serisec

Category: Cyber Security

  • New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads

    New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording screens, and injecting fake login pages into banking apps. The malware initially spreads through a…

  • 2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now

    2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score of…

  • Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges

    Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited. The…

  • Cloudflare Outage Hits Internet with 500 Internal Server Error

    Cloudflare Outage Hits Internet with 500 Internal Server Error Cloudflare has confirmed that it is currently experiencing a significant outage that is affecting the Cloudflare Dashboard and several Cloudflare API services. The issue began earlier today and has caused widespread disruptions for users who rely on Cloudflare’s management tools and automation features. According to Cloudflare,…

  • ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos

    ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain…

  • Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer

    Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms.…

  • Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely

    Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the…

  • Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions

    Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows non-administrator users to access sensitive…

  • Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code

    Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8, exists in versions 8.3 and…

  • Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery

    Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous trend, where attackers are weaponizing Velociraptor, a widely respected Digital Forensics and Incident Response (DFIR)…

  • Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code

    Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a CVSS score of 7.8. The flaw…

  • Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted

    Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted Kohler’s $600 smart toilet camera system, marketed with promises of “end-to-end encryption,” does not actually implement the security standard as commonly understood in the cybersecurity industry, raising significant privacy concerns for users uploading intimate health data to the company’s servers. The Dekoda device, launched in…

  • Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers

    Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers A critical HTTP request smuggling vulnerability in Akamai’s edge server infrastructure has been successfully fixed. The vulnerability, identified as CVE-2025-66373, stemmed from improper processing of HTTP requests containing invalid chunk-encoded bodies, potentially exposing thousands of customers to sophisticated attacks. Understanding HTTP Chunked Transfer Encoding HTTP chunked…

  • BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters

    BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced kernel-level access with powerful evasion…

  • Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days

    Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum Baseline Requirements. This…

  • Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence

    Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July 2025, security researchers discovered…

  • Chrome 143 Released With Fix for 13 Vulnerabilities that Enable Arbitrary Code Execution

    Chrome 143 Released With Fix for 13 Vulnerabilities that Enable Arbitrary Code Execution Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac. This significant update addresses 13 security vulnerabilities, including several high-severity flaws that could allow attackers to execute arbitrary code or…

  • Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks

    Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks The development team has officially released essential security updates to address two significant vulnerabilities found in the popular web framework. These issues range from high to moderate severity. They could allow attackers to compromise database integrity or crash servers through resource exhaustion. The most critical flaw,…

  • Google Patches Android 0-Day Vulnerabilities Exploited in the Wild

    Google Patches Android 0-Day Vulnerabilities Exploited in the Wild Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under…

  • OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks

    OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads. The patches, included in the newly released version 2.6.17 and 2.7_rc3, fix issues ranging from…

  • 4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign

    4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign A sophisticated threat group operating under the name ShadyPanda has successfully compromised millions of browser users through a methodical seven-year campaign targeting popular Chrome and Edge extensions. The attack represents a significant breach of user trust, as the malicious extensions gained verified status…

  • India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones

    India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones India’s Department of Telecommunications (DoT) has ordered smartphone manufacturers to preload a government-backed cybersecurity app, “Sanchar Saathi,” on all new devices sold in the country. The order, issued privately on November 28, 2025, gives major players like Apple, Samsung, Xiaomi, Vivo, and Oppo 90 days to…

  • Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen

    Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen Microsoft has confirmed a bizarre user interface bug affecting Windows 11 version 24H2 devices that renders the password sign-in icon invisible on the lock screen. The issue, stemming from the August 2025 non-security preview update (KB5064081) and persisting in…

  • PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability

    PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious code or steal credentials.…

  • CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks

    CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming that threat actors are actively weaponizing it in the wild. The security defect, identified as CVE-2021-26829, is a Cross-Site…

  • Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload

    Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload A new, highly sophisticated malware campaign has been identified targeting remote workers and organizations through a fake Google Meet landing page. Hosted on the deceptive domain gogl-meet[.]com, this attack leverages the “ClickFix” social engineering technique to bypass traditional browser security controls and…

