According to security researchers at CERT Orange Cyberdefense, a critical remote code execution (RCE) vulnerability in Craft CMS is actively being exploited to breach servers and steal data. The vulnerability, tracked as CVE-2025-32432 and assigned a maximum CVSS score of…
Category: Cyber Security News
Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code
ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability, identified as CVE-2025-3935 and tracked under CWE-287 (Improper Authentication),…
Threat Actors Registered 26k+ Domains Mimic Brands to Trick Users
In a significant escalation of digital deception tactics, threat actors have registered over 26,000 domains in March 2025 alone, designed to impersonate legitimate brands and government services. These malicious domains serve as landing pages for sophisticated smishing (SMS phishing) campaigns,…
New Inception Jailbreak Attack Bypasses ChatGPT, DeepSeek, Gemini, Grok, & Copilot
A pair of newly discovered jailbreak techniques has exposed a systemic vulnerability in the safety guardrails of today’s most popular generative AI services, including OpenAI’s ChatGPT, Google’s Gemini, Microsoft’s Copilot, DeepSeek, Anthropic’s Claude, X’s Grok, MetaAI, and MistralAI. These jailbreaks,…
Russian Hackers Attempting to Sabotage The Digital Control System of a Dutch Public Service
In a concerning development that marks a significant escalation in cyber warfare tactics, Russian hackers have been detected attempting to infiltrate and sabotage the digital control system of a critical Dutch public service. The attack, identified in 2024, represents the…
North Korean Hackers Using GenAI to Get Remote Jobs Around the Globe
In a sophisticated operation that blends social engineering with cutting-edge technology, North Korean operatives have been leveraging generative artificial intelligence tools to secure remote technical positions in companies worldwide. These individuals create compelling digital personas, complete with fabricated credentials and…
6 Best Security Awareness Training Platforms For MSPs in 2025
Managed service providers (MSPs) are increasingly popular cyberattack targets. These entities often have numerous endpoints and distributed networks that create many opportunities for adversaries seeking weaknesses to exploit. Security awareness training is just one aspect of defense efforts, but it…
Hackers Exploiting MS-SQL Servers & Deploy Ammyy Admin for Remote Access
A sophisticated cyberattack campaign targeting vulnerable Microsoft SQL servers has been discovered, aiming to deploy remote access tools and privilege escalation malware. Security researchers have identified that threat actors are specifically exploiting poorly secured MS-SQL instances to install Ammyy Admin,…
Chrome Use-After-Free Vulnerabilities Exploited in the Wild
Google Chrome has faced a series of high-profile security incidents involving Use-After-Free (UAF) vulnerabilities, several of which have been actively exploited in the wild. These flaws, rooted in improper memory management, have become a persistent threat vector for attackers seeking…
SessionShark’ – New Toolkit Attacking Microsoft Office 365 Users’ Bypassing MFA Protections
A sophisticated new phishing toolkit named “SessionShark” has been specifically designed to circumvent Microsoft Office 365’s multi-factor authentication (MFA) protections. SessionShark is being marketed on underground forums as a turnkey phishing-as-a-service (PhaaS) solution. It enables even low-skilled threat actors to…
159 CVEs Exploited in The Wild in Q1 2025, 8.3% of Vulnerabilities Exploited Within 1-Day
In the first quarter of 2025, cybersecurity researchers documented an alarming surge in vulnerability exploitation, with 159 Common Vulnerabilities and Exposures (CVEs) being exploited in the wild. This remarkable figure represents a concerning trend as malicious actors continue to rapidly…
FBI To Offer Reward Up to $10 Million Any Information on Salt Typhoon Hackers
The Federal Bureau of Investigation announced today an unprecedented $10 million reward for actionable intelligence leading to the identification and capture of key operatives behind the infamous Salt Typhoon cyber campaign. This significant cybersecurity effort targets a sophisticated hacking group…
Hackers Allegedly Breach TikTok, Exposing Over 900,000 Usernames & Passwords
A hacking collective identifying itself as R00TK1T has claimed responsibility for a massive data breach affecting TikTok, allegedly exposing the credentials of more than 900,000 users. According to the group’s statements, they have released a sample of 927,000 TikTok user…
New Reports Reveals How AI is Boosting the Phishing Attack Rapidly With More Accuracy
Cybercriminals have dramatically evolved their phishing tactics, leveraging generative AI to create highly personalized and convincing attacks, according to the newly released ThreatLabz 2025 Phishing Report. The days of mass phishing campaigns have given way to hyper-targeted scams designed to…
