serisec

Tag: cyber-security-news

  • Firefox 140 Released With Fix for Code Execution Vulnerability – Update Now

    Firefox 140 Released With Fix for Code Execution Vulnerability – Update Now Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution.  The update patches twelve distinct security flaws ranging from memory safety issues to platform-specific vulnerabilities affecting both desktop and mobile versions of…

  • Realtek Vulnerability Let Attackers Trigger DoS Attack via Bluetooth Secure Connections Pairing Process

    Realtek Vulnerability Let Attackers Trigger DoS Attack via Bluetooth Secure Connections Pairing Process A significant security vulnerability has been identified in Realtek’s RTL8762E SDK v1.4.0 that allows attackers to exploit the Bluetooth Low Energy (BLE) Secure Connections pairing process to launch denial-of-service attacks.  The vulnerability, discovered in the RTL8762EKF-EVB development platform, stems from improper validation…

  • Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers

    Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers A sophisticated malware campaign has emerged targeting WordPress and WooCommerce websites with highly obfuscated credit card skimmers and credential theft capabilities, representing a significant escalation in e-commerce cyberthreats. The malware family demonstrates advanced technical sophistication through its modular architecture, featuring multiple variants designed for…

  • WinRAR Directory Vulnerability Allows Arbitrary Code Execution Using a Malicious File

    WinRAR Directory Vulnerability Allows Arbitrary Code Execution Using a Malicious File Summary 1. A high-severity flaw (CVE-2025-6218) in WinRAR allows attackers to execute arbitrary code by exploiting how the software handles file paths within archives. 2. The vulnerability enables attackers to use specially crafted archive files with directory traversal sequences, leading to remote code execution.…

  • North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands

    North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands A sophisticated cybercriminal campaign has emerged targeting professionals through meticulously crafted fake Zoom applications designed to execute system takeover commands. The attack leverages advanced social engineering techniques combined with convincing domain spoofing to deceive users into compromising their systems, representing a significant…

  • WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks

    WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks Summary 1. The U.S. House Chief Administrative Officer banned WhatsApp from all government-issued devices used by congressional staffers, including mobile, desktop, and web browser versions. 2. The ban was implemented due to concerns about lack of transparency in data protection, absence of stored…

  • LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly

    LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in nation-state cyber…

  • BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware

    BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware A sophisticated social engineering campaign leveraging the trusted Zoom platform has emerged as the latest weapon in the arsenal of North Korean state-sponsored hackers. The BlueNoroff group, a financially motivated subgroup of the notorious Lazarus Group, has been orchestrating targeted attacks against cryptocurrency and…

  • Amazon EKS Vulnerabilities Expose Sensitive AWS Credentials and Escalate Privileges

    Amazon EKS Vulnerabilities Expose Sensitive AWS Credentials and Escalate Privileges Summary 1.  Overprivileged containers can steal AWS credentials by targeting the 169.254.170.23:80 endpoint through packet sniffing and API spoofing attacks. 2. Attackers use tcpdump to intercept plaintext traffic or manipulate network settings to deploy fake HTTP servers that capture authorization tokens. 3.  Amazon considers this…

  • NCSC Warns of ‘UMBRELLA STAND’ Malware Attacking Fortinet FortiGate Firewalls

    NCSC Warns of ‘UMBRELLA STAND’ Malware Attacking Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued a critical warning about a sophisticated malware campaign dubbed “UMBRELLA STAND” that specifically targets internet-facing Fortinet FortiGate 100D series firewalls. This newly identified threat represents a significant escalation in attacks against network infrastructure devices, with the…

  • Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches

    Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches In our fast-paced, interconnected world, the dangers of cyberattacks are becoming more frequent and complex. That’s why it’s more important than ever to stay updated and aware of the risks. Every week, our newsletter offers a simple roundup of the most important news, expert…

  • Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS

    Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS A threat actor has reportedly put up for sale a sophisticated FortiGate API exploit tool on a dark web marketplace, igniting significant concern within the cybersecurity community. The tool, which is being marketed for a price of $12,000 and comes with escrow services to facilitate…

  • Critical OpenVPN Driver Vulnerability Allows Attackers to Crash Windows Systems