  • New Albiriox Malware Attacking Android Users to Take Complete Control of their Device

    New Albiriox Malware Attacking Android Users to Take Complete Control of their Device A sophisticated new Android malware family dubbed “Albiriox” has emerged on the cybercrime landscape, offering advanced remote access capabilities as a Malware-as-a-Service (MaaS). Identified by researchers at Cleafy, the malware is designed to execute On-Device Fraud (ODF) by granting attackers full control…

  • Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’

    Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ The 2025 holiday season has unleashed an unprecedented wave of cyber threats, with attackers deploying industrialized infrastructure to exploit the global surge in online commerce. This year’s threat landscape is characterized by a calculated expansion of deceptive digital assets, where criminals leverage automated tools…

  • French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls

    French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls The French Football Federation (FFF) has confirmed a significant cybersecurity incident resulting in the theft of personal data belonging to members and licensees. The federation revealed that cybercriminals had infiltrated the centralized administrative software used by football clubs across the country to…

  • Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals

    Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals The Handala hacker group has launched a targeted campaign against Israeli high-tech and aerospace professionals, marking a concerning shift in geopolitically motivated cyber operations. The group recently published a list of individuals working in these critical sectors, accompanied by hostile descriptions that falsely label them as criminals.…

  • Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach

    Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach The company has agreed to pay a $1.5 million fine to settle a Federal Communications Commission investigation into a data breach that exposed personal information from over 237,000 customers. Reuters reports that the FCC announced the settlement on…

  • Microsoft to Block External Scripts  in Entra ID Logins to Enhance Protections

    Microsoft to Block External Scripts  in Entra ID Logins to Enhance Protections Microsoft has announced a significant security upgrade to its Microsoft Entra ID authentication process, as part of the company’s broader Secure Future Initiative. Microsoft is updating its Content Security Policy (CSP) to block the execution of external scripts during user sign-ins. This proactive…

  • Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks

    Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks Polish authorities have arrested a Russian citizen suspected of conducting unauthorized cyberattacks against the computer networks of local organizations. The arrest marks a significant development in the country’s efforts to combat cybercrime targeting Polish and European businesses. On November 16, 2025, officers from the…

  • Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets

    Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded GitHub with spam repositories, new…

  • London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines

    London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines Three West London councils are struggling with significant disruption to IT systems and phone lines after a cyberattack on a shared services provider, which officials are publicly describing only as an “IT incident”. The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC),…

  • Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads

    Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure. Recent security analysis reveals a concerning trend where threat actors are systematically targeting network operators, media platforms, and broadcasting services to…

  • OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed

    OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API product. The company emphasized transparency in its announcement, assuring users that the breach did not compromise…

  • Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents

    Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents Since its release in October, Battlefield 6 has become one of the year’s most anticipated game launches. However, cybercriminals have quickly seized on this popularity to distribute malicious software. Attackers have created fake cracked versions of the game and fraudulent game trainers, spreading…

  • Threat Actors Allegedly Listed iOS 26 Full‑Chain 0‑Day Exploit on Dark Web

    Threat Actors Allegedly Listed iOS 26 Full‑Chain 0‑Day Exploit on Dark Web A threat actor operating under the alias ResearcherX has posted what they claim to be a full‑chain zero‑day exploit targeting Apple’s recently released iOS 26 operating system. The listing, which appeared on a prominent dark web marketplace, alleges that the exploit leverages a…

  • Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware

    Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware Cybercriminals are successfully targeting Apple users through a sophisticated social engineering scheme that tricks victims into running harmful commands on their computers. The threat, called FlexibleFerret, is attributed to North Korean operators and represents a continuing evolution of the Contagious Interview campaign…

  • Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks

    Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks The Tor Project has announced a significant cryptographic overhaul, retiring its legacy relay encryption algorithm after decades of service and replacing it with Counter Galois Onion (CGO). This research-backed encryption design defends against a broader class of sophisticated online attackers. Tor’s relay encryption serves…

  • HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#’

    HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#’ Security researchers at Cato CTRL have discovered a new indirect prompt injection technique called HashJack, which weaponises legitimate websites to manipulate AI browser assistants. The attack conceals malicious instructions after the “#” symbol within trusted URLs, enabling threat actors to conduct a wide range of…

  • Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed

    Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed Microsoft has announced a significant update to the Teams Desktop Client for Windows that aims to enhance performance and reduce startup times for calling features. The update, detailed in the Message Center notification MC1189656 published on November 25, 2025, introduces a new process architecture…

  • ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access

    ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions…

  • YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules

    YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules Modern cybersecurity faces an escalating challenge: fileless malware and obfuscation techniques increasingly bypass traditional file-based detection methods. To address this growing threat, JPCERT/CC has released YAMAGoya. This open-source threat hunting tool leverages industry-standard detection rules to identify suspicious activity in real time. YAMAGoya represents…

  • Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack

    Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the notorious Clop ransomware gang, has impacted dozens of major organizations worldwide. The group listed Canon…

  • HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials

    HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an…

  • Top 10 Best Exposure Management Tools In 2026

    Top 10 Best Exposure Management Tools In 2026 Exposure Management is a proactive cybersecurity discipline that systematically identifies, assesses, prioritizes, and remediates security vulnerabilities and misconfigurations across an organization’s entire attack surface both internal and external. Unlike traditional, periodic vulnerability scanning, EM leverages continuous monitoring, threat intelligence, and a holistic, graph-based view of risk to…

  • Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely

    Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The flaw stems from the tool connecting to dropped Azure Blob storage accounts that attackers could register and control.​ How…

  • ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen

    ClickFix Attack Uses Steganography to Hide Malicious Code in Fake Windows Security Update Screen A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems. The campaigns rely on tricking users into manually running a…

  • Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers

    Beware of North Korean Fake Job Platform Targeting U.S. Based AI-Developers A sophisticated recruitment scam linked to North Korea has emerged, targeting American artificial intelligence developers, software engineers, and cryptocurrency professionals through an elaborate fake job platform. Validin security researchers have uncovered a new variant of what they call the “Contagious Interview” operation, designed to…

  • DeepSeek-R1 Makes Code for Prompts With Severe Security Vulnerabilities

    DeepSeek-R1 Makes Code for Prompts With Severe Security Vulnerabilities A concerning vulnerability in DeepSeek-R1, a Chinese-developed artificial intelligence coding assistant. When the AI model encounters politically sensitive topics related to the Chinese Communist Party, it produces code with severe security flaws at rates up to 50% higher than usual. Released in January 2025 by Chinese…

  • Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach

    Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we analyze the critical incidents defining the current threat landscape. If this week has taught us anything, it is that the stability of our digital infrastructure is just…

  • CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks

    CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address a critical security flaw in Oracle Identity Manager following reports of active exploitation. The vulnerability, tracked as CVE-2025-61757, allows unauthenticated remote attackers to execute arbitrary code on affected systems, posing…

  • 15 Best Remote Monitoring Tools – 2025

    15 Best Remote Monitoring Tools – 2025 Remote monitoring tools are essential for managing and maintaining the health and performance of IT infrastructure and systems. Remote monitoring tools provide continuous oversight of network devices, servers, applications, and other critical components from a remote location. These tools help identify and resolve issues proactively by offering real-time…

  • ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach

    ShinyHunters Claims Data Theft from 200+ Companies via Salesforce Gainsight Breach A sophisticated supply chain attack has reportedly compromised data across hundreds of organizations, linking the breach to a critical integration between customer success platform Gainsight and CRM giant Salesforce. The notorious hacking collective ShinyHunters is claiming responsibility for the intrusion, which allegedly affects over…

  • Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities

    Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of active exploitation in the wild,…

  • Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination

    Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination A former IT contractor from Ohio has admitted to launching a cyberattack against his employer’s network in retaliation for being terminated, federal prosecutors announced this week. Maxwell Schultz, 35, of Columbus, Ohio, pleaded guilty to computer fraud charges after leading a technical attack that locked thousands…

  • CrowdStrike Fires Insider for Sharing Internal System Details with Hackers

    CrowdStrike Fires Insider for Sharing Internal System Details with Hackers Cybersecurity giant CrowdStrike has confirmed the termination of an insider who allegedly provided sensitive internal system details to a notorious hacking collective. The incident, which came to light late Thursday and Friday morning, involved the leak of internal screenshots on a public Telegram channel operated…

  • AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload

    AI-Based Obfuscated Malicious Apps Evading AV Detection to Deploy Malicious Payload A new wave of malicious Android applications impersonating a well-known Korean delivery service has emerged, featuring advanced obfuscation techniques powered by artificial intelligence. These apps work to bypass traditional antivirus detection methods while extracting sensitive user information. The threat actors behind this campaign have…

  • SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely

    SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601, carries a CVSS score of 7.5…

  • Authorities Sanctioned Russia-based Bulletproof Hosting Provider for Supporting Ransomware Operations

    Authorities Sanctioned Russia-based Bulletproof Hosting Provider for Supporting Ransomware Operations The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions against Media Land. This Russia-based bulletproof hosting company provides infrastructure to ransomware and other cybercriminals. The U.S. Federal Bureau of Investigation also coordinated the action targeting the company’s leadership team…

  • OpenAI Releases GPT-5.1-Codex-Max that Performs Coding Tasks Independently

    OpenAI Releases GPT-5.1-Codex-Max that Performs Coding Tasks Independently OpenAI has launched GPT-5.1-Codex-Max, a specialized coding model designed to handle complex development tasks autonomously. The new system represents a significant leap in agentic AI capabilities, enabling machines to work on coding projects with minimal human intervention. GPT-5.1-Codex-Max operates differently from general-purpose AI models. Built specifically for software…

  • Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files

    Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files A severe vulnerability in Ollama, one of GitHub’s most popular open-source projects, with over 155,000 stars. The flaw enables attackers to execute arbitrary code on systems running vulnerable versions of the platform by exploiting weaknesses in the software’s parsing of model files.…

  • Microsoft Integrated Azure Firewall With AI-powered Security Copilot

    Microsoft Integrated Azure Firewall With AI-powered Security Copilot Microsoft has enhanced its cloud security capabilities by integrating Azure Firewall with Security Copilot, an AI-powered security solution designed to help security teams work faster and more efficiently. This integration allows security analysts to investigate malicious network traffic using simple, natural-language questions rather than complex technical queries.…

  • Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin

    Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code on affected systems. The vulnerabilities disclosed in Serv-U version 15.5.3 pose significant risks to organizations that rely on…

  • Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data

    Malicious ‘Free’ VPN Extension with 9 Million Installs Hijacks User Traffic and Steals Browsing Data A deceptive browser campaign has exposed millions of users to extensive surveillance through seemingly innocent VPN extensions. Chrome extensions marketed as “Free Unlimited VPN” services accumulated over 9 million installations before security detection, with the malware remaining hidden for nearly…

  • Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal

    Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal Microsoft unveiled significant enhancements to threat intelligence at Ignite 2025, bringing the Threat Intelligence Briefing Agent directly into the Defender portal. This integration marks a pivotal shift in how security teams approach cyber defense, moving from reactive responses to proactive threat anticipation. The Threat…

  • WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers

    WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data leaks ever documented. This vulnerability, rooted in the app’s contact discovery feature, persisted despite warnings to Meta dating back to 2017, raising…

  • Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach

    Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach The notorious Everest ransomware group has claimed responsibility for a major cyber breach against Under Armour, the global sportswear giant, alleging the theft of 343 GB of internal data that could impact millions of customers and employees worldwide. The announcement,…