North Korean APT Hackers Create Companies to Deliver Malware Strains Targeting Job Seekers
A sophisticated North Korean advanced persistent threat (APT) group known as “Contagious Interview” has established elaborate fake cryptocurrency consulting companies to target job seekers with specialized malware. The group, a subunit of the infamous North Korean state-sponsored Lazarus Group, has…
Microsoft’s Symlink Patch Created New Windows DoS Vulnerability
A recent Microsoft security update, intended to patch a critical privilege escalation vulnerability, has inadvertently introduced a new and significant flaw. The fix now enables non-administrative users to effectively block all future Windows security updates, creating a denial-of-service condition. This…
Russian VPS Servers With RDP, Proxy Servers Fuel North Korean Cybercrime Operations
North Korea’s cybercrime operations have significantly expanded beyond the limited 1,024 IP addresses assigned to their national network through an elaborate scheme involving Russian infrastructure. According to recent findings, five Russian IP ranges, primarily located in the border towns of…
Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid
A serious vulnerability related to information exposure (CVE-2025-22234) impacts several versions of the spring-security-crypto package. The flaw enables attackers to determine valid usernames through timing attacks, undermining a key security feature designed to prevent user enumeration. The vulnerability affects Spring…
Verizon DBIR Report – Small Businesses Emerges as Prime Targets for Ransomware Attacks
Verizon’s 2025 Data Breach Investigations Report (DBIR) has revealed a disturbing trend: small and medium-sized businesses (SMBs) have become disproportionately targeted by ransomware attacks. The comprehensive report, analyzing over 22,000 security incidents including 12,195 confirmed data breaches, found ransomware present…
Threat Actors Attacking Organization in Thailand to Deploy Ransomware
Thailand has emerged as a significant target for sophisticated ransomware attacks, with a dramatic 240% increase in cyber campaigns recorded in 2024 compared to the previous year. This surge reflects heightened geopolitical tensions and strategic interest in Thailand’s expanding digital…
SAP NetWeaver 0-day Vulnerability Exploited in the Wild to Deploy Webshells
A wave of targeted cyberattacks has exposed a previously unknown vulnerability in SAP NetWeaver, allowing attackers to deploy malicious JSP webshells and gain unauthorized access to enterprise systems, even those running the latest patches. In April 2025, security researchers at…
U.S. Secret Service Details on How to Spot a Credit Card Skimmer
The U.S. Secret Service Washington Field Office (WFO) has issued an advisory on identifying credit card skimming devices, calling this form of financial theft a “low-risk, high-reward crime that is on the rise across the country.” Following the recent Operation…
Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents
ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The security platform incorrectly flagged benign files as malicious, leading to their automatic submission to ANY.RUN’s public sandbox for analysis. As a result,…
Lazarus APT Attacking Organizations by Exploiting One-Day vulnerabilities
Cybersecurity experts have identified a sophisticated campaign by the North Korean state-sponsored Lazarus APT group targeting critical infrastructure and financial organizations worldwide. The threat actor has shifted tactics to exploit recently patched vulnerabilities—known as one-day vulnerabilities—before organizations can implement necessary…
Threat Actors Taking Advantage of Unsecured Kubernetes Clusters for Cryptocurrency Mining
In a troubling development for cybersecurity professionals, threat actors are increasingly targeting unsecured Kubernetes clusters to deploy cryptocurrency mining operations, leveraging the computational resources of victim organizations without their knowledge. These attacks exploit vulnerabilities in containerized environments, particularly focusing on…
Linux io_uring Security Blind Spot Let Attackers Stealthily Deploy Rootkits
A critical vulnerability exists in Linux’s security framework, revealing that many runtime security tools struggle to detect threats operating via the io_uring interface. This discovery exposes a critical gap in protection for Linux-based systems across cloud environments and data centers…
CISA Confirms Continued Support for CVE Program, No Funding Issues
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy due to funding shortages. CISA clarified that…
New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT
Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverages an older Microsoft Office vulnerability (CVE-2017-0199) to ultimately deliver AsyncRAT, a remote access trojan capable…
ToyMaker Hackers Compromised Multitude Hosts Using SSH & File Transfer Tools