    Critical OpenVPN Driver Vulnerability Allows Attackers to Crash Windows Systems Summary 1. A critical OpenVPN Windows driver flaw (CVE-2025-50054) allowed local attackers to crash systems. 2. The vulnerability enabled denial-of-service attacks but did not expose user data. 3. OpenVPN 2.7_alpha2 fixes the issue and improves Windows support. 4. Users should update promptly and restrict driver…

  • DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats

    DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats DuckDuckGo has significantly upgraded its Scam Blocker feature to protect users against a broader range of digital threats, including sham e-commerce platforms, fake cryptocurrency exchanges, and “scareware” tactics.  This enhancement comes as consumers reported $12.5 billion in fraud losses to the FTC in…

  • How Smart Timesheet Software Is Changing the Way of Work

    How Smart Timesheet Software Is Changing the Way of Work As an employee have been managing projects in remote, hybrid, and traditional work environments, employees have always faced the same challenge: the inability to understand where time, actually is spent. Regular tasks are not completed on time as they are supposed to be, meetings are…

  • Microsoft Warns of OneDrive Bug that Causes Searches to Appear Blank

    Microsoft Warns of OneDrive Bug that Causes Searches to Appear Blank Summary 1. A OneDrive bug is causing some users’ search results to appear blank, though files are still accessible. 2. Microsoft is investigating but has no fix or workaround yet. 3. Other issues include shortcut errors, sign-in problems, and language mismatches. 4. BT users…

  • Microsoft Announces New Security Defaults for Windows 365 Cloud PCs

    Microsoft Announces New Security Defaults for Windows 365 Cloud PCs Summary 1. Redirection controls disable clipboard, drive, USB, and printer access by default to prevent data exfiltration and malware injection. 2. Virtualization-based security enables VBS, Credential Guard, and HVCI on Windows 11 Cloud PCs to fortify against credential theft and kernel exploits. 3. Selective implementation…

  • Prometei Botnet Attacking Linux Servers to Mine Cryptocurrency

    Prometei Botnet Attacking Linux Servers to Mine Cryptocurrency Cybersecurity researchers have uncovered a significant resurgence of the Prometei botnet, a sophisticated malware operation targeting Linux servers for cryptocurrency mining and credential theft. This latest campaign, observed since March 2025, demonstrates the evolving nature of cryptomining malware and its persistent threat to enterprise infrastructure worldwide. The…

  • Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT

    Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Cybersecurity professionals across East and Southeast Asia are facing a sophisticated new threat as China-linked attackers deploy a weaponized MSI installer disguised as a legitimate WhatsApp setup package. This malicious campaign represents a significant escalation in social engineering tactics, leveraging the popularity and…

  • Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds

    Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds The largest distributed denial-of-service (DDoS) attack ever documented was successfully stopped by Cloudflare in mid-May 2025, with attackers unleashing a devastating 7.3 terabits per second (Tbps) attack that delivered 37.4 terabytes of malicious traffic in just 45 seconds.  Summary 1. Cloudflare blocked…

  • Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

    Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack Apache SeaTunnel, the widely used distributed data integration platform, has disclosed a significant security vulnerability that enables unauthorized users to execute arbitrary file read operations and deserialization attacks through its RESTful API interface.  The vulnerability, tracked as CVE-2025-32896 and reported on April 12, 2025, affects…

  • Hackers Exploit Atlassian’s Model Context Protocol by Submitting a Malicious Support Ticket

    Hackers Exploit Atlassian’s Model Context Protocol by Submitting a Malicious Support Ticket A sophisticated attack vector targeting Atlassian’s Model Context Protocol (MCP) that allows external threat actors to gain privileged access to internal systems through malicious support tickets.  The attack, dubbed “Living off AI,” exploits the trust boundary between external users submitting support requests and…

  • PowerShell Loaders With In-Memory Execution Techniques To Evade Disk-Based Detection

    PowerShell Loaders With In-Memory Execution Techniques To Evade Disk-Based Detection Cybersecurity researchers have uncovered a sophisticated PowerShell-based attack campaign that leverages advanced in-memory execution techniques to bypass traditional disk-based security controls. The malicious infrastructure spans across Chinese, Russian, and global hosting providers, demonstrating the international scope of modern cyber threats. At the center of this…

