serisec

Tag: cyber-security-news

  • SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data

    SoundCloud Confirms Data Breach – Hackers Exfiltrated User Account Data SoundCloud has confirmed a security incident involving unauthorized access to user data, revealing that hackers exfiltrated email addresses and public profile information from approximately 20% of its user base. The company disclosed the breach in a transparency blog post on December 15, 2025, emphasizing that…

  • New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number

    New GhostPairing Attack Let Attackers Gain Full Access in WhatsApp with Phone Number A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities. The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp’s legitimate device linking feature to grant attackers…

  • Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild

    Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 to perform unauthenticated single sign-on (SSO) logins via malicious SAML messages, granting attackers administrative access. Fortinet disclosed the flaws in a PSIRT…

  • PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen

    PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen The notorious hacking collective ShinyHunters has claimed responsibility for a major data breach at Mixpanel, a popular analytics provider, exposing limited user data tied to Pornhub Premium accounts. The incident, which has only affected select Premium subscribers, has raised concerns within the cybersecurity community. Although…

  • ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices

    ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as React2Shell, represents a remote code execution flaw attracting widespread exploitation. While initial attacks primarily deployed cryptocurrency miners, security…

  • Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution

    Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that…

  • CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation

    CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still utilize these legacy devices.…

  • CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices

    CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure Boot configurations to counter bootkit threats. Released in December 2025 as a Cybersecurity Information Sheet (CSI),…

  • Cybersecurity News Weekly Newsletter – Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25

    Cybersecurity News Weekly Newsletter – Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25 As 2025 nears its close, the cybersecurity landscape shows no signs of slowing down. This week’s developments highlight how rapidly the threat environment continues to evolve with major zero-day vulnerabilities targeting Windows, Chrome, and Apple devices, each actively…

  • CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked as CVE-2025-62221,…

  • Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware

    Google Warns Multiple Hacker Groups Are Exploiting React2Shell to Spread Malware Google Threat Intelligence Group (GTIG) has issued a warning regarding the widespread exploitation of a critical security flaw in React Server Components. Known as React2Shell (CVE-2025-55182), this vulnerability allows attackers to take control of servers remotely without needing a password. Since the vulnerability was disclosed…

  • Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers

    Empire 6.3.0 Launches With New Features for Red Teams and Penetration Testers BC Security has announced the release of Empire 6.3.0, the latest iteration of the widely used post-exploitation and adversary emulation framework. This update reinforces Empire’s position as a premier tool for Red Teams and penetration testers, offering a flexible, modular server architecture written in…

  • CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability in Google Chromium’s ANGLE graphics engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-14174, the flaw allows remote attackers to trigger out-of-bounds memory access via a malicious HTML page,…

  • Rust-Based Luca Stealer Spreads Across Linux and Windows Systems

    Rust-Based Luca Stealer Spreads Across Linux and Windows Systems Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape…

  • New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting

    New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into executing the payload. The campaign…

  • Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users

    Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users Apple patches two WebKit zero-day flaws actively exploited in sophisticated attacks targeting specific iPhone users running iOS versions prior to 26.​ The iOS 26.2 and iPadOS 26.2 updates, released December 12, 2025, address CVE-2025-43529 and CVE-2025-14174 in WebKit. CVE-2025-43529 involves a use-after-free vulnerability enabling arbitrary…

  • Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3

    Kali Linux 2025.4 Released With 3 New Hacking Tools and Wifipumpkin3 Kali Linux 2025.4, released with substantial desktop environment improvements, full Wayland support across virtual machines, and three powerful new hacking tools, including the much-anticipated Wifipumpkin3.​ Released on December 12, 2025, this update focuses on modernizing the user experience while maintaining Kali’s position as the…

  • Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

    Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity and suspected exploitation attempts,…

  • Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware

    Ashen Lepus Hacker Group Attacks Eastern Diplomatic Entities With New AshTag Malware A Hamas‑affiliated threat group known as Ashen Lepus, also tracked as WIRTE, has launched a new espionage campaign against governmental and diplomatic entities across the Middle East. The group uses realistic Arabic‑language diplomatic lures that reference regional politics and security talks to trick…

  • Apache Struts 2 DoS Vulnerability Let Attackers Crash Server

    Apache Struts 2 DoS Vulnerability Let Attackers Crash Server A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion and server crashes. Organizations running affected versions should…

  • Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges

    Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems. CVE-2025-62472 stems from the use of uninitialized…

  • CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks

    CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day flaw in attacks targeting both public…

  • New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks

    New Vulnerabilities in React Server Components Allow DoS Attacks and Source Code Leaks Less than a week after addressing a critical Remote Code Execution (RCE) vulnerability, the React team has disclosed three additional security flaws affecting React Server Components (RSC). Security researchers discovered these new issues while attempting to bypass the mitigations for the previous…

  • Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer

    Threat Actors Leverage ChatGPT to Attack Mac Devices With AMOS InfoStealer A new AMOS InfoStealer campaign is abusing trust in ChatGPT to infect Mac devices under the guise of simple troubleshooting help. Victims search for a fix to a sound problem, click a sponsored ChatGPT result, and are shown what looks like a normal chat…

  • Hackers Infiltrate VS Code Marketplace with 19 Malicious Extensions Posing as PNG File

    Hackers Infiltrate VS Code Marketplace with 19 Malicious Extensions Posing as PNG File Security researchers have uncovered a significant threat targeting developers through the VS Code Marketplace. A coordinated campaign involving 19 malicious extensions has been actively infiltrating the platform, with the attack remaining undetected since February 2025. These deceptive extensions carry hidden malware in…

  • Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data

    Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data A critical information disclosure vulnerability in Windows Defender Firewall Service, which could allow authorized attackers to access sensitive heap memory on affected systems. The vulnerability, tracked as CVE-2025-62468, was assigned an Important severity rating and released on December 9, 2025. The flaw stems from an…

  • Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security

    Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security Critical security updates for Acrobat and Reader are available, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code and bypass essential security features. Adobe issued security bulletin APSB25-119 on December 9, 2025, with a priority rating of 3, affecting both Windows and macOS…

  • Google Warns of Chrome 0-Day Vulnerability Actively Exploited in the wild

    Google Warns of Chrome 0-Day Vulnerability Actively Exploited in the wild Google has released an urgent security update for the Chrome browser to address a high-severity zero-day vulnerability that is currently being exploited in the wild. This emergency patch is part of the latest Stable channel update, bringing the version to 143.0.7499.109/.110 for Windows and…

  • Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code

    Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly disclosed on December 9, 2025, and represents a significant security risk for organizations worldwide. The flaw stems from improper neutralization of…

  • CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks

    CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being exploited by attackers to compromise systems and execute malicious code. The specific flaw is known as a…

  • Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs

    Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs A critical zero-click vulnerability dubbed “GeminiJack” in Google Gemini Enterprise and previously Vertex AI Search that let attackers steal sensitive corporate data from Gmail, Calendar, and Docs with minimal effort. According to Noma Labs, it was considered an architectural flaw rather than merely a bug.…

  • Microsoft 365 Services Disruption in Australia: Users Face Access Issues in Accessing Services

    Microsoft 365 Services Disruption in Australia: Users Face Access Issues in Accessing Services Users across Australia are currently grappling with significant disruptions to critical business tools as Microsoft 365 services experience a widespread outage. The incident, which began on the morning of December 10, 2025, is preventing a large number of enterprise and individual users…

  • Windows Cloud Files Mini Filter Driver 0-Day Vulnerability Exploited in the Wild

    Windows Cloud Files Mini Filter Driver 0-Day Vulnerability Exploited in the Wild Microsoft has released urgent security updates to address a zero-day vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that is currently being exploited in the wild. Assigned the identifier CVE-2025-62221, this elevation of privilege flaw affects a wide range of Windows…

  • SAP Security Patch Day: Fix for Critical Vulnerabilities in SAP Solution Manager, NetWeaver, and Other Products

    SAP Security Patch Day: Fix for Critical Vulnerabilities in SAP Solution Manager, NetWeaver, and Other Products SAP released 14 new security notes on its monthly Security Patch Day on December 9, 2025, addressing vulnerabilities across key products, including SAP Solution Manager, NetWeaver, Commerce Cloud, and more. Three critical flaws with CVSS scores exceeding 9.0 demand…

  • 500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online

    500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online Over 565 internet-exposed Apache Tika Server instances are vulnerable to a critical XML External Entity (XXE) injection flaw. That could enable attackers to steal sensitive data, launch denial-of-service attacks, or conduct server-side request forgery operations. The vulnerability, tracked as CVE-2025-66516, affects tika-core versions…