In 2023, cybersecurity experts uncovered an extensive compromise in critical infrastructure enterprises by a sophisticated threat actor group. This initial access broker, dubbed “ToyMaker,” systematically exploited vulnerable internet-facing systems before deploying custom backdoors to extract credentials from victim organizations. Their…
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication. The flaw, discovered by a researcher “rainpwn” and officially disclosed on April 22, 2025, exposes…
Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue. The proof-of-concept exploit code has been released, enabling attackers to create administrator accounts by exploiting an internal…
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell
Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 2024, leveraged CVE-2025-0282 to deploy multiple malicious tools, including a custom malware called DslogdRAT and a…
NVIDIA NeMo Framework Vulnerability Let Attackers Execute Remote Code
There are three high-severity vulnerabilities in the NVIDIA NeMo Framework that could allow attackers to execute remote code, potentially compromising AI systems and leading to data tampering. The security flaws, identified as CVE-2025-23249, CVE-2025-23250, and CVE-2025-23251, each received a CVSS…
Critical Langflow Vulnerability Allows Malicious Code Injection – Technical Details Revealed
Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows. Designated as CVE-2025-3248, this high-severity vulnerability carries a CVSS score of 9.8, placing it in…
Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released
A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform. The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. The…
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433). The flaw, which carries a maximum CVSSv3.1 score of 10.0,…
Threat Actors Turn More Sophisticated & Exploiting Zero-Day Vulnerabilities – Google Warns
Cybersecurity defenders face increasingly sophisticated adversaries as threat actors continue evolving their methods to circumvent modern defense systems. According to the newly released M-Trends 2025 report, attackers are demonstrating enhanced capabilities to create custom malware ecosystems, identify and exploit zero-day…
Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes
A high-severity vulnerability in Redis, the popular open-source in-memory data structure store, that could allow unauthenticated attackers to cause denial-of-service conditions by exhausting server memory. Tracked as CVE-2025-21605 with a CVSS score of 7.5, this vulnerability affects all Redis versions…
GitLab Security Update – Patch for XSS, DoS & Account Takeover Vulnerabilities
GitLab has released critical security patches addressing multiple high-severity vulnerabilities in its platform, highlighting robust security measures amid increasing cyber threats. The company has issued patch versions 17.11.1, 17.10.5, and 17.9.7 for both Community Edition (CE) and Enterprise Edition (EE).…
Blue Shield Leaked Health Info of 4.7M patients with Google Ads
Blue Shield of California has disclosed a significant data breach affecting 4.7 million members, representing the majority of its nearly 6 million customers. The health insurance provider revealed that protected health information (PHI) was inadvertently shared with Google’s advertising platforms…
SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances
SonicWall has disclosed a critical security vulnerability in its SSLVPN service that allows unauthenticated remote attackers to crash affected firewall appliances, potentially causing significant disruptions to enterprise networks. The vulnerability, tracked as CVE-2025-32818, received a high severity CVSS score of…
Threat Actors Using Weaponized SVG Files to Redirect Users to Malicious Websites
Phishing campaigns have evolved significantly in 2025, with threat actors increasingly leveraging unconventional file formats to bypass security solutions. A particularly concerning trend involves the weaponization of Scalable Vector Graphics (SVG) files, which are being embedded with malicious JavaScript code…
1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities
A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors. The spike, registering more than 230 unique IP addresses probing ICS/IPS endpoints…
Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities
Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform products. The initiative, announced by Microsoft Security Response, aims to…
Building a Cyber-Aware Culture – CISO’s Step-by-Step Plan
A cyber-aware culture is the backbone of any resilient organization in today’s digital world. As cyber threats become more advanced and frequent, safeguarding sensitive data and systems can no longer rest solely with IT departments. Chief Information Security Officers (CISOs)…
Beyond Compliance – How VPs of Security Drive Strategic Cybersecurity Initiatives
In an era where cyber threats evolve faster than regulatory frameworks, Vice Presidents (VPs) of Security are redefining their roles from compliance enforcers to strategic business leaders. While adherence to standards like GDPR and HIPAA remains critical, forward-thinking security executives…