  • Massive 16 Billion Passwords From Apple, Facebook, Google and More Leaked From 320 Million Computers

    Massive 16 Billion Passwords From Apple, Facebook, Google and More Leaked From 320 Million Computers A new report has uncovered a staggering 16 billion login credentials from major platforms, including Apple, Facebook, Google, GitHub, Telegram, and government services.  The massive leak, discovered through 30 separate datasets, represents an unprecedented threat to global cybersecurity and digital…

  • AntiDot – 3-in-1 Android Malware Let Attackers Full Control of Compromised Devices

    AntiDot – 3-in-1 Android Malware Let Attackers Full Control of Compromised Devices A sophisticated new Android botnet malware called AntiDot has emerged as a significant threat to mobile device security, offering cybercriminals unprecedented control over infected devices. This malicious software operates as part of a Malware-as-a-Service (MaaS) model, marketed by threat actor LARVA-398 on underground…

  • Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

    Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.  The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published on June 18, 2025, and…

  • Authorities Busted Ransomware Gang – Nine Laptops and 15 Mobile Devices Were Seized

    Authorities Busted Ransomware Gang – Nine Laptops and 15 Mobile Devices Were Seized Thai law enforcement successfully dismantled a sophisticated ransomware operation during a coordinated raid at the Antai Holiday Hotel in central Pattaya on Monday, June 16, 2025.  The operation resulted in the arrest of six Chinese nationals specifically tasked with distributing malicious links…

  • Hackers Leverage Cloudflare Tunnels to Infect Systems Using Stealthy Python-Based Malware

    Hackers Leverage Cloudflare Tunnels to Infect Systems Using Stealthy Python-Based Malware A sophisticated malware campaign has emerged that exploits Cloudflare’s tunneling infrastructure to deliver multi-stage Python-based payloads, demonstrating an alarming evolution in cybercriminal tactics. The campaign, tracked as SERPENTINE#CLOUD, represents a significant escalation in the abuse of legitimate cloud services for malicious purposes, combining social…

  • Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion

    Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion.  The vulnerability, tracked as CVE-2025-49763, affects the Edge Side Includes (ESI) plugin and poses significant risks to organizations running affected…

  • Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts

    Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary Hosts A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resources from arbitrary hosts.  The vulnerability, assigned CVE-2025-6087 with a CVSS score of 7.8, affects all versions…

  • Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen

    Hackers Allegedly Claim Breach of Scania Financial Services, Sensitive Data Stolen A threat actor named “hensi” has reportedly claimed unauthorized access to Scania Financial Services’ insurance[.]scania.com subdomain and is allegedly selling around 34,000 files on cybercriminal marketplaces. While these claims remain unconfirmed by official sources, the incident highlights ongoing vulnerabilities in corporate digital infrastructure and…

  • Hackers Using ClickFix Technique to Deploy Remote Access Trojans and Data-Stealing Malware

    Hackers Using ClickFix Technique to Deploy Remote Access Trojans and Data-Stealing Malware Cybersecurity researchers have documented a significant surge in attacks utilizing the ClickFix social engineering technique, which has emerged as one of the most effective methods for initial access in modern cyber campaigns. This deceptive tactic tricks users into executing malicious PowerShell commands by…

  • Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!

    Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ systems.  The update, rolled out on Tuesday, June 17, 2025, patches three significant security flaws including two high-severity…

  • CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks

    CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks CISA has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that CVE-2023-0386 is being actively exploited in real-world attacks.  This improper ownership management flaw in the Linux kernel’s OverlayFS subsystem allows local attackers to escalate privileges through…

  • Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access

    Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions. Affecting millions worldwide, these vulnerabilities pose a severe security emergency that demands immediate patching. The first vulnerability exploits PAM configuration weaknesses in SUSE systems, while the…

  • Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages

    Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply chain. Over the past year, threat actors have significantly escalated their attacks against Web3 developers by publishing malicious packages to trusted registries…

  • China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure

    China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure Cross-strait tensions have escalated into a new domain as China and Taiwan engage in unprecedented mutual accusations of cyberwarfare targeting critical infrastructure systems. The diplomatic dispute has intensified following Taiwan President Lai Ching-te’s first year in office, during which both governments have publicly traded…

  • Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools

    Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools The penetration testing community has received a significant upgrade with the release of Kali Linux 2025.2, marking another milestone in the evolution of this essential cybersecurity platform. This latest version introduces groundbreaking smartwatch capabilities, a completely redesigned menu system, and a comprehensive suite…

  • Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

    Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). This new module uses AI-generated voices…

  • Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection

    Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection Despite sustained international pressure, sanctions, and public exposures over the past two years, the sophisticated Predator mobile spyware has demonstrated remarkable resilience, continuing to evolve and adapt its infrastructure to evade detection while maintaining operations across multiple continents. The mercenary spyware, originally developed…

  • Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider

    Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider Cybersecurity researchers have uncovered a sophisticated ransomware campaign targeting utility billing software providers through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) systems. The attack represents a concerning evolution in ransomware tactics, where threat actors are leveraging trusted remote access tools to establish…

  • Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware

    Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware The Fog ransomware group has evolved beyond conventional attack methods, deploying an unprecedented arsenal of legitimate pentesting tools in a sophisticated May 2025 campaign targeting a financial institution in Asia. This latest operation marks a significant departure from typical ransomware tactics, incorporating employee…

  • PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

    PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub.  The vulnerability, tracked as CVE-2025-33053, has reportedly been actively exploited by advanced persistent threat (APT) groups in targeted campaigns against enterprise…

  • Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

    Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists The advanced Graphite mercenary spyware, developed by Paragon, targets journalists through a sophisticated zero-click vulnerability in Apple’s iOS. At least three European journalists have been confirmed as targets, with two cases forensically verified. The spyware exploited a zero-day vulnerability in iOS that allowed attackers to compromise…

  • Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation

    Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Cybersecurity researchers have uncovered a sophisticated malware campaign that leveraged an advanced JavaScript obfuscation technique to compromise hundreds of legitimate websites and redirect unsuspecting visitors to malicious content. The campaign, which infected over 269,000 webpages between March and April 2025, employed a variant…

  • CISA Releases Guide to Protect Network Edge Devices From Hackers

    CISA Releases Guide to Protect Network Edge Devices From Hackers CISA and international cybersecurity partners have released a comprehensive suite of guidance documents aimed at protecting critical network edge devices from increasingly sophisticated cyberattacks.  This coordinated effort, involving cybersecurity authorities from nine countries, including Australia, Canada, the United Kingdom, and Japan, addresses the growing threat…

  • Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums

    Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums A sophisticated new threat platform, Nytheon AI, has emerged, which combines multiple uncensored large language models (LLMs) built specifically for malicious activities. The platform, discovered by Cato CTRL, is being actively promoted on popular hacking forums, including XSS and various Telegram channels, representing a…

  • 0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams

    0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak,” enables attackers to automatically exfiltrate sensitive organizational data without requiring any user interaction. The vulnerability represents a significant breakthrough in AI security research, introducing a new class of attack called “LLM Scope Violation”…

  • How to Conduct a Secure Code Review – Tools and Techniques

    How to Conduct a Secure Code Review – Tools and Techniques Secure code review represents a critical security practice that systematically examines software source code to identify and remediate security vulnerabilities before they reach production environments. This comprehensive examination serves as a proactive defense mechanism, enabling development teams to detect security flaws early in the…

  • Top 3 Evasion Techniques In Phishing Attacks: Real Examples Inside 

    Top 3 Evasion Techniques In Phishing Attacks: Real Examples Inside  Phishing attacks aren’t what they used to be. Hackers no longer rely on crude misspellings or sketchy email addresses. Instead, they use clever tricks to dodge detection tools and fool even cautious users.   Let’s break down three evasion techniques that are increasingly common in phishing…

  • CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks

    CISA Warns of Erlang/OTP SSH Server RCE Vulnerability Exploited in Attacks CISA has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH servers that is being actively exploited in the wild.  The vulnerability, tracked as CVE-2025-32433, enables attackers to achieve unauthenticated remote code execution on affected systems, prompting its immediate addition to CISA’s…

  • ManageEngine Exchange Reporter Plus Vulnerability Allows Remote Code Execution

    ManageEngine Exchange Reporter Plus Vulnerability Allows Remote Code Execution A severe security vulnerability has been identified in ManageEngine Exchange Reporter Plus that could allow attackers to execute arbitrary commands on target servers.  Designated as CVE-2025-3835, this critical remote code execution vulnerability affects all Exchange Reporter Plus installations with build 5721 and below.  ManageEngine has responded…

  • 84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks

    84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks A critical security vulnerability affecting Roundcube webmail installations has exposed over 84,000 systems worldwide to remote code execution attacks. The vulnerability, tracked as CVE-2025-49113, allows authenticated users to execute arbitrary code remotely, presenting a significant security risk to organizations relying on this popular open-source webmail…

  • SAP June 2025 Patch Day – 14 Vulnerabilities Patched Across Multiple Products

    SAP June 2025 Patch Day – 14 Vulnerabilities Patched Across Multiple Products SAP released its monthly Security Patch Day update addressing 14 critical vulnerabilities across multiple enterprise products.  The comprehensive security update includes patches addressing critical authorization bypass issues and cross-site scripting vulnerabilities, with CVSS scores ranging from 3.0 to 9.6.  Organizations using SAP enterprise…

  • Sensata Technologies Hit by Ransomware Attack – Operations Impacted

    Sensata Technologies Hit by Ransomware Attack – Operations Impacted Sensata Technologies, Inc., a prominent industrial technology company based in Attleboro, Massachusetts, has disclosed a significant cybersecurity incident that compromised the personal information of hundreds of individuals.  The external system breach, classified as a hacking incident, occurred on March 28, 2025, but remained undetected for nearly…

  • New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware

    New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems.  This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing…

  • PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution

    PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The vulnerability, tracked as CVE-2025-32756, carries a maximum CVSS score of 9.8 and enables unauthenticated remote code execution through…

  • Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux

    Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux Kali GPT, a specialized AI model built on GPT-4 architecture, has been specifically developed to integrate seamlessly with Kali Linux, offering unprecedented support for offensive security professionals and students alike. Kali GPT represents a significant breakthrough in the integration of artificial intelligence with penetration…

  • New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers

    New Rust Based InfoStealer Extracts Sensitive Data from Chromium-based Browsers A sophisticated new information-stealing malware written in the Rust programming language has emerged, demonstrating advanced capabilities to extract sensitive data from both Chromium-based and Gecko-based web browsers. The malware, known as Myth Stealer, represents a significant evolution in cybercriminal tactics, combining modern programming techniques with…

  • Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts

    Hackers Using New ClickFix Technique To Exploits Human Error Via Fake Prompts Cybersecurity researchers have identified a sophisticated new social engineering campaign that exploits fundamental human trust in everyday computer interactions. The ClickFix technique, which has been actively deployed since March 2024, represents a dangerous evolution in cybercriminal tactics that bypasses traditional security measures by…

  • Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

    Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools and game cheats,…

  • New ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware Silently

    New ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware Silently A sophisticated new social engineering attack campaign has emerged that exploits users’ familiarity with routine security checks to deliver malware through deceptive Cloudflare verification pages. The ClickFix attack technique represents a concerning evolution in phishing methodology, abandoning traditional file downloads in favor of…

  • DragonForce Ransomware Claimed To Compromise Over 120 Victims in The Past Year

    DragonForce Ransomware Claimed To Compromise Over 120 Victims in The Past Year DragonForce, a sophisticated ransomware operation that emerged in fall 2023, has established itself as a formidable threat in the cybercriminal landscape by claiming over 120 victims across the past year. Unlike traditional ransomware-as-a-service models, this threat actor has evolved into what security experts…

  • Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely

    Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and access sensitive enterprise data.  The vulnerabilities affect HPE StoreOnce VSA versions prior to 4.3.11 and present significant risks to enterprise backup and…

  • Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads

    Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads Cybercriminals are increasingly leveraging misconfigured artificial intelligence tools to execute sophisticated attacks that generate and deploy malicious payloads automatically, marking a concerning evolution in threat actor capabilities. This emerging attack vector combines traditional configuration vulnerabilities with the power of AI-driven content generation, enabling attackers to…

  • Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code

    Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code A significant security vulnerability in the Splunk Enterprise platform could allow low-privileged attackers to execute unauthorized JavaScript code through a reflected Cross-Site Scripting (XSS) flaw.  The vulnerability, tracked as CVE-2025-20297, affects multiple versions of Splunk Enterprise and Splunk Cloud Platform, prompting the company to issue…

  • SentinelOne Global Service Outage Root Cause Revealed

    SentinelOne Global Service Outage Root Cause Revealed Cybersecurity company SentinelOne has released a comprehensive root cause analysis revealing that a software flaw in an infrastructure control system caused the global service disruption that affected customers worldwide on May 29, 2025. The outage, which lasted approximately 20 hours, was fully restored by May 30 at 10:00…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code

    Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code Google has released an emergency security update for Chrome after confirming that a critical zero-day vulnerability is being actively exploited by attackers in the wild. The vulnerability, tracked as CVE-2025-5419, allows threat actors to execute arbitrary code on victims’ systems through out-of-bounds read…

  • Denodo Scheduler Vulnerability Let Attackers Execute Remote Code

    Denodo Scheduler Vulnerability Let Attackers Execute Remote Code A significant security vulnerability has been discovered in Denodo Scheduler, a data management software component, that allows attackers to execute remote code on affected systems.  The flaw, identified as CVE-2025-26147, exploits a path traversal vulnerability in the Kerberos authentication configuration feature, potentially compromising the security of enterprise…

  • Threat Actors Actively Exploiting Critical vBulletin Vulnerability in the Wild

    Threat Actors Actively Exploiting Critical vBulletin Vulnerability in the Wild A critical, unauthenticated remote code execution vulnerability in vBulletin forum software is now being actively exploited. The vulnerability, which impacts vBulletin versions 5.0.0 through 6.0.3, has been assigned CVE-2025-48827 and CVE-2025-48828 and is now being actively targeted by threat actors, marking it as a Known…

  • Critical Roundcube Vulnerability Let Attackers Execute Remote Code

    Critical Roundcube Vulnerability Let Attackers Execute Remote Code A critical vulnerability in the widely used Roundcube Webmail software allows authenticated attackers to execute arbitrary code remotely.  The vulnerability, discovered through PHP object deserialization flaws, affects all installations running versions 1.6. x and 1.5. One of the popular open-source webmail clients.  Security researcher firs0v reported the…

  • AI-Driven Threat Intelligence Staying Ahead of Attackers

    AI-Driven Threat Intelligence Staying Ahead of Attackers As cyber threats evolve at an unprecedented pace in 2025, organizations worldwide are turning to artificial intelligence to stay one step ahead of increasingly sophisticated attackers. The global threat intelligence market, valued at $14.29 billion in 2024, is projected to reach $26.31 billion by 2032, reflecting the urgent…

  • CISOs Guide to Regulatory Compliance in Global Landscapes

    CISOs Guide to Regulatory Compliance in Global Landscapes Chief Information Security Officers worldwide are grappling with an unprecedented surge in regulatory requirements as governments expand cybersecurity mandates across critical sectors, transforming the traditional CISO role into a strategic compliance leadership position that demands technical expertise and regulatory acumen. Rising Regulatory Complexity Reshapes CISO Responsibilities The…

  • Securing the Cloud Best Practices for Multi-Cloud Environments

    Securing the Cloud Best Practices for Multi-Cloud Environments As organizations increasingly embrace multi-cloud strategies to enhance flexibility and avoid vendor lock-in, securing the cloud in these complex environments has become a critical priority for 2025. With 89% of enterprises already implementing multi-cloud approaches and 98% using or planning to use multiple cloud providers, the security…

  • Quantum Threats Preparing Your Encryption Strategy

    Quantum Threats Preparing Your Encryption Strategy As quantum threats grow with advances in quantum computing, the cybersecurity landscape is undergoing its most significant transformation in decades, threatening to make current encryption methods obsolete. With experts predicting “Q-Day,” the moment quantum computers can break widely used encryption algorithms, could arrive as early as 2035, organizations worldwide…