  • Google Reveals Public Preview of Alert Triage and Investigation Agent for Security Operations

    Google Reveals Public Preview of Alert Triage and Investigation Agent for Security Operations Google has announced the public preview of its Alert Triage and Investigation agent, a significant advancement in artificial intelligence-driven security operations. The intelligent agent is now embedded directly within Google Security Operations, helping security teams process alerts faster and more effectively. The new…

  • UNC1549 Hackers with Custom Tools Attacking Aerospace and Defense Systems to Steal Logins

    UNC1549 Hackers with Custom Tools Attacking Aerospace and Defense Systems to Steal Logins Since mid-2024, a sophisticated Iranian-backed threat group known as UNC1549 has been conducting targeted campaigns against aerospace, aviation, and defense organizations across the globe. The hackers employ an advanced dual approach, combining carefully crafted phishing campaigns with the exploitation of trusted connections…

  • CISA Warns of Critical Lynx+ Gateway Vulnerability Exposes Data in Cleartext

    CISA Warns of Critical Lynx+ Gateway Vulnerability Exposes Data in Cleartext The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission. The flaw allows attackers to catch network traffic and obtain plaintext credentials and other…

  • Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups

    Threat Actors Leveraging Compromised RDP Logins to Deploy Lynx Ransomware After Deleting Server Backups Lynx ransomware has emerged as a significant threat to enterprise environments, with recent intrusions demonstrating sophisticated attack strategies that prioritize data exfiltration and infrastructure destruction. The malware campaign combines compromised credentials with careful planning to ensure maximum impact on target networks.…

  • Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices

    Unremovable Spyware on Samsung Devices Comes Pre-installed on Galaxy Series Devices Samsung has been accused of shipping budget Galaxy A and M series smartphones with pre-installed spyware that users can’t easily remove. The software in question, AppCloud, developed by the mobile analytics firm IronSource, has been embedded in devices sold primarily in the Middle East…

  • Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials

    Hackers Allegedly Claim Leak of LG Source Code, SMTP, and Hardcoded Credentials A threat actor known as “888” has purportedly dumped sensitive data stolen from electronics giant LG Electronics, raising alarms in the cybersecurity community. The breach, first spotlighted on November 16, 2025, allegedly includes source code repositories, configuration files, SQL databases, and, critically, hardcoded…

  • Hackers Use Rogue MCP Server to Inject Malicious Code and Control the Cursor’s Built-in Browser

    Hackers Use Rogue MCP Server to Inject Malicious Code and Control the Cursor’s Built-in Browser A critical vulnerability allowing attackers to inject malicious code into Cursor’s embedded browser through compromised MCP (Model Context Protocol) servers. Unlike VS Code, Cursor lacks integrity verification on its proprietary features, making it a prime target for tampering. The attack…

  • SilentButDeadly – Network Communication Blocker Tool That Neutralizes EDR/AV

    SilentButDeadly – Network Communication Blocker Tool That Neutralizes EDR/AV A new open-source tool called SilentButDeadly has emerged, designed to disrupt Endpoint Detection and Response (EDR) and antivirus (AV) software by severing their network communications. Developed by security researcher Ryan Framiñán, the tool leverages the Windows Filtering Platform (WFP) to create temporary, bidirectional blocks on EDR…

  • Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges

    Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a…

  • PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild

    PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that has already been observed in real-world attacks, allowing unauthorized access to sensitive CGI endpoints. Security researchers…

  • Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers

    Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762, the vulnerability affects versions up to 9.9 and could allow attackers to run arbitrary commands on the hosting server, potentially compromising entire database infrastructures.…

  • RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools

    RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. The malware arrives through fake software installers that…

  • A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection

    A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently discovered phishing kit demonstrates just how advanced these operations have become. This particular framework was…

  • Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts

    Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation documents. These scripts trigger a chain of…

  • Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report

    Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this ransomware group has impacted more than 250 organizations across North…

  • Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications

    Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection on login details, payment card information, and cryptocurrency wallet data from infected systems. The…