Critical Commvault RCE Vulnerability Lets Remote Attackers Execute Arbitrary Code
A significant security vulnerability (CVE-2025-34028) has been discovered in Commvault Command Center Innovation Release, enabling unauthenticated attackers to execute arbitrary code remotely. The vulnerability, which carries a high CVSS score of 9.0, affects explicitly version 11.38 of the Command Center…
WhatsApp’s New Advanced Chat Privacy Feature to Protect Sensitive Conversations
WhatsApp has announced the rollout of its new “Advanced Chat Privacy” feature, designed to give users greater control over the confidentiality of their conversations. Building on its foundation of end-to-end encryption, which ensures that only the sender and recipient can…
Ripple XPRL Official NPM Package Hijacked To Inject Private Key Stealing Malware
A significant supply chain attack targeting cryptocurrency users. The official XRPL (Ripple) NPM package, which serves as the JavaScript SDK for the XRP Ledger, was compromised with malicious code designed to steal cryptocurrency private keys, potentially affecting hundreds of thousands…
The Evolving Role of the CISO – Balancing Risk and Innovation in the Digital Age
The Evolving role of the Chief Information Security Officer (CISO) has transcended its roots in technical oversight to become a cornerstone of organizational strategy. As digital transformation accelerates, fueled by cloud computing, artificial intelligence, and IoT, CISOs grapple with a…
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection
In the rapidly evolving world of cybersecurity, organizations are confronted with increasingly sophisticated threats that demand a coordinated and multi-layered defense approach. The days of relying on isolated security tools are long gone, as modern attack vectors now target various…
FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code
A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective. The vulnerability, tracked as CVE-2025-0618, was disclosed today and highlights the ongoing challenges in…
Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds
Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval. These critical flaws, discovered in wallets including Stellar Freighter, Frontier Wallet, and Coin98, represent a significant shift in attack vectors against crypto…
Synology Network File System Vulnerability Let Read Any File
A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization. The vulnerability, tracked as CVE-2025-1021 and detailed in…
Hackers Weaponized Google Forms to Evade Email Security & Steal Logins
Google Forms, the tech giant’s widely used survey tool, has become a favored weapon in cybercriminals’ arsenal. It enables them to bypass sophisticated email security filters and harvest sensitive credentials. Security researchers have identified a surge in attacks that leverage…
How Script-based Malware Attacks Work: Modern Examples
Script-based malware is malicious software written in scripting languages like JavaScript, Python, PowerShell, or VBScript. Unlike traditional malware that relies on compiled executables, script-based malware leverages scripts that execute as human-readable code interpreted at runtime Scripts have become increasingly popular…
Hackers Exploiting Microsoft 365 OAuth Workflows to Target Organizations
A new campaign by Russian threat actors. These actors are exploiting legitimate Microsoft OAuth 2.0 authentication workflows to compromise targeted organizations. Since early March 2025, these sophisticated attacks have primarily focused on individuals and organizations with ties to Ukraine and…
Understanding Cyber Risk Appetite – A CISO’s Approach to Risk Management
Cyber risk appetite represents the amount and type of cyber risk an organization is willing to accept to pursue its strategic objectives. In today’s complex digital landscape, understanding and effectively communicating cyber risk appetite has become a critical leadership function…
Why CISOs and CTOs Must Collaborate More Than Ever in Today’s Security Landscape
The pace of technological change in today’s business environment is unprecedented. Organizations are racing to adopt cloud computing, artificial intelligence, and automation to stay competitive, while cyber threats grow in sophistication and frequency. This dual reality means that innovation and…
New Malware Hijacking Docker Images with Unique Obfuscation Technique
A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado Security Labs have analyzed this campaign, revealing both the technical…
RBI Directs All Indian Banks to Transition to .bank.in Domains
The Reserve Bank of India (RBI) has issued a directive requiring all banking institutions in the country to migrate their web presence to the new .bank.in domain by October 31, 2025. This landmark cybersecurity initiative aims to create a more…
Marks & Spencer Confirms a Cyberattack Hits Payments & Online Orders
British retail giant Marks & