Tag: cyber-security-news
-
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability A critical container escape vulnerability has emerged in the NVIDIA Container Toolkit, threatening the security foundation of AI infrastructure worldwide. Dubbed “NVIDIAScape” and tracked as CVE-2025-23266, this flaw carries a maximum CVSS score of 9.0, representing one of the most severe threats to cloud-based AI…
-
New 7-Zip Vulnerability Enables Weaponized RAR5 File to Crash Your System
New 7-Zip Vulnerability Enables Weaponized RAR5 File to Crash Your System A critical memory corruption vulnerability in the popular file archiver 7-Zip has been discovered that allows attackers to trigger denial of service conditions by crafting malicious RAR5 archive files. The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, affects all versions of 7-Zip prior to…
-
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More It’s been a busy seven days for security alerts. Google is addressing another actively exploited zero-day in Chrome, and VMware has rolled out key patches for its own set of vulnerabilities. We’ll also break down the methods behind a new FortiWeb…
-
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complete remote control over vulnerable systems without authentication. Eye Security, a Dutch cybersecurity firm, identified the active exploitation…
-
Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards
Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards Two significant Grafana vulnerabilities that could allow attackers to redirect users to malicious websites and execute arbitrary JavaScript code. The vulnerabilities, identified as CVE-2025-6023 and CVE-2025-6197, affect multiple versions of Grafana, including 12.0.x, 11.6.x, 11.5.x, 11.4.x, and 11.3.x branches. Both security flaws…
-
New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users
New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users A sophisticated phishing campaign targeting organizations has emerged, exploiting the trusted reputation of Veeam Software through weaponized WAV audio files delivered via email. The attack represents an evolution in social engineering tactics, combining traditional phishing techniques with audio-based deception to bypass conventional security…
-
Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware
Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing campaign has established an extensive infrastructure comprising more than 2,800 malicious domains specifically designed to deliver Windows-targeted malware…
-
Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials
Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails impersonating TUSAŞ (Turkish Aerospace Industries). The malicious campaign distributes files disguised as contractual documents, specifically using the filename…
-
CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks
CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of the SQL injection flaw in cyberattacks worldwide. The vulnerability, tracked as CVE-2025-25257, affects Fortinet’s FortiWeb web application firewall…
-
Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs
Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs The cybersecurity landscape continues to face significant threats from sophisticated information stealers, with Lumma emerging as one of the most prevalent and dangerous malware families targeting both consumer and enterprise environments. This malicious software systematically harvests enormous volumes of…
-
Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools
Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new tools and techniques. Active since 2007, this state-sponsored threat actor has established itself as one of the…
-
New Wave of Crypto-Hijacking Infects 3,500+ Websites
New Wave of Crypto-Hijacking Infects 3,500+ Websites A stealth Monero-mining campaign has quietly compromised more than 3,500 websites by embedding an innocuous-looking JavaScript file called karma.js. The operation leverages WebAssembly, Web Workers, and WebSockets to siphon CPU cycles while keeping resource usage low enough to avoid user suspicion. Cside.dev analysts first noted the anomaly after…
-
Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices
Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices Google has filed a lawsuit in New York federal court against the operators of the BadBox 2.0 botnet, marking a significant escalation in the tech giant’s fight against cybercriminal networks. The malware campaign represents the largest known botnet of internet-connected television devices, compromising…
-
Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike
Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and supply chain organizations, reflecting China’s…
-
Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier
Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN gateways. Leveraging a zero-day in a…
-
Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role
Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications. The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active Directory environments with…
-
