serisec

Tag: cyber-security-news

  • Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1

    Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1 Apple released iOS 26.1 and iPadOS 26.1, addressing multiple vulnerabilities that could lead to privacy breaches, app crashes, and potential data leaks for iPhone and iPad users. The update targets devices starting from the iPhone 11 series and various iPad models, including the iPad…

  • Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287

    Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287 Cybersecurity researchers and firewall monitoring services have detected a dramatic surge in reconnaissance activity targeting Windows Server Update Services (WSUS) infrastructure. Network sensors collected from security organizations, including data from Shadowserver, show a significant increase in scans directed at TCP ports 8530 and…

  • Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code

    Windows Graphics Vulnerabilities Allow Remote Attackers to Execute Arbitrary Code Multiple vulnerabilities in Microsoft’s Graphics Device Interface (GDI), a core component of the Windows operating system responsible for rendering graphics. These flaws, discovered by Check Point through an intensive fuzzing campaign targeting Enhanced Metafile (EMF) formats, could enable remote attackers to execute arbitrary code or…

  • Cybersecurity News Weekly Newsletter – EY Data Leak, Bind 9, Chrome Vulnerability, and Aardvar ChatGPT Agent

    Cybersecurity News Weekly Newsletter – EY Data Leak, Bind 9, Chrome Vulnerability, and Aardvar ChatGPT Agent This week’s cybersecurity roundup highlights escalating threats from misconfigurations, software flaws, and advanced malware. Key incidents demand immediate attention from IT teams and executives. ISC patched CVE-2025-5470 in BIND 9 (versions 9.16.0–9.18.26), a DoS vulnerability (CVSS 8.6) allowing server…

  • New BOF Tool Exploits Microsoft Teams’ Cookie Encryption Allowing Attackers to Access User Chats

    New BOF Tool Exploits Microsoft Teams’ Cookie Encryption Allowing Attackers to Access User Chats A specialized Beacon Object File (BOF) designed to extract authentication cookies from Microsoft Teams without disrupting the application. This development builds on recent findings that expose how Teams stores sensitive access tokens, potentially allowing attackers to impersonate users and access chats,…

  • OpenAI’s New Aardvark GPT-5 Agent that Detects and Fixes Vulnerabilities Automatically

    OpenAI’s New Aardvark GPT-5 Agent that Detects and Fixes Vulnerabilities Automatically OpenAI has unveiled Aardvark, an autonomous AI agent powered by its cutting-edge GPT-5 model, designed to detect software vulnerabilities and automatically propose fixes. This tool aims to entrust developers and security teams by scaling human-like analysis across vast codebases, addressing the escalating challenge of…

  • New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files

    New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files An upgraded release of tool EDR-Redir V2, designed to evade Endpoint Detection and Response (EDR) systems by exploiting Windows bind link technology in a novel way. According to the researcher TwoSevenOneT, the version targets the parent directories of EDR installations, such as…

  • Agent Session Smuggling: How Malicious AI Hijacks Victim Agents

    Agent Session Smuggling: How Malicious AI Hijacks Victim Agents Security researchers have uncovered a sophisticated attack technique that exploits the trust relationships built into AI agent communication systems. The attack, termed agent session smuggling, allows a malicious AI agent to inject covert instructions into established cross-agent communication sessions, effectively taking control of victim agents without…

  • CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware

    CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a critical use-after-free vulnerability in the Linux kernel, tracked as CVE-2024-1086. This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially…

  • Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach

    Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach The notorious Akira ransomware group announced on October 29, 2025, that it successfully breached the systems of Apache OpenOffice, exfiltrating a staggering 23 gigabytes of sensitive corporate data. The group, known for its aggressive double-extortion tactics, posted details on its dark web leak site,…

  • Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks

    Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks Throughout the first half of 2025, financially motivated threat actors have shifted their approach to intrusions, abandoning traditional implant-heavy methods in favor of a more cost-effective strategy. Rather than deploying sophisticated malware payloads, attackers are leveraging stolen credentials and valid account access to establish…

  • Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations

    Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly…

  • Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell

    Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthorized access. This implant, first spotted in variations since October 2023, has seen renewed…

  • Hackers Weaponizing Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

    Hackers Weaponizing Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target European diplomatic entities across Hungary, Belgium, Serbia, Italy, and the Netherlands. Arctic Wolf researchers identified this sophisticated cyber espionage campaign operating throughout September and October 2025, representing a significant…

  • CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code

    CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893. This flaw allows unauthenticated attackers to execute arbitrary remote code, posing significant risks to organizations using the open-source…

  • AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID

    AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID AzureHound, an open-source data collection tool designed for legitimate penetration testing and security research, has become a favored weapon in the hands of sophisticated threat actors. The tool, which is part of the BloodHound suite, was originally created to help security…

  • Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations

    Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations Sophisticated threat actors have orchestrated a coordinated multilingual phishing campaign targeting financial and government organizations across East and Southeast Asia. The campaign leverages carefully crafted ZIP file lures combined with region-specific web templates to deceive users into downloading staged malware droppers. Recent analysis…

  • Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access

    Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access Threat actors operating under the control of North Korea’s regime have demonstrated continued technical sophistication by introducing advanced malware toolsets designed to establish persistent backdoor access and remote control over compromised systems. Recent findings have revealed that Kimsuky, known for orchestrating…

  • Emerging Cyber Threats Featuring QR Codes ClickFix and LOLBins Challenging SOC Defenses

    Emerging Cyber Threats Featuring QR Codes ClickFix and LOLBins Challenging SOC Defenses Cybersecurity experts at ANY.RUN recently unveiled alarming trends in how attackers are exploiting everyday technologies to bypass security operations centers (SOCs). They dissected tactics like QR code phishing, ClickFix social engineering, and Living Off the Land Binaries (LOLBins), showing how these methods evade…

  • Threat Actors Weaponizes Judicial Documents to Deliver PureHVNC RAT

    Threat Actors Weaponizes Judicial Documents to Deliver PureHVNC RAT Between August and October 2025, a sophisticated phishing campaign has emerged targeting Colombian and Spanish-speaking users through deceptive emails masquerading as official communications from Colombia’s Attorney General’s office. The campaign employs a carefully crafted social engineering strategy, luring victims with notifications about supposed lawsuits processed through…

  • Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics

    Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics Ukrainian government organizations continue facing relentless cyber threats from Russian-backed threat actors employing sophisticated evasion techniques to maintain persistent network access. Recent investigations have uncovered coordinated campaigns targeting critical infrastructure and government entities, with attackers deploying advanced tactics that circumvent traditional security defenses. These operations represent…

  • CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability

    CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability In a critical update issued on October 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) has provided organizations with enhanced guidance on detecting and mitigating threat activity related to the actively exploited CVE-2025-59287 vulnerability in Microsoft’s Windows Server Update Services (WSUS). This remote code…

  • Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution

    Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. This…

  • New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network

    New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network The Beast ransomware group has emerged as a significant threat in the cybersecurity landscape, evolving from the Monster ransomware strain to establish itself as a formidable Ransomware-as-a-Service operation. Officially launched in February 2025, the group rapidly expanded their infrastructure…

  • Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS Behalf Of User

    Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS Behalf Of User A vulnerability in Google Messages on Wear OS devices allows any installed app to silently send SMS, MMS, or RCS messages on behalf of the user. Dubbed CVE-2025-12080, the issue stems from improper handling of ACTION_SENDTO intents using URI…

  • Microsoft Details ASP.NET Vulnerability That Enables Attackers To Smuggle HTTP Requests

    Microsoft Details ASP.NET Vulnerability That Enables Attackers To Smuggle HTTP Requests Microsoft has issued a critical security update for ASP.NET Core to address CVE-2025-55315, a high-severity flaw that enables HTTP request smuggling and could allow attackers to bypass key security controls. Disclosed on October 14, 2025, this vulnerability has a CVSS v3.1 score of 9.9,…

  • Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes

    Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes A critical vulnerability in Magento, the popular e-commerce platform, is now rebranded as Adobe Commerce. Dubbed SessionReaper and tracked as CVE-2025-54236, this improper input validation flaw allows attackers to hijack user sessions and, in some cases, execute malicious code remotely. The…

  • Microsoft Sued for Allegedly Misleading Millions to Subscribe for Microsoft 365 Subscriptions

    Microsoft Sued for Allegedly Misleading Millions to Subscribe for Microsoft 365 Subscriptions Australia’s competition regulator has filed legal proceedings against Microsoft for allegedly misleading approximately 2.7 million Australian consumers regarding subscription options and pricing for Microsoft 365 plans. The Australian Competition and Consumer Commission claims that Microsoft deliberately concealed the availability of cheaper alternative plans…

  • 81% Router Usres Have Not Changed Default Admin Passwords, Exposing Devices to Hackers

    81% Router Usres Have Not Changed Default Admin Passwords, Exposing Devices to Hackers In late 2025, a staggering 81% of broadband users were found to have never changed their router’s default administrative password, opening the door to significant malware risk. This widespread negligence was revealed in Broadband Genie’s fourth major router security survey, where 3,242…

  • Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks

    Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications. On October 27, 2025, Apache disclosed two vulnerabilities, CVE-2025-55752 and CVE-2025-55754, affecting multiple versions of Tomcat. While the first poses a…

  • OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks

    OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines. The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants. The…

  • nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle’ of Speed, Certainty, and Effort

    nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle’ of Speed, Certainty, and Effort New York, New York, USA, October 27th, 2025, CyberNewsWire nsKnox, a leader in payment security, today announced the launch of Adaptive Payment Security, a groundbreaking enhancement to its PaymentKnox platform designed to eliminate B2B payment fraud…

  • iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log’ file on Reboot

    iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log’ file on Reboot The emergence of Pegasus and Predator spyware over the past several years has transformed the landscape of mobile device security. These advanced malware strains—deployed by sophisticated threat actors for surveillance and espionage—have repeatedly demonstrated their ability to exploit zero-click…

  • Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies

    Scattered LAPSUS$ Hunters Onion Leak Website Taken Down By Law-enforcement Agencies Law enforcement agencies from the United States and France have seized the onion leak website operated by the notorious Scattered LAPSUS$ Hunters collective, displaying a prominent seizure notice featuring logos from the FBI, Department of Justice, and international partners. This coordinated action, executed around…

  • Hackers Exploiting Microsoft WSUS Vulnerability In The Wild – 2800 Instances Exposed Online

    Hackers Exploiting Microsoft WSUS Vulnerability In The Wild – 2800 Instances Exposed Online Hackers are actively exploiting a critical flaw in Microsoft’s Windows Server Update Services (WSUS), with security researchers reporting widespread attempts in the wild. The vulnerability, tracked as CVE-2025-59287, allows remote code execution on unpatched WSUS servers, potentially granting attackers full control over…

  • Critical Dell Storage Manager Vulnerabilities Let Attackers Compromise System

    Critical Dell Storage Manager Vulnerabilities Let Attackers Compromise System Dell Technologies has disclosed three critical vulnerabilities in its Storage Manager software that could allow attackers to bypass authentication, disclose sensitive information, and gain unauthorized access to systems. Announced on October 24, 2025, these flaws affect versions of Dell Storage Manager up to 20.1.21 and pose…

  • Infamous Cybercriminal Forum BreachForums Is Back Again With a New Clear Net Domain

    Infamous Cybercriminal Forum BreachForums Is Back Again With a New Clear Net Domain The notorious cybercrime forum BreachForums has resurfaced online, this time on a clearnet domain accessible without specialized tools like Tor. The platform, long a hub for data leaks, hacking tools, and illicit trades, went dark earlier this year following a series of…

