • Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code 

    Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses…

  • Russian Government Proposed New Penalties to Combat Cybercrime

    Russian Government Proposed New Penalties to Combat Cybercrime The Russian government announced a comprehensive legislative package on February 10, 2025, introducing severe penalties for cybercrimes.  The reforms, which amend over 30 existing laws, aim to modernize Russia’s cybersecurity framework by escalating prison terms, expanding asset confiscation protocols, and mandating public trials for high-profile cybercriminals.  The…

  • GPT-4o Copilot Trained in Over 30 Popular Programming Languages

    GPT-4o Copilot Trained in Over 30 Popular Programming Languages Microsoft has unveiled GPT-4o Copilot, a cutting-edge code completion model now available for Visual Studio Code (VS Code) users.  Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories spanning more than 30 popular programming languages, this update promises significant improvements in…

  • CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities

    CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers.  These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical infrastructure sectors.  The disclosures underscore escalating…

  • Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number

    Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users.  This breach highlights the critical need for robust security measures in government-operated digital platforms,…

  • New Android Security Feature that Blocks Changing Sensitive Setting During Calls

    New Android Security Feature that Blocks Changing Sensitive Setting During Calls Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during active phone calls.  This feature, currently live in the beta version, prevents enabling permissions like sideloading apps and granting…

  • PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats

    PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an all-in-one lab environment, PurpleLab equips analysts with tools to enhance…

  • SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

    SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox,…

  • New Go-Based Malware Exploits Telegram and Use It as C2 Channel

    New Go-Based Malware Exploits Telegram and Use It as C2 Channel Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. While the malware appears to still be under development, it is already fully functional and capable of executing various malicious activities. This innovative use…

  • Beware of Fake BSOD Delivered by Malicious Python Script

    Beware of Fake BSOD Delivered by Malicious Python Script A recently discovered Python script has been flagged as a potential cybersecurity threat due to its use of a clever anti-analysis trick.  This script, which has a low detection rate on VirusTotal (4/59), uses the tkinter library to create a fake “Blue Screen of Death” (BSOD)…

  • Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly

    Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. The vulnerability discovered by two web development experts arises from the website’s use of an unsecured…

  • RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access 

    RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as “Salt Typhoon,” also referred to as “RedMike.”  Between December 2024 and January 2025, the group exploited over 1,000 unpatched Cisco network devices globally, targeting telecommunications providers and universities.  The campaign highlights…

  • AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

    AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen Master Utility, a software tool designed to optimize the performance of AMD Ryzen processors.  The vulnerability, classified as DLL hijacking, could allow attackers to execute arbitrary code and escalate privileges on…

  • PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

    PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.  This flaw was identified during research into the exploitation of CVE-2024-12356, a remote code execution (RCE) vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products.  The discovery highlights…

  • WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

    WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files. The flaw, rated 7.8 on the CVSS scale, impacts WinZip 28.0 (Build 16022) and earlier versions, requiring users to update to…

  • Have I Been Pwned Likely to Ban Resellers Subscriptions

    Have I Been Pwned Likely to Ban Resellers Subscriptions Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships.  Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the service. HIBP is a collectivel that…

  • Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS

    Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.  This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected systems to significant threats…

  • Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource

    Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts.  The vulnerability arises from misconfigured…

  • KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques

    KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from exploitation.  The findings, presented at the…

  • Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications

    Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server capabilities make it an attractive choice…

  • Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications

    Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks.  These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers. CVE-2025-1193 Improper Host…

  • Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans

    Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans In honor of Safer Internet Day, Google has announced a significant milestone in online security, more than 1 billion Chrome users are now safeguarded by the browser’s Enhanced Protection mode. This advanced security feature, introduced in 2020 as part of Google Safe…

  • Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

    Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.  This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems.  The flaw is present in versions up to 22.7R2.5…

  • Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory

    Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory A sophisticated attack targeting Google’s Gemini Advanced chatbot.  The exploit leverages indirect prompt injection and delayed tool invocation to corrupt the AI’s long-term memory, allowing attackers to plant false information that persists across user sessions.  This vulnerability raises serious concerns about the security of…

  • USB Army Knife – A Powerful Red Team Tool for Penetration Testers

    USB Army Knife – A Powerful Red Team Tool for Penetration Testers The USB Army Knife is a versatile red-teaming tool for penetration testers that emulates a USB Ethernet adapter for traffic capture, enables custom attack interfaces, and functions as covert storage all in one compact device. This multi-functional firmware combines a variety of attack…

  • SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data

    SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data SEOUL, South Korea’s National Intelligence Service (NIS) has raised concerns over the Chinese AI app DeepSeek, accusing it of “excessively” collecting personal data and posing national security risks.  The NIS issued an advisory urging government agencies to adopt stringent security measures when dealing with the app,…

  • Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account

    Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account Eric Council Jr., a 25-year-old from Athens, Alabama, pleaded guilty on February 10, 2025, to charges stemming from the January 2024 hacking of the U.S. Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter).  The breach involved a fraudulent…

  • SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account

    SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2 library, specifically related to XML entities, to deceive the verification process. The…

  • Tor Browser 14.0.6 Released, What’s New!

    Tor Browser 14.0.6 Released, What’s New! The Tor Project has officially launched Tor Browser 14.0.6, addressing a critical crash issue affecting users on older macOS systems. This latest update incorporates several technical improvements, ensuring enhanced stability and performance across platforms. Tor Browser is built on Firefox ESR (Extended Support Release) and incorporates advanced privacy features…

  • Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

    Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities that pose serious risks to its users.  These vulnerabilities, identified as CVE-2025-25064 and CVE-2025-25065, allow attackers to exploit the system for unauthorized access to sensitive data and internal network…

  • PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

    PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers A recently disclosed vulnerability in AnyDesk, a popular remote desktop software, identified as CVE-2024-12754, enables local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files.  This could potentially escalate their privileges to administrative levels,…

  • Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites

    Hackers Exploiting Google Tag Manager To Steal Credit Card From eCommerce Sites Hackers have been exploiting Google Tag Manager (GTM) to steal sensitive credit card information from eCommerce sites, particularly those built on the Magento platform. This sophisticated attack shows the evolving tactics of cybercriminals in leveraging legitimate tools for malicious purposes. Google Tag Manager…

  • TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30

    TinyZero – Researchers Replicated DeepSeek’s R1-Zero Model for Just $30 In an impressive demonstration of cost-effective AI research, a group of researchers has successfully replicated DeepSeek’s R1-Zero model for just $30. Dubbed TinyZero, this project focuses on countdown and multiplication tasks, leveraging reinforcement learning (RL) to enable a 3-billion-parameter (3B) base language model (LM) to…

  • 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

    0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows A critical 0-Day vulnerability has been identified in nearly all Microsoft Sysinternals tools, presenting a significant risk to IT administrators and developers who rely on these utilities for system analysis and troubleshooting. This vulnerability, outlining how attackers can exploit DLL injection…

  • Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access

    Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access A critical vulnerability, identified as CVE-2025-23114, has been discovered in the Veeam Updater component, a key element of multiple Veeam backup solutions.  This flaw enables attackers to execute arbitrary code on affected servers through a Man-in-the-Middle (MitM) attack, potentially granting root-level permissions. …

  • CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers

    CISA Releases Guidance to Protect Firewalls, Routers, & Internet-Facing Servers The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with international cybersecurity authorities, has issued comprehensive guidance aimed at securing network edge devices.  These devices, which include firewalls, routers, VPN gateways, Internet of Things (IoT) devices, internet-facing servers, and operational technology (OT) systems, are critical…

  • New Attack Technique to Bypassing EDR as Low Privileged Standard User

    New Attack Technique to Bypassing EDR as Low Privileged Standard User A new cyberattack technique has emerged, enabling attackers to bypass Endpoint Detection and Response (EDR) systems while operating under a low-privileged standard user account.  Traditionally, EDR evasion requires elevated privileges, such as administrative or system-level access.  However, this innovative approach leverages masquerading and path…

  • Canadian National Charged for Stealing $65 Million in Crypto 

    Canadian National Charged for Stealing $65 Million in Crypto  U.S. prosecutors have charged Andean Medjedovic, a 22-year-old Canadian, with five counts of criminal indictment for allegedly orchestrating a sophisticated cryptocurrency theft.  Medjedovic is accused of exploiting vulnerabilities in the KyberSwap and Indexed Finance DeFi protocols, resulting in significant financial losses. The alleged schemes carried out…

  • Roundcube XSS Vulnerability Let Attackers Inject Malicious Files

    Roundcube XSS Vulnerability Let Attackers Inject Malicious Files A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2024-57004, has been discovered in Roundcube Webmail version 1.6.9.  This flaw allows remote authenticated users to upload malicious files disguised as email attachments, posing significant risks to individuals and organizations using the popular open-source webmail client. The vulnerability stems…

  • Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access

    Microsoft Azure AI Face Service Elevation of Privilege Vulnerability Let Attackers Gain Network Access Microsoft has disclosed a critical vulnerability, CVE-2025-21415, impacting the Azure AI Face Service, which is classified as an Elevation of Privilege issue, allowing attackers to bypass authentication mechanisms via spoofing, escalating their privileges over a network. However, Microsoft has confirmed that…

  • Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System 

    Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System  Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.  These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary code.  Organizations relying on these systems for…

  • Parrot 6.3 Released With Improved Security & New Hacking Tools

    Parrot 6.3 Released With Improved Security & New Hacking Tools ParrotOS, the cybersecurity-focused Linux distribution, has recently released its latest update, Parrot 6.3, which includes a number of new features, performance improvements, and updated tools to enhance the user experience. This release is designed to make ParrotOS faster, more stable, and even more secure for…

  • BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised

    BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised BeyondTrust, a leading identity and access management firm, disclosed a critical security breach impacting 17 customers of its Remote Support SaaS platform. The breach was attributed to the exploitation of zero-day vulnerabilities and has since been linked to the China-based hacking group Silk Typhoon.  While…

  • 10 Best Web Application Firewall (WAF) – 2025

    10 Best Web Application Firewall (WAF) – 2025 A Web Application Firewall (WAF) is a security solution designed to protect web applications by monitoring, filtering, and blocking malicious HTTP/S traffic. Operating at the OSI model’s application layer (Layer 7), a WAF acts as a reverse proxy between users and web applications, analyzing incoming requests and…

  • Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks

    Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks A new threat to cybersecurity has emerged in the form of Devil-Traff, a bulk SMS platform designed to facilitate large-scale phishing campaigns. Leveraging advanced features such as sender ID spoofing, API integration, and support for malicious content, this platform has become a favorite tool…

  • National Change Your Password Day! – CISA Recommends to Enable MFA

    National Change Your Password Day! – CISA Recommends to Enable MFA February 1 marks National Change Your Password Day, a timely initiative to combat escalating cyber risks by promoting stronger password practices. With hacking incidents surging globally, the Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the critical role of multi-factor authentication (MFA) in safeguarding digital accounts. Despite annual reminders to update passwords, weak or reused…

  • WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives 

    WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives  The notorious WantToCry ransomware group leverages misconfigured Server Message Block (SMB) services to infiltrate networks and launch widespread attacks. The weaknesses in SMBs, such as weak credentials, outdated software, and poor security configurations, are providing attackers with an easy entry point through which attackers exploit…

  • Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware

    Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware WhatsApp revealed on Friday that a “zero-click” spyware attack, attributed to the Israeli firm Paragon, has targeted scores of users worldwide, including journalists and members of civil society. The spyware targeted nearly 100 WhatsApp users, including journalists, and did not require any user interaction, nor did…

  • WhatsApp New Privacy Let Users Control who Can See The Profile Photo

    WhatsApp New Privacy Let Users Control who Can See The Profile Photo In a move to enhance user privacy, WhatsApp has rolled out a significant update allowing users to control who can view their profile photos. This feature, available on both iOS and Android devices, provides users with more granular control over their privacy settings.…

  • Google Has Blocked 2.28 Million Malicious Apps Entering Into Play Store

    Google Has Blocked 2.28 Million Malicious Apps Entering Into Play Store Google announced today it blocked a record 2.28 million policy-violating apps from entering the Play Store in 2023, leveraging advanced machine learning, stricter developer vetting, and cross-industry collaborations to combat evolving cyberthreats.  The milestone underscores efforts to uphold its SAFE principles (Safeguard Users, Advocate…

  • New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History

    New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History As internet security evolves, SSL (Secure Sockets Layer) certificates, cornerstones of encrypted communication, are stepping into a brand-new role as vital tools in the fight against cyberattacks. Experts are now leveraging SSL intelligence and historical SSL data to expose hidden threat actor infrastructure, track…

  • Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000

    Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000 A significant extension of Microsoft’s Microsoft 365 (M365) Bounty Program has been announced. The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions.  This update underscores Microsoft’s commitment to…

  • D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely

    D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely A critical unauthenticated Remote Code Execution (RCE) vulnerability has been affecting DSL-3788 routers, allowing attackers to acquire complete control over the router remotely. The flaw has been detected in firmware versions v1.01R1B036_EU_EN and below. This vulnerability was reported by Max Bellia of SECURE NETWORK BVTECH.…

  • Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users

    Authorities Take Down Cracked & Nulled Hacking Forums Used by 10 Million Users In a law enforcement operation dubbed “Operation Talent,” an international coalition of law enforcement agencies led by Germany’s Bundeskriminalamt (BKA) and Europol has dismantled two of the world’s largest cybercrime forums: Cracked.io and Nulled.to. These platforms, which collectively hosted over 10 million…

  • Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely

    Windows Vulnerability in COM Objects Trigger RCE To Control The Systems Remotely James Forshaw of Google Project Zero has shed light on a significant security vulnerability in Windows related to accessing trapped COM objects through the IDispatch interface. This research highlights an intriguing bug class that exploits cross-process communication features in object-oriented remoting technologies like…

  • VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations 

    VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations  Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.  These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation.  The vulnerabilities affect the following VMware products:…

  • Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

    Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration. Over 1,500 infected devices have been…

  • PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability

    PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability A Cross-Site Scripting (XSS) vulnerability has been identified in the TP-Link Archer A20 v3 router, specifically in firmware version 1.0.6 Build 20231011 rel.85717(5553).  The issue stems from improper handling of directory listing paths on the router’s web interface. When a specially crafted URL is accessed,…

  • API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers

    API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers A vulnerability in a third-party travel service API has exposed millions of airline users to potential account takeovers, enabling attackers to exploit airline loyalty points and access sensitive personal information.  The flaw, discovered by Salt Labs, highlights the risks associated with API supply…

  • Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released

    Critical Cacti Vulnerability Let Attackers Code Remotely – PoC Released The widely used open-source network monitoring tool, Cacti, identified a critical vulnerability. The flaw, tracked as CVE-2025-22604 has a CVSS score of 9.1, indicating high severity.  It allows authenticated users with device management permissions to execute arbitrary commands on the server, posing significant risks to data…

  • DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts

    DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts DeepSeek R1, the latest AI model from China, is making waves in the tech world for its reasoning capabilities. Positioned as a challenger to AI giants like OpenAI, it has already climbed to 6th place on the Chatbot Arena benchmarking list, surpassing notable models such as Meta’s…

  • Akira’s New Linux Ransomware Attacking VMware ESXi Servers

    Akira’s New Linux Ransomware Attacking VMware ESXi Servers The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023 by deploying a Linux-based encryptor specifically designed…

  • Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges

    Critical One Identity Manager Vulnerability Let Attackers Escalate Privileges A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution.  This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations.  The issue affects only On-Premise installations and does not impact…

  • New Docker 1-Click RCE Attack Exploits Misconfigured API Settings

    New Docker 1-Click RCE Attack Exploits Misconfigured API Settings A newly disclosed attack method targeting Docker installations has raised significant security concerns among developers and system administrators. The vulnerability leverages a misconfigured Docker Engine API setting, allowing attackers to achieve remote code execution (RCE) with minimal user interaction. While Docker’s default settings are secure, enabling…

  • Stratoshark – Wireshark Has Got a Friend for Cloud

    Stratoshark – Wireshark Has Got a Friend for Cloud The creators of Wireshark, Gerald Combs and Loris Degioanni, have unveiled Stratoshark, a groundbreaking tool designed to bring Wireshark’s renowned capabilities into the cloud era. Building on over 25 years of experience with Wireshark, which has become a staple for network analysis with over 5 million…

  • Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) – Exploit POC Released

    Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) – Exploit POC Released Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Identified as CVE-2024-45519, this flaw allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. The vulnerability was discovered in Zimbra’s post-journal…

  • Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate

    Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate Authorities in the UK, US, and Australia have sanctioned sixteen individuals linked to Evil Corp, a group once considered the pinnacle of global cyber threats. This move exposes their connections to the Russian state and other infamous ransomware groups, including LockBit. The National Crime…

  • Authorities Unmasked LockBit Affiliate Evil Corp Key Member

    Authorities Unmasked LockBit Affiliate Evil Corp Key Member Law enforcement agencies have identified Russian national Aleksandr Viktorovich Ryzhenkov as a key member of the notorious Evil Corp cybercrime group and a LockBit ransomware affiliate. Ryzhenkov, also known by his alias “Beverley,” has been linked to over 60 LockBit ransomware builds and is believed to have…