serisec

Tag: cyber-security-news

  • Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware

    Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware Security researchers have identified a critical vulnerability in Ivanti Connect Secure (ICS) VPN appliances that is being actively exploited by suspected Chinese threat actors. The vulnerability, tracked as CVE-2025-22457, is a buffer overflow flaw affecting ICS version 22.7R2.5 and earlier that can lead to remote…

  • Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring

    Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has powerful new APIs specifically designed for advanced threat monitoring and security analysis.  This major update, announced on March 13, 2025, introduces groundbreaking capabilities that significantly enhance the toolkit’s utility for security…

  • Apache Traffic Server Vulnerability Let Attackers Smuggle Requests

    Apache Traffic Server Vulnerability Let Attackers Smuggle Requests A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks.  The vulnerability, tracked as CVE-2024-53868, affects multiple versions of this high-performance HTTP proxy server and requires system administrators’ immediate attention. According…

  • OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code

    OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide.  The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the –tls-crypt-v2 option, a feature commonly…

  • Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers

    Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers CISA warns of threat actors’ increasing adoption of the fast flux technique to evade detection and conceal malicious server infrastructures. As cybercriminal operations grow increasingly sophisticated, threat actors adopt advanced techniques like fast flux to mask malicious infrastructure, evade defensive measures, and maintain persistent access…

  • Microsoft Uncovers Several Vulnerabilities in GRUB2, U-Boot, Barebox Bootloaders Using Copilot

    Microsoft Uncovers Several Vulnerabilities in GRUB2, U-Boot, Barebox Bootloaders Using Copilot Microsoft has discovered multiple critical vulnerabilities affecting widely used bootloaders including GRUB2, U-Boot, and Barebox. These security flaws potentially expose systems to sophisticated boot-level attacks that could compromise devices before operating systems even initialize, allowing attackers to gain persistent and nearly undetectable control over…

  • Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks

    Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.  These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to…

  • CrushFTP Vulnerability Exploited in Attacks Following PoC Release

    CrushFTP Vulnerability Exploited in Attacks Following PoC Release Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code.  Based on Shadowserver Foundation’s most recent monitoring data, approximately 1,512 unpatched instances remain vulnerable globally as of March 30, 2025, with North America…

  • CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks

    CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild.  The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated,…

  • Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals

    Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals Researchers have detected an alarming surge in malicious scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals.  Over a 30-day period, nearly 24,000 unique IP addresses have attempted to access these critical security gateways, suggesting a coordinated effort to probe network…

  • Lotus Blossom APT Exploits WMI for Post-Exploitation Activities

    Lotus Blossom APT Exploits WMI for Post-Exploitation Activities The Lotus Blossom Advanced Persistent Threat (APT) group, also known as Lotus Panda, Billbug, and Spring Dragon, has intensified its cyberespionage efforts with new variants of the Sagerunex backdoor. These developments highlight the group’s evolving tactics, including leveraging Windows Management Instrumentation (WMI) for post-exploitation activities and employing…

  • CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability

    CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). This vulnerability allows attackers to gain unauthorized access and deploy sophisticated malware variants, including the newly identified RESURGE and…

  • RamiGPT – AI Tool To Escalate Privilege & Gain Root Access Within a Minute

    RamiGPT – AI Tool To Escalate Privilege & Gain Root Access Within a Minute A new AI-driven offensive security tool, RamiGPT, is known for its ability to autonomously escalate privileges and gain root access to vulnerable systems in under a minute. Developed by GitHub user M507, the tool leverages OpenAI’s API. It integrates proven penetration…

  • ClickFix Captcha – A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows

    ClickFix Captcha – A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows A sophisticated social engineering technique has recently emerged in the cybersecurity landscape, rapidly gaining traction among threat actors seeking to distribute trojans, ransomware, and particularly Quakbot malware. This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements…

  • Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows

    Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing themes related to…

  • 46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings

    46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the world’s top 10…

  • DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models

    DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and covert threats to deep learning,…

  • Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence

    Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence Artificial intelligence has dramatically transformed the cybersecurity landscape, with red team activities increasingly leveraging sophisticated AI-driven techniques to simulate advanced persistent threats. These AI-enhanced red teams can now automate the process of penetrating targets and collecting sensitive data at unprecedented speeds. The evolution…

  • New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control

    New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control A newly identified malware strain dubbed “IOCONTROL” has emerged as a critical threat to operational technology (OT) and Internet of Things (IoT) systems, particularly targeting fuel-management infrastructure in the United States and Israel. First observed in December 2024, this Linux-based malware has been…

  • Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code

    Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code Security researchers have uncovered multiple critical vulnerabilities in Appsmith, a popular open-source developer platform for building internal applications.  Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20 through 1.51. CVE-2024-55963 – Remote Code…

  • CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS

    CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo.  These vulnerabilities, with CVSS v4 scores ranging from 5.1 to 9.3, could allow attackers to…

  • New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch

    New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025.  This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view a malicious…

  • Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild

    Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.  The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the…

  • Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code

    Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code A severe vulnerability in Synology’s DiskStation Manager (DSM) allows remote attackers to execute arbitrary code with no user interaction.  The flaw, disclosed during PWN2OWN 2024, received a Critical severity rating with a CVSS score of 9.8, indicating its potential for widespread exploitation. The primary vulnerability, identified…

  • Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing – PoC Released

    Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing – PoC Released A critical vulnerability in Windows File Explorer, identified as CVE-2025-24071, enables attackers to steal NTLM hashed passwords without any user interaction beyond simply extracting a compressed file.  Security researchers have released a proof-of-concept exploit demonstrating this high-severity flaw, which Microsoft patched in…

  • Hackers Allegedly Selling Firewall Access to Canon Inc on Hacking Forums

    Hackers Allegedly Selling Firewall Access to Canon Inc on Hacking Forums Threat actors are allegedly offering root access to Canon Inc.’s internal firewall systems on underground hacking forums.  According to security monitoring firm ThreatMon, the advertisement appeared on a popular dark web marketplace, claiming to provide administrator-level access to the Japanese camera giant’s network infrastructure.…

  • Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT

    Hacker Weaponizing Hard Disk Image Files To Deliver VenomRAT A sophisticated phishing campaign is leveraging virtual hard disk (.vhd) files to distribute the dangerous VenomRAT malware. The attack begins with purchase order-themed emails containing archive attachments that, when extracted, reveal hard disk image files designed to evade traditional security measures. Batch file inside .vhd file…

  • CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild

    CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat actors are actively exploiting. The authentication bypass vulnerability, tracked as CVE-2025-24472, has been added to CISA’s Known Exploited Vulnerabilities…

  • Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning

    Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning Google has officially launched OSV-Scanner V2.0.0, a major upgrade to its open-source vulnerability scanning tool.  Released on March 17, 2025, this new version represents a significant evolution in helping developers identify and fix security vulnerabilities in their software dependencies. The V2 release builds upon…

  • Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit

    Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit Security researchers have confirmed that a critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The vulnerability, which enables attackers to take control of servers with a simple PUT request, was disclosed last…

  • 23,000 GitHub Repositories Targeted In Supply Chain Attack

    23,000 GitHub Repositories Targeted In Supply Chain Attack In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date. The attackers exploited vulnerabilities in the software development pipeline to potentially distribute malicious code to thousands of…

  • Beware of Free File Word To PDF Converter That Delivers Malware

    Beware of Free File Word To PDF Converter That Delivers Malware The FBI has issued an urgent warning about the rising threat of malicious file conversion tools that are being used to spread malware across the United States. Cybercriminals are targeting users searching for free utilities to convert documents from one format to another, with…

  • Kentico Xperience CMS Authentication Bypass Vulnerability Allow Attackers Execute Arbitrary Code Remotely

    Kentico Xperience CMS Authentication Bypass Vulnerability Allow Attackers Execute Arbitrary Code Remotely Researchers discovered critical vulnerabilities in Kentico’s Xperience CMS that could allow attackers to completely compromise affected systems.  The vulnerabilities, identified as WT-2025-0006, WT-2025-0007, and WT-2025-0011, can be chained together to achieve unauthenticated remote code execution on systems with common configurations. Researchers at watchTowr…