  • New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver

    New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver A new tool called EDR-Redir has emerged, allowing attackers to redirect or isolate the executable folders of popular Endpoint Detection and Response (EDR) solutions. Demonstrated by cybersecurity researcher TwoSevenOneT, the technique leverages Windows’ Bind Filter driver (bindflt.sys) and Cloud Filter driver (cldflt.sys) to…

  • 706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released

    706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released A high-severity vulnerability in BIND 9 resolvers has been disclosed, potentially allowing attackers to poison caches and redirect internet traffic to malicious sites. Tracked as CVE-2025-40778, the flaw affects over 706,000 exposed instances worldwide, as identified by internet scanning firm Censys.…

  • Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control

    Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control A sophisticated backdoor named Android.Backdoor.Baohuo.1.origin has been discovered in maliciously modified versions of Telegram X messenger, granting attackers complete control over victims’ accounts while operating undetected. The malware infiltrates devices through deceptive in-app advertisements and third-party app stores, masquerading as legitimate dating…

  • LockBit 5.0 Actively Attacking Windows, Linux, and ESXi Environments

    LockBit 5.0 Actively Attacking Windows, Linux, and ESXi Environments The notorious LockBit ransomware operation has resurfaced with a vengeance after months of dormancy following Operation Cronos takedown efforts in early 2024. Despite law enforcement disruptions and infrastructure seizures, the group’s administrator, LockBitSupp, has successfully rebuilt the operation and launched LockBit 5.0, internally codenamed “ChuongDong.” This…

  • Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials

    Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials Cybercriminals have adopted a sophisticated social engineering strategy that exploits the trust inherent in job hunting, according to a recent security advisory. A financially motivated threat cluster operating from Vietnam has been targeting digital advertising and marketing professionals through fake…

  • Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program

    Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program Southeast Asia’s online gambling ecosystem has become a breeding ground for sophisticated cyber threats, with criminal networks leveraging seemingly legitimate platforms to distribute malicious software to millions of unsuspecting users. A recently uncovered operation demonstrates how threat actors exploit the region’s thriving…

  • New Caminho Malware Loader Uses LSB Steganography and to Hide .NET Payloads Within Image Files

    New Caminho Malware Loader Uses LSB Steganography and to Hide .NET Payloads Within Image Files A sophisticated malware operation has emerged from Brazil, leveraging advanced steganographic techniques to conceal malicious payloads within seemingly harmless image files. The Caminho loader, active since at least March 2025, represents a growing threat to organizations across South America, Africa,…

  • Decoding PIN-Protected BitLocker Through TPM SPI Analysis To Decrypt And Mount The Disks

    Decoding PIN-Protected BitLocker Through TPM SPI Analysis To Decrypt And Mount The Disks BitLocker keys without PIN protection, where attackers could exploit stolen laptops, researchers now delve into PIN-secured setups, targeting insider threats seeking SYSTEM-level access. This technique involves intercepting TPM communications via SPI bus analysis, revealing how even PIN-hardened BitLocker can yield to physical…

  • New Text Message Based Phishing Attack from China Targeting Users Around the Globe

    New Text Message Based Phishing Attack from China Targeting Users Around the Globe A sophisticated text message phishing campaign originating from China has emerged as one of the most extensive cybersecurity threats targeting users worldwide. The operation, attributed to a threat collective known as the Smishing Triad, represents a massive escalation in SMS-based fraud, impersonating…

  • New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts

    New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based obfuscation to evade traditional security detection mechanisms. The attack represents an evolution in obfuscation techniques, where threat actors fragment malicious code across multiple HTTP cookies…

  • CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

    CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of…

  • Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories

    Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories Cybersecurity researchers have identified a sophisticated campaign where threat actors are leveraging compromised credentials to infiltrate Azure Blob Storage containers, targeting organizations’ critical code repositories and sensitive data. This emerging threat exploits misconfigured storage access controls to establish persistence and exfiltrate valuable intellectual property. The…

  • HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID

    HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID The HP OneAgent software update has disconnected Windows devices from Microsoft Entra ID. As a result, users can no longer access their corporate identities. Version 1.2.50.9581 of the agent, pushed silently to HP’s Next Gen AI systems like the EliteBook X Flip G1i, deleted…