H2Miner Attacking Linux, Windows, and Containers to Mine Monero
H2Miner Attacking Linux, Windows, and Containers to Mine Monero The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux hosts, Windows workstations, and container workloads…
-
Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets
Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets and conduct campaigns, creating…
-
Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript
Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely previews the file, hidden JavaScript executes…
-
Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files
Cisco Unified Intelligence Center Vulnerability Allows Remote Attackers to Upload Arbitrary Files A critical vulnerability in Cisco’s Unified Intelligence Center (CUIC) web-based management interface has been classified with high severity, allowing authenticated remote attackers with Report Designer privileges to upload arbitrary files to affected systems. Tracked as CVE-2025-20274 and assigned a CVSS Base Score of…
-
Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025
Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025 The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured victims through…
-
SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware
SonicWall SMA Devices 0-Day RCE Vulnerability Exploited to Deploy OVERSTEP Ransomware SonicWall’s end-of-life SMA 100 series appliances are again on the front line after investigators unearthed a covert campaign that couples a suspected zero-day remote-code-execution flaw with a sophisticated backdoor called OVERSTEP. The operation, attributed to the financially motivated group UNC6148, first steals administrator credentials…
-
Microsoft Congratulates MSRC’s Most Valuable Security Researchers
Microsoft Congratulates MSRC’s Most Valuable Security Researchers Microsoft has officially announced its 2025 Most Valuable Security Researchers, recognizing the top 100 security researchers worldwide who have made significant contributions to protecting Microsoft customers through the Microsoft Security Response Center (MSRC) program. The recognition is based on a comprehensive point system that evaluates researchers’ valid vulnerability…
-
Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks
Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities affecting Windows applications and V8 engine implementations. Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing a path traversal bypass and…
-
Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams
Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams Microsoft has announced significant enhancements to its AI-powered security platform, marking the general availability of Microsoft Security Copilot capabilities within Microsoft Intune and Microsoft Entra. This development represents a critical milestone in the evolution of enterprise security management, as organizations…
-
Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager
Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager A sophisticated new ransomware strain has emerged in the cybersecurity landscape, demonstrating advanced evasion techniques and destructive capabilities that pose significant risks to organizations worldwide. The Dark 101 ransomware represents a concerning evolution in malware design, utilizing an obfuscated .NET binary to…
-
Authorities Dismantled “Diskstation” Ransomware Attacking Synology NAS Devices Worldwide
Authorities Dismantled “Diskstation” Ransomware Attacking Synology NAS Devices Worldwide Italian State Police, in collaboration with French and Romanian law enforcement agencies, have successfully dismantled the dangerous “Diskstation” ransomware group that specifically targeted Synology Network-Attached Storage (NAS) devices across multiple countries. The operation, coordinated through EUROPOL, resulted in the arrest of several Romanian nationals and exposed…
-
Albemarle County Hit By Ransomware Attack – Hackers Accessed Residents Personal Details
Albemarle County Hit By Ransomware Attack – Hackers Accessed Residents Personal Details Albemarle County, Virginia, has fallen victim to a sophisticated ransomware attack that compromised the personal information of county residents, local government employees, and public school staff. The cybercriminal operation successfully infiltrated the county’s network infrastructure, forcing officials to launch an extensive incident response…
-
Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000
Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000 A threat actor using the handle “zeroplayer” advertised a previously unknown remote-code-execution (RCE) exploit for WinRAR on an underground forum. The post, titled “WINRAR RCE 0DAY – 80,000$,” claims the flaw works “fully on the latest version of WinRAR and below,” is not…
-
10 Best Cloud VPN Providers – 2025
10 Best Cloud VPN Providers – 2025 Cloud VPNs have become essential for both businesses and individuals seeking secure, private, and reliable internet access in 2025. As cyber threats evolve and remote work becomes the norm, choosing the right cloud VPN provider is crucial for safeguarding sensitive data and ensuring seamless connectivity across the globe.…