  • Apple, Google and Samsung May Enable Always-On GPS in India

    Apple, Google and Samsung May Enable Always-On GPS in India The Indian government is currently evaluating a controversial proposal from the telecom industry that would mandate smartphone manufacturers to enable “always-on” satellite location tracking. This move has sparked significant opposition from major technology companies, including Apple, Google, and Samsung, who argue it poses serious privacy…

  • Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities

    Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ extension, introducing detection for the critical React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478). This server-side request forgery (SSRF) flaw in React applications allows attackers to execute arbitrary shell commands, potentially leading to…

  • Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware

    Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware A deceptive Android application lurking in the Google Play Store, disguised as a document reader and file manager, but delivering the Anatsa banking trojan to users. Cybersecurity firm Zscaler ThreatLabz found an app named “Document Reader – File Manager” by developer ISTOQMAH.…

  • Crypto User Loses $9,000 in Seconds After Clicking Instagram Ad Promising Easy Profits

    Crypto User Loses $9,000 in Seconds After Clicking Instagram Ad Promising Easy Profits Jack, a Solana enthusiast using the Phantom wallet, fell victim to a sophisticated crypto drainer scam that wiped out $9,000 from his wallet almost instantly. He informed Cybersecurity News that the incident began with an attractive Instagram advertisement touting quick profits that…

  • Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack

    Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack A leading contract research organization specializing in pharmaceutical drug discovery and development services disclosed a significant data breach stemming from a ransomware attack that occurred in early August 2025. The Inotiv company announced the cybersecurity incident in its fiscal 2025 financial results disclosure. Revealing that threat…

  • Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection

    Shanya EDR Killer Leveraged by Ransomware Groups to Clear the Way for Ransomware Infection The cybercriminal landscape has recently witnessed the aggressive rise of “Shanya,” a potent packer-as-a-service and EDR killer now fueling major ransomware operations. Emerging on underground forums in late 2024 under the alias “VX Crypt,” this tool was engineered to supersede previous…

  • Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability

    Next.js Released a Scanner to Detect and Update Apps Impacted by React2Shell Vulnerability A dedicated command-line tool, fix-react2shell-next, to help developers immediately detect and patch the critical “React2Shell” vulnerability (CVE-2025-66478). This new scanner offers a one-line solution to identify vulnerable versions of Next.js and React Server Components (RSC). Automatically apply the required security updates included in…

  • Hundreds of Porsche Cars Immobilized Following Malfunction in Installed Satellite Security System

    Hundreds of Porsche Cars Immobilized Following Malfunction in Installed Satellite Security System Owners of hundreds of Porsche vehicles across Russia are facing a sudden crisis: their high-performance cars have been rendered completely undrivable due to a widespread malfunction in the German automaker’s factory-installed alarm systems. Reports from the Rolf dealership network, Russia’s largest Porsche service…

  • LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak

    LockBit 5.0 Infrastructure Exposed in New Server, IP, and Domain Leak LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site. According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for illicit activities, the server…

  • Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs

    Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs In an escalating campaign targeting remote access infrastructure, threat actors have initiated active exploitation attempts against Palo Alto Networks’ GlobalProtect VPN portals. GrayNoise tracking activity report scans and exploitation efforts originating from more than 7,000 unique IP addresses worldwide, raising alarms for organizations…

  • Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions

    Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into executing privileged commands that…

  • New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads

    New FvncBot Android Banking Attacking Users to Log Keystrokes and Inject Malicious Payloads A dangerous new Android banking malware named FvncBot was first observed on November 25, 2025. This malicious tool is designed to steal sensitive financial information by logging keystrokes, recording screens, and injecting fake login pages into banking apps. The malware initially spreads through a…

  • 2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now

    2.15M Web Services Running Next.js Exposed Over Internet, Active Exploitation Underway – Patch Now A critical unauthenticated remote code execution vulnerability dubbed “React2Shell” is actively being exploited in the wild, putting millions of web services at risk. On December 3, React disclosed CVE-2025-55182, a critical flaw in React Server Components with a CVSS score of…

  • Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges

    Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited. The…

  • Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM

    Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies. The session will examine how an increasing number of incidents now…

  • Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing

    Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing Madison, United States, December 5th, 2025, CyberNewsWire Sprocket Security is proud to announce that it has once again been recognized by G2 for “High Performer,” “Best Support,” and “Easiest to Do Business With” in the Winter 2025 Relationship Index for Penetration…