  • New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient

    New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment methods, threat actors are now…

  • Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen

    Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in retail data security. In emails dispatched to affected individuals this morning, the popular toy retailer revealed that unauthorized…

  • Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability

    Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute…

  • DHS Asks OpenAI To Share Information on ChatGPT Prompts Used By Users

    DHS Asks OpenAI To Share Information on ChatGPT Prompts Used By Users The Department of Homeland Security (DHS) has issued the first known federal search warrant compelling OpenAI to disclose user data tied to ChatGPT prompts. The warrant, unsealed last week in Maine and reviewed by cybersecurity outlets, stems from a year-long probe into a…

  • TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes

    TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate…

  • Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial of Service Attacks

    Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial of Service Attacks The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780,…

  • Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox

    Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2,…

  • Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset

    Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset Cloud account takeover attacks have evolved into a sophisticated threat as cybercriminals and state-sponsored actors increasingly weaponize OAuth applications to establish persistent access within compromised environments. These malicious actors are exploiting the fundamental trust mechanisms of cloud authentication systems, specifically targeting Microsoft Entra…

  • Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code

    Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code Google has swiftly addressed a high-severity flaw in its Chrome browser’s V8 JavaScript engine, releasing an emergency update to thwart potential remote code execution attacks. The vulnerability, tracked as CVE-2025-12036, stems from an inappropriate implementation within V8, the open-source JavaScript and WebAssembly engine powering Chrome’s…

  • Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable

    Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable Threat actors infiltrated the official Xubuntu website, redirecting torrent downloads to a malicious ZIP file containing Windows-targeted malware. The incident, uncovered on October 18, 2025, highlights vulnerabilities in community-maintained Linux distribution sites amid rising interest in alternatives to end-of-life operating systems. Users attempting to grab…

  • Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’

    Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’ A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive government infrastructure…

  • Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework

    Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in…

  • Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT

    Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit…

  • Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely

    Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP request/response smuggling. Released on October…

  • ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

    ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading of configs even during…

  • Automatic BitLocker Encryption May Silently Lock Away Your Data

    Automatic BitLocker Encryption May Silently Lock Away Your Data A Reddit poster detailed how reinstalling Windows 11 unexpectedly encrypted two of their backup drives with BitLocker, locking away 3TB of irreplaceable data without any prior setup. The incident, shared onReddit, highlights the risks of Microsoft’s automatic encryption feature in Windows 11, which can activate silently…

  • Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily

    Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily A persistent campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with attackers deploying over 30,000 new IP addresses daily to exploit timing-based vulnerabilities. This coordinated effort, linked to a global botnet, has seen unique IPs surge past 500,000 since September 2025, primarily aiming…

  • AWS Declares Major Outage Resolved After Nearly 24 Hours of Disruption

    AWS Declares Major Outage Resolved After Nearly 24 Hours of Disruption Amazon Web Services (AWS), the world’s largest cloud computing provider, has officially marked a widespread outage in its US-EAST-1 region as resolved, following nearly a full day of cascading failures that disrupted services for millions worldwide. The incident, which began late on October 19,…

  • AWS Outage Impacts Amazon, Snapchat, Prime Video, Canva and More – Update

    AWS Outage Impacts Amazon, Snapchat, Prime Video, Canva and More – Update A widespread Amazon Web Services (AWS) outage on Monday disrupted operations for millions of users worldwide, knocking out access to everything from streaming giants to social media platforms and financial apps. The incident, which began early in the morning, affected high-profile services like…

  • Dolby Digital Plus 0-Click Vulnerability Enables RCE Attack via Malicious Audio on Android

    Dolby Digital Plus 0-Click Vulnerability Enables RCE Attack via Malicious Audio on Android A critical zero-click vulnerability in Dolby Digital Plus (DDP) audio decoding software has been disclosed, allowing attackers to execute malicious code remotely via seemingly innocuous audio messages. Google Project Zero’s Ivan Fratric and Natalie Silvanovich have identified an out-of-bounds write flaw in…