-
Cybersecurity Isn’t Just For Experts Anymore: Why You Should Care
Cybersecurity Isn’t Just For Experts Anymore: Why You Should Care Let’s face it cybersecurity used to sound like a topic only for programmers in hoodies or government agencies trying to fend off foreign hackers. But in the current day and age, everyone is affected. If you are a gamer, a business owner, or casually browsing…
-
11 Best Cloud Access Security Broker Software (CASB) – 2025
11 Best Cloud Access Security Broker Software (CASB) – 2025 As organizations accelerate digital transformation, the need for robust cloud security has never been greater. Cloud Access Security Broker (CASB) software stands at the forefront, acting as the critical gatekeeper between users and cloud service providers. With the explosion of SaaS, IaaS, and PaaS platforms,…
-
Top 10 Cyber Attack Maps to See Digital Threats In 2025
Top 10 Cyber Attack Maps to See Digital Threats In 2025 In 2025, the digital threat landscape is more dynamic and complex than ever. Cyber attacks are escalating in frequency, sophistication, and impact, targeting businesses, governments, and individuals worldwide. Real-time visibility into these threats is essential for proactive defense, strategic planning, and rapid incident response.…
-
Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability
Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for more robust defenses as enterprises increasingly embed…
-
OpenAI is to Launch a AI Web Browser in Coming Weeks
OpenAI is to Launch a AI Web Browser in Coming Weeks OpenAI is reportedly preparing to release an artificial intelligence-enhanced web browser within the coming weeks, marking the company’s latest expansion beyond its popular ChatGPT platform. The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as…
-
WordPress GravityForms Plugin Hacked to Include Malicious Code
WordPress GravityForms Plugin Hacked to Include Malicious Code A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with…
-
GPUHammer – First Rowhammer Attack Targeting NVIDIA GPUs
GPUHammer – First Rowhammer Attack Targeting NVIDIA GPUs Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses on the popular NVIDIA A6000 GPU with GDDR6 memory, represents a significant expansion of the decade-old…
-
Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service operation, which has accumulated…
-
AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control
AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control A critical security vulnerability in AWS Organizations has been discovered that could allow attackers to achieve complete control over entire multi-account AWS environments through a mis-scoped managed policy. The flaw, identified in the AmazonGuardDutyFullAccess managed policy version 1, enables privilege escalation from…
-
Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data
Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data The cybersecurity landscape is witnessing an alarming surge in macOS-targeted information-stealing malware, marking a significant shift from the traditional Windows-centric threat model. These sophisticated infostealers are rapidly evolving to exploit macOS environments with unprecedented precision, targeting valuable data including browser credentials, cookies, and…
-
Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security
Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security Microsoft has successfully eliminated high-privilege access vulnerabilities across its Microsoft 365 ecosystem as part of its comprehensive Secure Future Initiative, marking a significant milestone in enterprise security architecture. The technology giant’s Deputy Chief Information Security Officer for Experiences and Devices, Naresh Kannan, announced that the company…
-
FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation
FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation The Federal Bureau of Investigation’s Atlanta Field Office announced today the seizure of several major online criminal marketplaces that provided pirated versions of popular video games, dismantling a multi-million dollar piracy operation that caused an estimated $170 million in losses to the gaming industry.…
-
Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild
Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild Researchers have observed widespread exploitation attempts targeting a critical memory disclosure vulnerability in Citrix NetScaler devices, designated as CVE-2025-5777 and dubbed “CitrixBleed 2.” This pre-authentication flaw enables attackers to craft malicious requests that leak uninitialized memory from affected NetScaler ADC and Gateway devices, potentially exposing sensitive…
-
Top 11 Best SysAdmin Tools in 2025
Top 11 Best SysAdmin Tools in 2025 In today’s rapidly evolving IT landscape, system administrators (SysAdmins) are the backbone of organizational efficiency and security. The right tools not only streamline workflows but also ensure robust monitoring, automation, and troubleshooting. As infrastructures become increasingly hybrid and complex, the demand for reliable, feature-rich SysAdmin tools has never…