  • Netflix Acquires Warner Bros. Studios and HBO in Landmark $82.7 Billion Megadeal

    Netflix Acquires Warner Bros. Studios and HBO in Landmark $82.7 Billion Megadeal Netflix has struck a transformative deal to acquire Warner Bros. studios, HBO, and HBO Max from Warner Bros. Discovery (WBD) in a cash-and-stock transaction valued at $82.7 billion. The move catapults Netflix into a content powerhouse, blending its streaming dominance with Warner’s storied…

  • Cloudflare Outage Hits Internet with 500 Internal Server Error

    Cloudflare Outage Hits Internet with 500 Internal Server Error Cloudflare has confirmed that it is currently experiencing a significant outage that is affecting the Cloudflare Dashboard and several Cloudflare API services. The issue began earlier today and has caused widespread disruptions for users who rely on Cloudflare’s management tools and automation features. According to Cloudflare,…

  • ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos

    ClayRat Android Malware Steals SMS Messages, Call Logs and Capture Victim Photos A dangerous new Android spyware variant called ClayRat has emerged as a significant threat to mobile device security worldwide. First identified in October by the zLabs team, this malware represents a concerning evolution in mobile threats with capabilities that allow attackers to gain…

  • Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer

    Beware of Solana Phishing Attacks That Let Hackers Initiate Unauthorized Account Transfer A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys. A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms.…

  • Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely

    Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monitoring infrastructure. The flaw, tracked as CVE-2025-66399, affects all versions up to 1.2.28 and stems from inadequate input validation in the…

  • Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions

    Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows non-administrator users to access sensitive…

  • Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code

    Hackers Actively Exploiting Worpress Plugin Vulnerability to Execute Remote Code A critical remote code execution vulnerability in the Sneeit Framework WordPress plugin has come under active exploitation by threat actors, posing an immediate risk to thousands of websites worldwide. The vulnerability, tracked as CVE-2025-6389 with a CVSS score of 9.8, exists in versions 8.3 and…

  • Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery

    Hackers Leverage Velociraptor DFIR Tool for Stealthy C2 & Ransomware Delivery Legitimate administrative tools are increasingly becoming the weapon of choice for sophisticated threat actors aiming to blend in with normal network activity. A recent campaign has highlighted this dangerous trend, where attackers are weaponizing Velociraptor, a widely respected Digital Forensics and Incident Response (DFIR)…

  • Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code

    Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a CVSS score of 7.8. The flaw…

  • Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted

    Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted Kohler’s $600 smart toilet camera system, marketed with promises of “end-to-end encryption,” does not actually implement the security standard as commonly understood in the cybersecurity industry, raising significant privacy concerns for users uploading intimate health data to the company’s servers. The Dekoda device, launched in…

  • Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers

    Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers A critical HTTP request smuggling vulnerability in Akamai’s edge server infrastructure has been successfully fixed. The vulnerability, identified as CVE-2025-66373, stemmed from improper processing of HTTP requests containing invalid chunk-encoded bodies, potentially exposing thousands of customers to sophisticated attacks. Understanding HTTP Chunked Transfer Encoding HTTP chunked…

  • BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters

    BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters Two sophisticated Linux rootkits are posing increasingly serious threats to network security by exploiting eBPF technology to hide their presence from traditional detection systems. BPFDoor and Symbiote, both originating from 2021, represent a dangerous class of malware that combines advanced kernel-level access with powerful evasion…

  • Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days

    Let’s Encrypt to Reduce Certificate Validity from 90 Days to 45 Days Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum Baseline Requirements. This…

  • Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence

    Threat Actors Leveraging Matanbuchus Malicious Downloader to Ransomware and Establish Persistence Matanbuchus represents a significant threat in the cybercriminal landscape as a dangerous malware downloader written in C++. Since 2020, this tool has been sold as Malware-as-a-Service, allowing threat actors to rent access and deploy it against targeted organizations. In July 2025, security researchers discovered…

  • Chrome 143 Released With Fix for 13 Vulnerabilities that Enable Arbitrary Code Execution

    Chrome 143 Released With Fix for 13 Vulnerabilities that Enable Arbitrary Code Execution Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac. This significant update addresses 13 security vulnerabilities, including several high-severity flaws that could allow attackers to execute arbitrary code or…

  • Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks

    Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks The development team has officially released essential security updates to address two significant vulnerabilities found in the popular web framework. These issues range from high to moderate severity. They could allow attackers to compromise database integrity or crash servers through resource exhaustion. The most critical flaw,…

  • Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration

    Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration Travel and hospitality industry leader Sonesta International Hotels partners with AccuKnox to deploy Zero Trust Integrated Application and Cloud Security [ASPM and CNAPP (Cloud Native Application Protection Platform)] for Microsoft Azure. AccuKnox, Inc., announced that Sonesta International Hotels has partnered with AccuKnox to deploy Zero…

  • Google Patches Android 0-Day Vulnerabilities Exploited in the Wild

    Google Patches Android 0-Day Vulnerabilities Exploited in the Wild Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under…

  • OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks

    OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads. The patches, included in the newly released version 2.6.17 and 2.7_rc3, fix issues ranging from…

  • 4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign

    4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign A sophisticated threat group operating under the name ShadyPanda has successfully compromised millions of browser users through a methodical seven-year campaign targeting popular Chrome and Edge extensions. The attack represents a significant breach of user trust, as the malicious extensions gained verified status…

  • India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones

    India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones India’s Department of Telecommunications (DoT) has ordered smartphone manufacturers to preload a government-backed cybersecurity app, “Sanchar Saathi,” on all new devices sold in the country. The order, issued privately on November 28, 2025, gives major players like Apple, Samsung, Xiaomi, Vivo, and Oppo 90 days to…

  • Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen

    Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen Microsoft has confirmed a bizarre user interface bug affecting Windows 11 version 24H2 devices that renders the password sign-in icon invisible on the lock screen. The issue, stemming from the August 2025 non-security preview update (KB5064081) and persisting in…

  • PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability

    PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious code or steal credentials.…

  • Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data

    Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data A threat actor known as “zestix” has claimed responsibility for a significant data breach affecting Mercedes-Benz USA (MBUSA), allegedly exfiltrating 18.3 GB of sensitive legal and customer information. The threat actor posted the dataset for sale on a dark web forum, pricing the complete…

  • CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks

    CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming that threat actors are actively weaponizing it in the wild. The security defect, identified as CVE-2021-26829, is a Cross-Site…

  • Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload

    Beware of Weaponized Google Meet Page uses ClickFix Technique to Deliver Malicious Payload A new, highly sophisticated malware campaign has been identified targeting remote workers and organizations through a fake Google Meet landing page. Hosted on the deceptive domain gogl-meet[.]com, this attack leverages the “ClickFix” social engineering technique to bypass traditional browser security controls and…

  • New Albiriox Malware Attacking Android Users to Take Complete Control of their Device

    New Albiriox Malware Attacking Android Users to Take Complete Control of their Device A sophisticated new Android malware family dubbed “Albiriox” has emerged on the cybercrime landscape, offering advanced remote access capabilities as a Malware-as-a-Service (MaaS). Identified by researchers at Cleafy, the malware is designed to execute On-Device Fraud (ODF) by granting attackers full control…

  • Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’

    Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ The 2025 holiday season has unleashed an unprecedented wave of cyber threats, with attackers deploying industrialized infrastructure to exploit the global surge in online commerce. This year’s threat landscape is characterized by a calculated expansion of deceptive digital assets, where criminals leverage automated tools…

  • French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls

    French Football Federation Reports Data Breach – Hackers Access Club Software Admin Controls The French Football Federation (FFF) has confirmed a significant cybersecurity incident resulting in the theft of personal data belonging to members and licensees. The federation revealed that cybercriminals had infiltrated the centralized administrative software used by football clubs across the country to…

  • Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals

    Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals The Handala hacker group has launched a targeted campaign against Israeli high-tech and aerospace professionals, marking a concerning shift in geopolitically motivated cyber operations. The group recently published a list of individuals working in these critical sectors, accompanied by hostile descriptions that falsely label them as criminals.…

  • Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach

    Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach The company has agreed to pay a $1.5 million fine to settle a Federal Communications Commission investigation into a data breach that exposed personal information from over 237,000 customers. Reuters reports that the FCC announced the settlement on…

  • Microsoft to Block External Scripts  in Entra ID Logins to Enhance Protections

    Microsoft to Block External Scripts  in Entra ID Logins to Enhance Protections Microsoft has announced a significant security upgrade to its Microsoft Entra ID authentication process, as part of the company’s broader Secure Future Initiative. Microsoft is updating its Content Security Policy (CSP) to block the execution of external scripts during user sign-ins. This proactive…

  • Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks

    Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks Polish authorities have arrested a Russian citizen suspected of conducting unauthorized cyberattacks against the computer networks of local organizations. The arrest marks a significant development in the country’s efforts to combat cybercrime targeting Polish and European businesses. On November 16, 2025, officers from the…

  • Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets

    Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded GitHub with spam repositories, new…

  • London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines

    London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines Three West London councils are struggling with significant disruption to IT systems and phone lines after a cyberattack on a shared services provider, which officials are publicly describing only as an “IT incident”. The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC),…

  • Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads

    Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure. Recent security analysis reveals a concerning trend where threat actors are systematically targeting network operators, media platforms, and broadcasting services to…

  • OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed

    OpenAI Discloses Mixpanel Data Breach – Name, Email Address and Operating System Details Exposed The company has publicly revealed a security incident involving Mixpanel, a third-party analytics provider previously used to monitor activity on platform.openai.com, the frontend for its API product. The company emphasized transparency in its announcement, assuring users that the breach did not compromise…

  • Threat Actors Allegedly Listed iOS 26 Full‑Chain 0‑Day Exploit on Dark Web

    Threat Actors Allegedly Listed iOS 26 Full‑Chain 0‑Day Exploit on Dark Web A threat actor operating under the alias ResearcherX has posted what they claim to be a full‑chain zero‑day exploit targeting Apple’s recently released iOS 26 operating system. The listing, which appeared on a prominent dark web marketplace, alleges that the exploit leverages a…

  • Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents

    Hackers Exploiting Fake Battlefield 6 Popularity to Deploy Stealers and C2 Agents Since its release in October, Battlefield 6 has become one of the year’s most anticipated game launches. However, cybercriminals have quickly seized on this popularity to distribute malicious software. Attackers have created fake cracked versions of the game and fraudulent game trainers, spreading…

  • Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware

    Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware Cybercriminals are successfully targeting Apple users through a sophisticated social engineering scheme that tricks victims into running harmful commands on their computers. The threat, called FlexibleFerret, is attributed to North Korean operators and represents a continuing evolution of the Contagious Interview campaign…

  • Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks

    Tor Adopts Galois Onion Encryption to Strengthen Defense Against Online Attacks The Tor Project has announced a significant cryptographic overhaul, retiring its legacy relay encryption algorithm after decades of service and replacing it with Counter Galois Onion (CGO). This research-backed encryption design defends against a broader class of sophisticated online attackers. Tor’s relay encryption serves…

  • HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#’

    HashJack: New Attack Technique Tricks AI Browsers Using a Simple ‘#’ Security researchers at Cato CTRL have discovered a new indirect prompt injection technique called HashJack, which weaponises legitimate websites to manipulate AI browser assistants. The attack conceals malicious instructions after the “#” symbol within trusted URLs, enabling threat actors to conduct a wide range of…

  • Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed

    Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed Microsoft has announced a significant update to the Teams Desktop Client for Windows that aims to enhance performance and reduce startup times for calling features. The update, detailed in the Message Center notification MC1189656 published on November 25, 2025, introduces a new process architecture…

  • ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access

    ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions…

  • YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules

    YAMAGoya – Real-Time Threat Monitoring Tool Using Sigma and YARA Rules Modern cybersecurity faces an escalating challenge: fileless malware and obfuscation techniques increasingly bypass traditional file-based detection methods. To address this growing threat, JPCERT/CC has released YAMAGoya. This open-source threat hunting tool leverages industry-standard detection rules to identify suspicious activity in real time. YAMAGoya represents…

  • Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack

    Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the notorious Clop ransomware gang, has impacted dozens of major organizations worldwide. The group listed Canon…

  • HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials

    HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an…

  • Top 10 Best Exposure Management Tools In 2026

    Top 10 Best Exposure Management Tools In 2026 Exposure Management is a proactive cybersecurity discipline that systematically identifies, assesses, prioritizes, and remediates security vulnerabilities and misconfigurations across an organization’s entire attack surface both internal and external. Unlike traditional, periodic vulnerability scanning, EM leverages continuous monitoring, threat intelligence, and a holistic, graph-based view of risk to…

  • Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely

    Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The flaw stems from the tool connecting to dropped Azure Blob storage accounts that attackers could register and control.​ How…