  • Canva Down – Suffers Global Outage, Leaving Millions of Users Unable to Access Platform

    Canva Down – Suffers Global Outage, Leaving Millions of Users Unable to Access Platform Canva, the popular graphic design platform, is reeling from a widespread outage that has rendered its services inaccessible to millions of users worldwide. As of 19:16 AEDT (02:46 IST), the platform’s status page reports “significantly increased error rates” impacting nearly all…

  • PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability

    PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability A proof-of-concept (PoC) exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), enabling unauthenticated attackers to execute remote code with SYSTEM privileges on affected servers. Dubbed CVE-2025-59287 and assigned a CVSS v3.1 score of 9.8, the flaw…

  • New DefenderWrite Tool Let Attackers Inject Malicious DLLs into AV Executable Folders

    New DefenderWrite Tool Let Attackers Inject Malicious DLLs into AV Executable Folders A new tool called DefenderWrite exploits whitelisted Windows programs to bypass protections and write arbitrary files into antivirus executable folders, potentially enabling malware persistence and evasion. Developed by cybersecurity expert Two Seven One Three, the tool demonstrates a novel technique for penetration testers…

  • New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

    New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft. This method exploits trusted Microsoft infrastructure, making the attacks harder to spot as the…

  • American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign

    American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS). The breach, first highlighted by the notorious Clop ransomware group, underscores the growing risks facing enterprise software in the aviation sector.…

  • Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode

    Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode Microsoft’s latest security update has rendered USB keyboards and mice inoperable within the Windows Recovery Environment (WinRE). Released on October 14, 2025, as KB5066835 for OS Build 26100.6899, the patch affects Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The…

  • Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft

    Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft Volkswagen Group has issued a statement addressing claims by the ransomware group 8Base, which alleges it has stolen and leaked sensitive data from the automaker. The German carmaker maintains that its core IT infrastructure remains unaffected; however, the company’s vague response leaves questions…

  • Authorities Dismantle Cybercrime-as-a-Service Platform, Seize 40,000 Active SIM Cards

    Authorities Dismantle Cybercrime-as-a-Service Platform, Seize 40,000 Active SIM Cards An international law enforcement operation has dismantled a large-scale cybercrime-as-a-service network responsible for fueling thousands of online fraud cases across Europe. The operation, known as SIMCARTEL, took place on 10 October 2025 in Latvia and resulted in five arrests, the seizure of key infrastructure, and the…

  • PoC Exploit for 7-Zip Vulnerabilities that Allows Remote Code Execution

    PoC Exploit for 7-Zip Vulnerabilities that Allows Remote Code Execution A proof-of-concept exploit for two critical vulnerabilities in the popular file archiver 7-Zip, potentially allowing attackers to execute arbitrary code remotely through malicious ZIP files. The flaws, tracked as CVE-2025-11001 and CVE-2025-11002, were disclosed by the Zero Day Initiative (ZDI) on October 7, 2025, and…

  • Hackers Using TikTok Videos to Deploy Self-Compiling Malware That Leverages PowerShell for Execution

    Hackers Using TikTok Videos to Deploy Self-Compiling Malware That Leverages PowerShell for Execution Cybercriminals are exploiting TikTok’s massive user base to distribute sophisticated malware campaigns that promise free software activation but deliver dangerous payloads instead. The attack leverages social engineering tactics reminiscent of the ClickFix technique, where unsuspecting users are tricked into executing malicious PowerShell…

  • Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections

    Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections Microsoft’s October 2025 cumulative update for Windows 11 has disrupted localhost functionality, preventing developers and users from accessing local web applications and services via 127.0.0.1. The issue, tied to update KB5066835 released on October 14, affects builds like 26100.6899 and has sparked widespread complaints on forums,…

  • Critical Zimbra SSRF Vulnerability Let Attackers Access Sensitive Data

    Critical Zimbra SSRF Vulnerability Let Attackers Access Sensitive Data A newly disclosed Server-Side Request Forgery (SSRF) flaw in Zimbra Collaboration Suite has raised major security concerns, prompting administrators to patch systems immediately. The issue, identified in the chat proxy configuration component, could allow attackers to gain unauthorized access to internal resources and sensitive user data.…

  • VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support

    VMware Workstation and Fusion 25H2 Released with New Features and Latest OS Support VMware has launched Workstation 25H2 and Fusion 25H2, the newest iterations of its desktop hypervisors, featuring a revamped versioning system, enhanced tools, and broader compatibility with modern hardware and operating systems. These updates aim to streamline virtualization for developers, IT professionals, and…

  • Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code

    Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code Cisco has disclosed a severe vulnerability in its widely used IOS and IOS XE Software, potentially allowing attackers to crash devices or seize full control through remote code execution. The flaw, rooted in the Simple Network Management Protocol (SNMP) subsystem, stems from a…

  • F5 Released Security Updates Covering Multiple Products Following Recent Hack

    F5 Released Security Updates Covering Multiple Products Following Recent Hack F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products. Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access,…

  • Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk

    Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation. This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing source code…

  • North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency

    North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users worldwide. The campaign surfaced in the wake of heightened regulatory crackdowns on illicit crypto transactions, with attackers shifting tactics…

  • New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer

    New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer A sophisticated banking Trojan named Maverick has emerged in Brazil, leveraging WhatsApp as its primary distribution channel to compromise thousands of users. The malware campaign was detected in mid-October 2025, with cybersecurity solutions blocking over 62,000 infection attempts in just the first…

  • Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature

    Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released on October 14, 2025, as part of the latest Patch Tuesday updates, these flaws, tracked as CVE-2025-55338 and CVE-2025-55333, pose a…

  • CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks

    CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in Adobe Experience Manager Forms, urging organizations to patch immediately. Tracked as CVE-2025-54253, this flaw affects the Java Enterprise Edition (JEE) version of the software…

  • Critical Samba RCE Vulnerability Enables Arbitrary Code Execution

    Critical Samba RCE Vulnerability Enables Arbitrary Code Execution Samba has disclosed a severe remote code execution (RCE) flaw that could allow attackers to hijack Active Directory domain controllers. Tracked as CVE-2025-10230, the vulnerability stems from improper validation in the Windows Internet Name Service (WINS) hook mechanism, earning a perfect CVSS 3.1 score of 10.0 for…

  • Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File

    Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File Microsoft announced that it had revoked more than 200 digital certificates exploited by the notorious Vanilla Tempest hacking group. This action effectively disrupted an ongoing campaign where attackers impersonated Microsoft Teams installations to infiltrate corporate networks and deploy ransomware. The operation,…

  • Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code

    Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as CVE-2025-59282, the vulnerability affects the Inbox COM Objects handling global memory, stemming from a race condition…

  • NCSC Warns of UK Experiencing Four Cyber Attacks Every Week

    NCSC Warns of UK Experiencing Four Cyber Attacks Every Week The United Kingdom faces an unprecedented cyber security crisis as the National Cyber Security Centre (NCSC) reports handling an average of four ‘nationally significant’ cyber attacks weekly. This alarming escalation represents a dangerous shift in the threat landscape, with the NCSC managing 204 nationally significant…

  • Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges

    Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to gain full administrator access.…

  • Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code

    Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems. Disclosed on October 14, 2025, as CVE-2025-58718, the vulnerability stems from a use-after-free error, earning an “Important” severity rating. While not yet exploited…

  • Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely

    Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely Veeam Software has disclosed three serious security flaws in its Backup & Replication suite and Agent for Microsoft Windows, which enable remote code execution and privilege escalation, potentially compromising enterprise backup infrastructures. These vulnerabilities, patched in recent updates, primarily affect domain-joined systems in version…

  • Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access

    Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware stealer logs for unauthorized system entry. This transition marks a significant change…

  • Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands

    Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 under advisory ESA-2025-21, the flaw stems from improper neutralization of special elements in the Jinjava template…

  • New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability

    New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling local attackers to escalate privileges…