-
10 Best Digital Forensic Investigation Tools – 2025
10 Best Digital Forensic Investigation Tools – 2025 In today’s digital-first world, cybercrime is evolving rapidly, making digital forensic investigation tools indispensable for law enforcement, cybersecurity professionals, and corporate investigators. These tools empower experts to uncover, analyze, and present digital evidence from computers, mobile devices, cloud services, and networks. The right forensic software can mean…
-
Windows 11’s New Black Screen of Death is Rolling Out for Users
Windows 11’s New Black Screen of Death is Rolling Out for Users Microsoft has begun rolling out a redesigned error screen interface as part of Windows 11 Build 26100.4762, introducing what users are calling the “new Black Screen of Death.” This update, released to the Release Preview Channel on July 10, 2025, fundamentally changes how…
-
Laravel APP_KEY Vulnerability Allows Remote Code Execution – Hundreds of Apps Affected
Laravel APP_KEY Vulnerability Allows Remote Code Execution – Hundreds of Apps Affected A critical vulnerability in Laravel applications exposes APP_KEY configuration values, enabling attackers to achieve remote code execution (RCE). Collaborative research between GitGuardian and Synacktiv revealed that approximately 260,000 APP_KEYs have been exposed on GitHub since 2018, with over 600 applications confirmed vulnerable to…
-
Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials
Rhadamanthys Infostealer Leveraging ClickFix Technique to Steal Login Credentials Rhadamanthys first surfaced in 2022 as a modular stealer sold under the Malware-as-a-Service model, but its latest campaign shows how quickly it is innovating. At the centre of the new wave is a booby-trapped CAPTCHA page dubbed ClickFix, which instructs victims to “verify” their session by…
-
Microsoft Outlook Down: Users Unable to Access Mailboxes
Microsoft Outlook Down: Users Unable to Access Mailboxes In a significant disruption for millions of users worldwide, Microsoft Outlook has been experiencing a major outage since Wednesday, July 9, 2025, starting at 10:20 PM UTC. The issue has left users unable to access their mailboxes through any connection method, causing widespread frustration among individuals and…
-
ChatGPT Tricked into Disclosing Windows Home, Pro, and Enterprise Editions Keys
ChatGPT Tricked into Disclosing Windows Home, Pro, and Enterprise Editions Keys A sophisticated jailbreak technique that bypasses ChatGPT’s protective guardrails, tricking the AI into revealing valid Windows product keys through a cleverly disguised guessing game. This breakthrough highlights critical vulnerabilities in current AI content moderation systems and raises concerns about the robustness of guardrail implementations…
-
Best SOC 2 Type 2 Certified Complaint Solutions – 2025
Best SOC 2 Type 2 Certified Complaint Solutions – 2025 In today’s digital-first business landscape, SOC 2 Type 2 compliance is no longer optional for organizations handling sensitive customer data. As cyber threats escalate and regulatory scrutiny intensifies, demonstrating robust security controls and continuous monitoring is essential for trust, growth, and competitive advantage. This comprehensive…
-
10 Best Secure Network As A Service (NaaS) For MSSP Providers – 2025
10 Best Secure Network As A Service (NaaS) For MSSP Providers – 2025 The rise of Secure Network as a Service (NaaS) is transforming how Managed Security Service Providers (MSSPs) deliver secure, scalable, and flexible networking solutions to their clients. As organizations shift toward cloud-first strategies and remote work, the demand for robust, cloud-native network security…
-
10 Best Advanced Endpoint Security Tools – 2025
10 Best Advanced Endpoint Security Tools – 2025 In today’s digital-first business landscape, advanced endpoint security is not just a luxury it’s a necessity. As organizations expand their operations across cloud, remote, and hybrid environments, every endpoint becomes a potential target for cybercriminals. From sophisticated ransomware to zero-day exploits, the threats are evolving at an…
-
Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network
Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections. This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory contents without requiring authentication or…
-
10 Best Secure Web Gateway Vendors In 2025
10 Best Secure Web Gateway Vendors In 2025 In 2025, the need for robust secure web gateways (SWGs) has never been greater. As organizations shift to hybrid work, cloud-first strategies, and digital transformation, threats targeting web traffic have grown in sophistication. Secure web gateways are now a foundational element for cybersecurity, providing real-time protection against…
-
Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems. The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote Desktop Protocol (RDP) connections. Key…
-
KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday
KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday Microsoft rolled out its latest cumulative update for Windows 10, version 21H2 and 22H2, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. The update, identified as KB5062554 (OS Builds 19044.6093 and 19045.6093), includes critical…
-
10 Best ZTNA Solutions (Zero Trust Network Access) In 2025
10 Best ZTNA Solutions (Zero Trust Network Access) In 2025 Zero Trust Network Access (ZTNA) has become a cornerstone of modern cybersecurity strategies, especially as organizations embrace remote work, cloud adoption, and hybrid infrastructures. In 2025, ZTNA solutions are not just a trend they are a necessity for securing sensitive data, ensuring compliance, and enabling…
-
Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators
Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators Scattered Spider’s phishing domain patterns provide actionable insights to proactively counter threats from the notorious cyber group responsible for recent airline attacks. Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise…
-
BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery
BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery New ransomware group employs advanced virtualization attack tactics to maximize damage and hinder organizational recovery efforts. A newly emerged ransomware group known as BERT has introduced a particularly disruptive capability that sets it apart from traditional ransomware operations: the ability to forcibly terminate ESXi…
-
Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results
Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results A sophisticated SEO poisoning campaign targeting system administrators with malicious backdoor malware. Arctic Wolf security researchers have uncovered a dangerous search engine optimization (SEO) poisoning and malvertising campaign that has been targeting IT professionals since early June 2025. The campaign uses fake websites…
-
Gamers Playing Call of Duty Hacked – RCE Exploited Let Players Hack Other Players’ PCs
Gamers Playing Call of Duty Hacked – RCE Exploited Let Players Hack Other Players’ PCs Call of Duty: WWII has been pulled offline after reports of a serious remote code execution vulnerability that allowed malicious players to take complete control of other gamers’ computers during live multiplayer matches. On Saturday, the Call of Duty development…
-
8 New Malicious Firefox Extensions Steals OAuth Tokens, Passwords and Spy on Users
8 New Malicious Firefox Extensions Steals OAuth Tokens, Passwords and Spy on Users Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The discovery reveals a coordinated campaign that exploits popular gaming…
-
ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access
ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers. The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous…
-
NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware
NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware A sophisticated APT group dubbed “NightEagle” (APT-Q-95) has been conducting targeted attacks against China’s critical technology sectors since 2023. The group has demonstrated exceptional capabilities in exploiting unknown Exchange vulnerabilities and deploying adaptive malware to steal sensitive intelligence from high-tech companies, chip semiconductor…
-
10 Best Network Security Solutions For Chief Security Officer To Consider – 2025
10 Best Network Security Solutions For Chief Security Officer To Consider – 2025 In today’s hyper-connected digital landscape, the stakes for network security have never been higher. With the proliferation of cloud computing, remote workforces, and IoT devices, organizations are exposed to a broader array of cyber threats than ever before. Chief Security Officers (CSOs)…
-
APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data
APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data Pakistan-based threat actor APT36, also known as Transparent Tribe, has significantly evolved its cyber-espionage capabilities by launching a sophisticated campaign specifically targeting Indian defense personnel through weaponized ZIP files designed to compromise BOSS Linux systems. This development marks a notable shift in…
-
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in…
-
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network…
-
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat…
-
Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily
Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis. This practice represents a significant departure from industry standards, where certificates typically remain valid…
-
Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass
Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious…
-
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software deployment, has…
-
Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence
Researchers Uncover New Technique to Exploit Azure Arc for Hybrid Escalation in Enterprise Environment and Maintain Persistence Cybersecurity researchers have discovered a sophisticated attack technique that exploits Microsoft Azure Arc deployments to gain persistent access to enterprise environments. The research, conducted during recent red team operations, reveals how adversaries can leverage misconfigured Azure Arc installations…