  • New Context Compliance Attack Jailbreaks Most of The Major AI Models

    New Context Compliance Attack Jailbreaks Most of The Major AI Models A new, surprisingly simple method called Context Compliance Attack (CCA) has proven effective at bypassing safety guardrails in most leading AI systems. Unlike complex prompt engineering techniques that attempt to confuse AI systems with intricate word combinations, CCA exploits a fundamental architectural weakness present…

  • Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks

    Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks A Russian-speaking actor using the Telegram handle @ExploitWhispers leaked internal chat logs of Black Basta Ransomware-as-a-Service (RaaS) members on February 11, 2025. These communications, spanning from September 2023 to September 2024, have provided security researchers with unprecedented insight into the group’s operational tactics…

  • Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers

    Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers A hacker operating under the pseudonym “Empire” has allegedly listed a database containing 3,176,958 records from Honda Cars India Ltd for sale on a notorious cybercrime forum. The leaked data reportedly includes sensitive customer information such as names, aliases, addresses, customer IDs, and contact…

  • Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition

    Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition Cisco has issued security advisories for multiple vulnerabilities affecting its IOS XR Software, with particular emphasis on a significant memory corruption vulnerability in the Border Gateway Protocol (BGP) confederation implementation.  The vulnerability tracked as CVE-2025-20115, with a CVSS score of 8.6, could…

  • Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication

    Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication Two critical authentication bypass vulnerabilities have been discovered in the ruby-saml library, potentially exposing numerous web applications to account takeover attacks.  Security researchers from GitHub Security Lab have identified parser differential vulnerabilities (CVE-2025-25291 and CVE-2025-25292) affecting ruby-saml versions up to 1.17.0, which could allow attackers to impersonate any…

  • Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover 

    Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover  Two sophisticated phishing campaigns were observed targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities combined with brand impersonation techniques.  Threat researchers are warning organizations about these highly targeted attacks designed to bypass traditional security controls and achieve account takeover (ATO). The malicious campaigns leverage familiar…

  • New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens

    New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python’s official third-party software repository.  This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud…

  • Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware

    Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand.  The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher, the malware uses the current time in…

  • SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware

    SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of a custom ransomware strain dubbed “SuperBlack.”…

  • Top 10 Best Cyber Attack Simulation Tools – 2025

    Top 10 Best Cyber Attack Simulation Tools – 2025 Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. These tools range from breach and attack simulation (BAS) platforms to adversary emulation frameworks. Here are some of the top cyber attack simulation tools: Cyberattack is…

  • Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days

    Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March patch tuesday update included fixes for: In addition to…

  • 400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild

    400+ IPs Actively Exploiting Multiple SSRF Vulnerabilities In The Wild A coordinated surge in Server-Side Request Forgery (SSRF) exploitation has been detected across multiple widely used platforms, affecting organizations worldwide. Security monitoring reveals approximately 400 unique IP addresses actively targeting multiple SSRF-related CVEs simultaneously, indicating a sophisticated and potentially dangerous campaign. The exploitation surge began…

  • CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

    CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding an actively exploited vulnerability in Microsoft Windows Management Console (MMC), tracked as CVE-2025-26633.  This improper neutralization flaw (CWE-707) enables remote attackers to execute arbitrary code over a network, posing significant…

  • Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations

    Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. Initial…

  • Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks

    Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft malicious web content capable…

  • Enabling Incognito Mode in RDP to Hide All the Traces

    Enabling Incognito Mode in RDP to Hide All the Traces Microsoft’s Remote Desktop Protocol (RDP) has introduced a lesser-known but critical security feature colloquially referred to as “incognito mode” through its /public command-line parameter.  This functionality, formally called public mode, prevents the client from storing sensitive session artifacts—a development with significant implications for cybersecurity, digital…