  • Implementing NIST CSF 2.0 A Technical Blueprint

    Implementing NIST CSF 2.0 A Technical Blueprint After years of development and stakeholder feedback, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework (CSF) 2.0 in February 2024. This significant update represents the first major revision since the framework’s creation in 2014 and provides organizations with enhanced guidance for managing cybersecurity risks…

  • CISOs Guide to Navigating the 2025 Threat Landscape

    CISOs Guide to Navigating the 2025 Threat Landscape As we move through 2025, cybersecurity leaders rely on the CISO Threat Guide 2025 to navigate a volatile environment marked by AI-powered attacks, geopolitical tensions, and evolving criminal tactics. The landscape continues transforming rapidly, requiring Chief Information Security Officers (CISOs) to adapt their strategies and priorities to…

  • Ransomware 2.0 How AI-Powered Attacks Are Evolving

    Ransomware 2.0 How AI-Powered Attacks Are Evolving Ransomware attacks have entered a new era of sophistication and danger, with AI-powered ransomware attacks marking a significant evolution beyond encrypting payment files. It incorporates advanced tactics powered by artificial intelligence that make these attacks more devastating, harder to detect, and increasingly difficult to prevent. The Evolution of…

  • Threat Actors Leverage Google Apps Script To Host Phishing Websites

    Threat Actors Leverage Google Apps Script To Host Phishing Websites Cybercriminals have escalated their tactics by exploiting Google Apps Script, a trusted development platform, to host sophisticated phishing campaigns that bypass traditional security measures. This emerging threat represents a significant shift in how attackers leverage legitimate infrastructure to enhance the credibility of their malicious operations.…

  • Authorities Dismantled AVCheck, a Tool For Testing Malware Against Antivirus Detection

    Authorities Dismantled AVCheck, a Tool For Testing Malware Against Antivirus Detection Law enforcement agencies across multiple countries have successfully dismantled a sophisticated cybercriminal operation that provided malware testing services designed to evade antivirus detection systems. The coordinated international effort resulted in the seizure of four domains and their associated servers, dealing a significant blow to…

  • LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data

    LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data LexisNexis Risk Solutions has disclosed a significant data breach affecting approximately 364,000 individuals after discovering that an unauthorized third party gained access to sensitive personal information through a compromised third-party software development platform. The cybersecurity incident, which LexisNexis learned about on April 1, 2025, actually…

  • Tycoon2FA Infra Used by Dadsec Hacker Group to Steal Office365 Credentials

    Tycoon2FA Infra Used by Dadsec Hacker Group to Steal Office365 Credentials A sophisticated phishing campaign leveraging shared infrastructure between two prominent cybercriminal operations has emerged as a significant threat to Office 365 users worldwide. The Tycoon2FA Phishing-as-a-Service platform, which has been active since August 2023, has established operational connections with the notorious Storm-1575 group, also…

  • Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware

    Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Cybercriminals are increasingly exploiting the growing popularity of artificial intelligence tools by distributing sophisticated malware disguised as legitimate AI solution installers. This emerging threat landscape has seen malicious actors create convincing replicas of popular AI platforms, using these deceptive packages to deploy devastating…

  • New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER

    New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging deceptive CAPTCHA verification pages to distribute a newly discovered Rust-based infostealer dubbed EDDIESTEALER. This campaign represents a significant evolution in social engineering tactics, where threat actors exploit users’ familiarity with routine security verification processes to trick them into…

  • Implementing Identity and Access Management in Cloud Security

    Implementing Identity and Access Management in Cloud Security As organizations accelerate cloud adoption, securing digital identities has become a cornerstone of cybersecurity strategy. The 2025 Verizon Data Breach Investigations Report reveals that 80% of cyberattacks now leverage identity-based methods, with credential abuse and third-party vulnerabilities driving a 34% surge in breaches.  Meanwhile, the global cloud Identity…

  • CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits

    CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five urgent Industrial Control Systems (ICS) advisories on May 29, 2025, addressing critical vulnerabilities across widely deployed industrial automation and infrastructure systems.  These advisories highlight severe security flaws affecting Siemens access control systems, fire safety panels, environmental…