-
Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload
Hackers Exploiting Java Debug Wire Protocol Servers in Wild to Deploy Cryptomining Payload A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform, is designed…
-
Critical HIKVISION applyCT Vulnerability Exposes Devices to Code Execution Attacks
Critical HIKVISION applyCT Vulnerability Exposes Devices to Code Execution Attacks A critical security vulnerability has been discovered in HIKVISION’s applyCT component, part of the HikCentral Integrated Security Management Platform, that allows attackers to execute arbitrary code remotely without authentication. Assigned CVE-2025-34067 with a maximum CVSS score of 10.0, this vulnerability stems from the platform’s use…
-
Massive Android Ad Fraud ‘IconAds’ Leverages Google Play to Attack Phone Users
Massive Android Ad Fraud ‘IconAds’ Leverages Google Play to Attack Phone Users A sophisticated mobile ad fraud operation dubbed “IconAds” has infiltrated Android devices worldwide through 352 malicious applications distributed via Google Play Store, generating up to 1.2 billion fraudulent bid requests daily at its peak. The scheme represents a significant evolution in mobile advertising…
-
New Sophisticated Attack ypasses Content Security Policy Using HTML-Injection Technique
New Sophisticated Attack ypasses Content Security Policy Using HTML-Injection Technique A sophisticated technique to bypass Content Security Policy (CSP) protections using a combination of HTML injection and browser cache manipulation. The method exploits the interaction between nonce-based CSP implementations and browser caching mechanisms, specifically targeting the back/forward cache (bfcache) and disk cache systems. Key Takeaways1.…
-
Microsoft Investigating Forms Service Issue Not Accessible for Users
Microsoft Investigating Forms Service Issue Not Accessible for Users Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The issue, identified as incident FM1109073, began on July 4, 2025, at 12:42 PM GMT+5:30 and has been classified as a service…
-
New “123 | Stealer” Advertised on Underground Hacking Forums for $120 Per Month
New “123 | Stealer” Advertised on Underground Hacking Forums for $120 Per Month A new credential-stealing malware dubbed “123 | Stealer” has surfaced on underground cybercrime forums, being marketed by threat actor “koneko” for $120 per month. This malware-as-a-service (MaaS) offering represents the latest evolution in information stealer technology, combining sophisticated data exfiltration capabilities with…
-
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware A sophisticated social engineering campaign has emerged targeting unsuspecting users through fraudulent Cloudflare verification screens, representing a new evolution in malware distribution tactics. This attack method leverages the trusted appearance of legitimate web security services to deceive victims into executing malicious code on…
-
Top 10 Best Penetration Testing Tools – 2025
Top 10 Best Penetration Testing Tools – 2025 In today’s hyper-connected world, cyber threats are more advanced, persistent, and damaging than ever before. Organizations, regardless of their size or industry, face relentless attempts from hackers seeking to exploit vulnerabilities and gain unauthorized access to sensitive data. As we move into 2025, the stakes for robust…
-
10 World’s Best Cyber Security Companies – 2025
10 World’s Best Cyber Security Companies – 2025 In 2025, cybersecurity is not just a technical requirement it’s a fundamental pillar of modern business resilience and digital trust. As organizations worldwide accelerate their digital transformation, move to hybrid and multi-cloud environments, and embrace remote workforces, the threat landscape has grown exponentially. Cybercriminals are leveraging artificial…
-
Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User
Cisco Unified CM Vulnerability Allows Remote Attacker to Login As Root User A severe vulnerability in Cisco Unified Communications Manager (Unified CM) systems could allow remote attackers to gain root-level access to affected devices. The vulnerability, designated CVE-2025-20309 with a maximum CVSS score of 10.0, affects Engineering Special releases and stems from hardcoded SSH credentials…
-
Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details
Chinese Student Charged for Running a Mass Smishing Campaign to Harvest Victims Personal Details A sophisticated smishing operation targeting tens of thousands of potential victims across Greater London has resulted in the sentencing of Ruichen Xiong, a Chinese student, to over a year in prison at Inner London Crown Court. The case represents a significant…
-
CISA Warns of Chrome 0-Day Vulnerability Exploited in Attacks
CISA Warns of Chrome 0-Day Vulnerability Exploited in Attacks CISA has issued an urgent warning about a critical zero-day vulnerability in Google Chrome that attackers are actively exploiting in the wild. The vulnerability, designated CVE-2025-6554, affects the Chromium V8 JavaScript engine and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, marking it as…