  • Critical FortiWeb WAF Flaw Exploited in the Wild, Enabling Full Admin Takeover

    Critical FortiWeb WAF Flaw Exploited in the Wild, Enabling Full Admin Takeover Fortinet has issued an urgent advisory warning of a critical vulnerability in its FortiWeb web application firewall (WAF) product, which attackers are actively exploiting in the wild. Identified as CVE-2025-64446, the flaw stems from improper access control in the GUI component, allowing unauthenticated…

  • Critical Imunify360 AV Vulnerability Exposes 56 Million+ Linux-hosted Websites to RCE Attacks

    Critical Imunify360 AV Vulnerability Exposes 56 Million+ Linux-hosted Websites to RCE Attacks A severe remote code execution (RCE) vulnerability has been discovered in Imunify360 AV, a widely used malware scanner protecting approximately 56 million websites. The security flaw, recently patched by CloudLinux, allows attackers to execute arbitrary commands and potentially take complete control of hosting…

  • Malicious Chrome Extension as Ethereum Wallet Enables Full Wallet Takeover

    Malicious Chrome Extension as Ethereum Wallet Enables Full Wallet Takeover A deceptive Chrome extension named Safery: Ethereum Wallet has emerged as a serious threat to cryptocurrency users. Published on the Chrome Web Store on November 12, 2024, this extension masquerades as a secure Ethereum wallet while secretly stealing user seed phrases. The malware’s sophisticated design…

  • Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack

    Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied to CVE-2025-61882, marks another high-profile victim in Cl0P’s relentless assault on organizations using Oracle’s enterprise…

  • New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

    New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware A growing social engineering technique called ClickFix has emerged as one of the most successful methods for distributing malware in recent months. This attack tricks users into copying and running commands directly into their operating systems command line interface, ultimately installing dangerous information-stealing…

  • Kraken Cross-Platform Ransomware Attacking Windows, Linux, and VMware ESXi Systems in Enterprise Environments

    Kraken Cross-Platform Ransomware Attacking Windows, Linux, and VMware ESXi Systems in Enterprise Environments In August 2025, a new ransomware threat emerged with capabilities that fundamentally changed how organizations should approach enterprise security. Kraken, a Russian-speaking cybercriminal group, began executing sophisticated attacks targeting large organizations across multiple continents. What makes Kraken particularly dangerous is its ability…

  • New ClickFix Attack Tricks Users with ‘Fake OS Update’ to Execute Malicious Commands

    New ClickFix Attack Tricks Users with ‘Fake OS Update’ to Execute Malicious Commands A new ClickFix campaign is tricking users with a fake Windows update that runs in their browser. Called “Fake OS Update,” this scam takes advantage of people’s trust in the familiar blue screen of death (BSOD) from Microsoft. It delivers malware and…

  • Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges

    Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in…

  • CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks

    CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances. This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems. The security issue involves an out-of-bounds write in the device’s operating…

  • How Attackers Turn SVG Files Into Phishing Lures

    How Attackers Turn SVG Files Into Phishing Lures Businesses today are dealing with faster, stealthier email threats that look routine yet unleash aggressively malicious scripts the moment a user engages. This is especially true when the lure arrives as an attachment that resembles a harmless image file.  The perception gap is exactly what attackers exploit…

  • OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts

    OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts A vulnerability in OpenAI’s advanced video generation model, Sora 2, that enables the extraction of its hidden system prompt through audio transcripts, raising concerns about the security of multimodal AI systems. This vulnerability, detailed in a blog post by AI security firm Mindgard, demonstrates how…

  • ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets

    ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights…

  • New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options

    New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT codebase and presents…

  • New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials

    New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials A large-scale phishing campaign has emerged, exploiting Meta’s Business Suite to compromise credentials across thousands of small and medium-sized businesses worldwide. Check Point security researchers identified approximately 40,000 phishing emails distributed to more than 5,000 customers, primarily targeting industries including automotive, education, real…