  • Ensuring Data Security in Cloud Storage and Collaboration Platforms

    Ensuring Data Security in Cloud Storage and Collaboration Platforms A surge in cloud adoption has been matched by escalating security challenges, with 82% of data breaches now involving cloud-stored information and 60% of organizations reporting public cloud-related incidents in 2024.  As enterprises increasingly rely on platforms like Google Drive, Microsoft Teams, and Slack for collaboration,…

  • Detecting and Remediating Misconfigurations in Cloud Environments

    Detecting and Remediating Misconfigurations in Cloud Environments As organizations accelerate cloud adoption, misconfigurations have emerged as a critical vulnerability, accounting for 23% of cloud security incidents and 81% of cloud-related breaches in 2024.  High-profile cases, such as the 2025 Capital One breach that exposed 100 million records due to a misconfigured firewall, underscore the urgency…

  • New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware

    New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware A sophisticated spear-phishing campaign has emerged targeting chief financial officers and senior financial executives across banking, energy, insurance, and investment sectors worldwide, marking a concerning escalation in precision-targeted cyber attacks against corporate leadership. The campaign, which surfaced on May 15, 2025, employs advanced social engineering…

  • Advanced Detection Strategies for APT Campaigns in 2025 Networks

    Advanced Detection Strategies for APT Campaigns in 2025 Networks The cybersecurity landscape of 2025 has become a high-stakes battleground as Advanced Persistent Threat (APT) campaigns leverage artificial intelligence, zero-day exploits, and cloud vulnerabilities to bypass traditional defenses. With APT attacks on critical infrastructure surging by 136% in Q1 2025 alone, and global detection volumes rising…

  • Countermeasures Against State-Sponsored APT Operations Worldwide

    Countermeasures Against State-Sponsored APT Operations Worldwide State-sponsored Advanced Persistent Threats (APTs) have become the defining challenge for cybersecurity professionals in 2025, with attacks growing in sophistication, persistence, and global reach. High-profile breaches targeting critical infrastructure, telecommunications, and government entities underscore the urgent need for robust, adaptive countermeasures. This article examines the evolving tactics of state-sponsored…

  • New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key

    New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key A sophisticated botnet campaign dubbed “AyySSHush” has compromised over 9,000 ASUS routers worldwide, establishing persistent backdoor access that survives firmware updates and reboots.  The stealthy operation, first detected in March 2025, demonstrates advanced nation-state-level tradecraft by exploiting authentication vulnerabilities and legitimate…

  • Microsoft OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites

    Microsoft OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites A critical security flaw in Microsoft’s OneDrive File Picker has exposed millions of users to unauthorized data access, allowing third-party web applications to gain complete access to users’ entire OneDrive storage rather than just selected files.  Security researchers from Oasis Security reported on…

  • Intruder vs. Pentest Tools vs. Attaxion: Selecting The Right Security Tool

    Intruder vs. Pentest Tools vs. Attaxion: Selecting The Right Security Tool While no one is immune to cyber threats, smaller organizations with very limited security budgets face the task of managing risks and implementing timely remediation very often without the resources to buy and maintain multiple tools. Security teams protecting these organizations have to choose…

  • Microsoft Releases Emergency Fix for BitLocker Recovery Issue

    Microsoft Releases Emergency Fix for BitLocker Recovery Issue Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after numerous reports from enterprise customers experiencing system…

  • CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation

    CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose significant risks to organizations…

  • Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes

    Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution.  The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding pfSense Plus builds. These flaws, CVE-2024-57273,…

  • W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials

    W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials A sophisticated phishing campaign utilizing the W3LL Phishing Kit has been actively targeting users’ Microsoft Outlook credentials through elaborate impersonation techniques. First identified by Group-IB in 2022, this phishing-as-a-service (PhaaS) tool has evolved into a comprehensive ecosystem complete with its own marketplace called W3LL…

  • glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks

    glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems to local privilege escalation attacks.  Tracked as CVE-2025-4802 and publicly disclosed on May 16, 2025, this vulnerability could allow attackers to execute arbitrary code by manipulating the LD_LIBRARY_PATH environment…

  • Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution

    Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution A critical vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) that could allow attackers to execute malicious code on affected systems remotely. The vulnerability, tracked as CVE-2025-21297, was disclosed by Microsoft in their January 2025 security updates and has since been actively exploited in the…