-
10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025
10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025 Malware analysis is a critical skill for cybersecurity professionals, threat hunters, and incident responders. With the growing sophistication of cyber threats, having access to reliable, free malware analysis tools is essential for dissecting, understanding, and mitigating malicious software. This article reviews…
-
Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files
Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files A newly disclosed security advisory from Tenable reveals serious vulnerabilities in the Nessus vulnerability scanner that could enable attackers to compromise Windows systems through privilege escalation attacks. The security flaws, affecting all Nessus versions prior to 10.8.5, include a critical Windows-specific vulnerability (CVE-2025-36630) that allows…
-
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging legitimate browser saving mechanisms combined…
-
TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections
TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability, conducting both financially…
-
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on their own systems. Originally introduced by Proofpoint researchers in April 2024, this deceptive technique tricks victims into believing…
-
CISA Warns of Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in Attacks
CISA Warns of Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in Attacks CISA has issued an urgent warning regarding a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway products, designated as CVE-2025-6543. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June 30, 2025, threat actors are actively exploiting this high-severity flaw…
-
U.S DOJ Announces Nationwide Actions to Combat North Korean Remote IT Workers
U.S DOJ Announces Nationwide Actions to Combat North Korean Remote IT Workers The U.S. Department of Justice announced coordinated nationwide law enforcement actions on June 30, 2025, targeting North Korean remote information technology workers’ illicit revenue generation schemes that have defrauded American companies and funded the DPRK’s weapons programs. Summary1. The U.S. DoJ conducted coordinated…
-
North Korean Remote IT Workers Added New Tactics and Techniques to Infiltrate Organizations
North Korean Remote IT Workers Added New Tactics and Techniques to Infiltrate Organizations North Korean state-sponsored remote IT workers have significantly evolved their infiltration tactics, incorporating artificial intelligence tools and sophisticated deception techniques to penetrate organizations worldwide. Since 2024, these highly skilled operatives have enhanced their fraudulent employment schemes by leveraging AI-powered image manipulation, voice-changing…
-
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Defense Cyber Crime Center, and National Security Agency, has issued an urgent warning regarding potential cyber attacks by Iranian-affiliated actors targeting U.S. critical infrastructure. Despite ongoing ceasefire negotiations and diplomatic efforts,…
-
Top 20 Best Endpoint Management Tools – 2025
Top 20 Best Endpoint Management Tools – 2025 Endpoint management is now a cornerstone of modern IT operations, enabling organizations to secure, monitor, and optimize devices across diverse environments. As hybrid and remote work models continue to expand, the need for robust endpoint management tools is greater than ever. In this comprehensive guide, we review…
-
Androxgh0st Botnet Operators Exploiting US University For Hosting C2 Logger
Androxgh0st Botnet Operators Exploiting US University For Hosting C2 Logger The Androxgh0st botnet has significantly expanded its operations since 2023, with cybercriminals now compromising prestigious academic institutions to host their command and control infrastructure. This sophisticated malware campaign has demonstrated remarkable persistence and evolution, targeting a diverse range of vulnerabilities across web applications, frameworks, and…
-
CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks
CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks CISA has issued a critical warning regarding a Fortinet FortiOS vulnerability that poses significant risks to network security infrastructure. On June 25, 2025, CISA added CVE-2019-6693 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that this hard-coded credentials flaw is being actively exploited in real-world…
-
TeamFiltration Pentesting Tool Weaponized to Hijack Microsoft Teams, Outlook, and Other Accounts
TeamFiltration Pentesting Tool Weaponized to Hijack Microsoft Teams, Outlook, and Other Accounts A sophisticated cyberattack campaign has weaponized a legitimate penetration testing framework to compromise thousands of Microsoft cloud accounts across hundreds of organizations worldwide. The malicious operation, designated UNK_SneakyStrike, leverages TeamFiltration, a popular cybersecurity tool originally designed for Office 365 security assessments, to conduct…