  • GitHub Details How Security Professionals Can Use Copilot to Analyze Logs

    GitHub Details How Security Professionals Can Use Copilot to Analyze Logs GitHub has unveiled groundbreaking applications of its AI-powered coding assistant, Copilot, specifically tailored for security professionals analyzing system logs and operational data.  The tool now demonstrates unprecedented capabilities in parsing security event information, identifying anomalies, and accelerating incident response workflows through intelligent code suggestions…

  • North Korean IT Workers Using GitHub To Attack Organization Globally

    North Korean IT Workers Using GitHub To Attack Organization Globally Cybersecurity research firm NISOS has uncovered a network of suspected North Korean IT workers who are leveraging GitHub to create elaborate fake personas aimed at securing employment with companies in Japan and the United States. These individuals pose as Vietnamese, Japanese, and Singaporean nationals while…

  • CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a severe vulnerability in the Edimax IC-7100 IP Camera. This vulnerability, CVE-2025-1316, allows attackers to execute remote code on the device by sending specially crafted requests, exploiting an improper neutralization…

  • AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches

    AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed “EntrySign,” this flaw stems from AMD’s use of the AES-CMAC algorithm as a hash function during microcode validation—a…

  • Google Silently Tracks Android Device Even No Apps Opened by User

    Google Silently Tracks Android Device Even No Apps Opened by User Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently track users without seeking…

  • Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k

    Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k Two individuals were arrested this week in a sophisticated cybercrime operation targeting high-demand events. They were accused of orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s Eras Tour and other major concerts.  Queens District Attorney Melinda Katz revealed that Tyrone Rose, 34,…

  • SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details

    SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities.  This shift in strategy represents a significant evolution in ransomware operations, targeting organizations’ cybersecurity weaknesses rather…

  • Android App With 220,000+ Downloads From Google Play Installs Banking Trojan

    Android App With 220,000+ Downloads From Google Play Installs Banking Trojan A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection process. It deploys fake…

  • 50 World’s Best Cyber Security Companies – 2025

    50 World’s Best Cyber Security Companies – 2025 Cybersecurity has transformed from a niche technical field into a critical business priority that shapes organizational strategies worldwide. As we navigate through 2025, the cybersecurity industry continues to expand in response to increasingly sophisticated threats, digital transformation initiatives, and regulatory requirements. The global cybersecurity market is thriving, with projections showing growth to $345.4…

  • Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware

    Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware A sophisticated ransomware attack leveraging a critical Atlassian Confluence vulnerability (CVE-2023-22527, CVSS 10.0) has been uncovered, culminating in the deployment of LockBit Black ransomware across enterprise networks within two hours of initial compromise. The attackers orchestrated a multi-stage intrusion involving credential theft, lateral movement via RDP,…

  • Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released

    Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems.  All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the flaw identified as CVE-2024-34331, which…

  • DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast

    DeepSeek Unveils FlashMLA, A Decoding Kernel That’s Make Things Blazingly Fast DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory bandwidth and 580 TFLOPS…

  • Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries

    Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.  The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN SMTP transactions when specific configuration…

  • PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability

    PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5’s BIG-IP application delivery controllers.  The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to execute arbitrary system commands through improper neutralization of special elements in…

  • Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code 

    Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses…

  • Russian Government Proposed New Penalties to Combat Cybercrime

    Russian Government Proposed New Penalties to Combat Cybercrime The Russian government announced a comprehensive legislative package on February 10, 2025, introducing severe penalties for cybercrimes.  The reforms, which amend over 30 existing laws, aim to modernize Russia’s cybersecurity framework by escalating prison terms, expanding asset confiscation protocols, and mandating public trials for high-profile cybercriminals.  The…

  • GPT-4o Copilot Trained in Over 30 Popular Programming Languages

    GPT-4o Copilot Trained in Over 30 Popular Programming Languages Microsoft has unveiled GPT-4o Copilot, a cutting-edge code completion model now available for Visual Studio Code (VS Code) users.  Built on the GPT-4o mini architecture and trained on over 275,000 high-quality public repositories spanning more than 30 popular programming languages, this update promises significant improvements in…

  • Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses

    Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection,…

  • CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities

    CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories, addressing critical vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix controllers.  These advisories highlight exploitable flaws in systems widely used in manufacturing, energy, and critical infrastructure sectors.  The disclosures underscore escalating…

  • Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication

    Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and “UTA0307.”…

  • Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number

    Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users.  This breach highlights the critical need for robust security measures in government-operated digital platforms,…

  • New Android Security Feature that Blocks Changing Sensitive Setting During Calls

    New Android Security Feature that Blocks Changing Sensitive Setting During Calls Google has unveiled a groundbreaking security feature in Android 16 Beta 2 aimed at combating phone scams by blocking users from altering sensitive settings during active phone calls.  This feature, currently live in the beta version, prevents enabling permissions like sideloading apps and granting…

  • Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment

    Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. The scam involves a malicious binary named CITFIX#37.exe, which…

  • PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats

    PurpleLab – A Free Cybersecurity Lab for Security Teams to Detect, Analyze & Simulate Threats In a significant step forward for cybersecurity professionals, PurpleLab offers an innovative open-source cybersecurity lab for creating and testing detection rules, simulating logs, and running malware tests. Designed as an all-in-one lab environment, PurpleLab equips analysts with tools to enhance…

  • SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release

    SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release A critical authentication bypass vulnerability in SonicWall firewalls, tracked as CVE-2024-53704, is now being actively exploited in the wild, cybersecurity firms warn. The surge in attacks follows the public release of proof-of-concept (PoC) exploit code on February 10, 2025, by researchers at Bishop Fox,…

  • New Go-Based Malware Exploits Telegram and Use It as C2 Channel

    New Go-Based Malware Exploits Telegram and Use It as C2 Channel Researchers have identified a new backdoor malware, written in Go programming language, that leverages Telegram as its command-and-control (C2) channel. While the malware appears to still be under development, it is already fully functional and capable of executing various malicious activities. This innovative use…

  • Beware of Fake BSOD Delivered by Malicious Python Script

    Beware of Fake BSOD Delivered by Malicious Python Script A recently discovered Python script has been flagged as a potential cybersecurity threat due to its use of a clever anti-analysis trick.  This script, which has a low detection rate on VirusTotal (4/59), uses the tkinter library to create a fake “Blue Screen of Death” (BSOD)…

  • Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly

    Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content. The vulnerability discovered by two web development experts arises from the website’s use of an unsecured…

  • Lazarus Group Infostealer Malwares Attacking Developers In New Campaign

    Lazarus Group Infostealer Malwares Attacking Developers In New Campaign The notorious Lazarus Group, a North Korean Advanced Persistent Threat (APT) group, has been linked to a sophisticated campaign targeting software developers. This campaign involves the use of infostealer malware, designed to steal sensitive information from developers’ systems. The attack leverages social engineering tactics, including fake…

  • New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

    New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack, attributed to a group called Storm-2372, has been active since August 2024 and targets a wide range…

  • RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access 

    RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as “Salt Typhoon,” also referred to as “RedMike.”  Between December 2024 and January 2025, the group exploited over 1,000 unpatched Cisco network devices globally, targeting telecommunications providers and universities.  The campaign highlights…

  • AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

    AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen Master Utility, a software tool designed to optimize the performance of AMD Ryzen processors.  The vulnerability, classified as DLL hijacking, could allow attackers to execute arbitrary code and escalate privileges on…

  • PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

    PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.  This flaw was identified during research into the exploitation of CVE-2024-12356, a remote code execution (RCE) vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products.  The discovery highlights…

  • WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

    WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files. The flaw, rated 7.8 on the CVSS scale, impacts WinZip 28.0 (Build 16022) and earlier versions, requiring users to update to…

  • Have I Been Pwned Likely to Ban Resellers Subscriptions

    Have I Been Pwned Likely to Ban Resellers Subscriptions Have I Been Pwned (HIBP), a popular data breach notification service, has expressed a strong inclination to ban resellers from obtaining platform memberships.  Troy Hunt made this decision after thoroughly examining the excessive support burden these resellers impose on the service. HIBP is a collectivel that…

  • Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS

    Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.  This vulnerability, with a CVSSv3.1 score of 7.8, exposes affected systems to significant threats…

  • Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource

    Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the “whoAMI” attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized code execution within AWS accounts.  The vulnerability arises from misconfigured…

  • KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques

    KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed “SysBumps,” this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed to protect kernel memory from exploitation.  The findings, presented at the…

  • Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications

    Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server capabilities make it an attractive choice…

  • Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications

    Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks.  These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers. CVE-2025-1193 Improper Host…

  • Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans

    Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans In honor of Safer Internet Day, Google has announced a significant milestone in online security, more than 1 billion Chrome users are now safeguarded by the browser’s Enhanced Protection mode. This advanced security feature, introduced in 2020 as part of Google Safe…

  • Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

    Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.  This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems.  The flaw is present in versions up to 22.7R2.5…

  • Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory

    Hackers Exploit Prompt Injection to Tamper with Gemini AI’s Long-Term Memory A sophisticated attack targeting Google’s Gemini Advanced chatbot.  The exploit leverages indirect prompt injection and delayed tool invocation to corrupt the AI’s long-term memory, allowing attackers to plant false information that persists across user sessions.  This vulnerability raises serious concerns about the security of…

  • Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely

    Windows Storage 0-Day Vulnerability Let Attackers Delete The Target Files Remotely A significant security vulnerability has been identified in Windows, allowing attackers to remotely delete targeted files on affected systems. This vulnerability, tracked as CVE-2025-21391, was disclosed on February 11, 2025, and is classified as an Elevation of Privilege vulnerability with a severity rating of…

  • USB Army Knife – A Powerful Red Team Tool for Penetration Testers

    USB Army Knife – A Powerful Red Team Tool for Penetration Testers The USB Army Knife is a versatile red-teaming tool for penetration testers that emulates a USB Ethernet adapter for traffic capture, enables custom attack interfaces, and functions as covert storage all in one compact device. This multi-functional firmware combines a variety of attack…

  • FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials

    FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials A sophisticated malware campaign dubbed “FinStealer” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. The malware, identified as Trojan.rewardsteal/joxpk, employs advanced tactics to steal banking credentials and personal information from unsuspecting users. The malicious campaign operates through a…

  • SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data

    SouthKorea Spy Agency Says DeepSeek Excessively Collects Personal Data SEOUL, South Korea’s National Intelligence Service (NIS) has raised concerns over the Chinese AI app DeepSeek, accusing it of “excessively” collecting personal data and posing national security risks.  The NIS issued an advisory urging government agencies to adopt stringent security measures when dealing with the app,…

  • Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account

    Alabama Man Pleaded Guilty for Hacking U.S. Securities and Exchange Commission X Account Eric Council Jr., a 25-year-old from Athens, Alabama, pleaded guilty on February 10, 2025, to charges stemming from the January 2024 hacking of the U.S. Securities and Exchange Commission’s (SEC) social media account on X (formerly Twitter).  The breach involved a fraudulent…

  • Akira Ransomware Leads The Number of Ransomware Attacks For January 2025

    Akira Ransomware Leads The Number of Ransomware Attacks For January 2025 January 2025 marked a significant month in the ransomware landscape, with Akira emerging as the leading threat. According to recent reports, Akira was responsible for 72 attacks globally, highlighting its rapid rise in prominence. This surge in activity is part of a broader trend…

  • SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account

    SAML Bypass Authentication on GitHub Enterprise Servers To Login as Other User Account A significant vulnerability has been identified in GitHub Enterprise Servers, allowing attackers to bypass SAML authentication and log in as other user accounts. This exploit leverages quirks in the libxml2 library, specifically related to XML entities, to deceive the verification process. The…

  • Tor Browser 14.0.6 Released, What’s New!

    Tor Browser 14.0.6 Released, What’s New! The Tor Project has officially launched Tor Browser 14.0.6, addressing a critical crash issue affecting users on older macOS systems. This latest update incorporates several technical improvements, ensuring enhanced stability and performance across platforms. Tor Browser is built on Firefox ESR (Extended Support Release) and incorporates advanced privacy features…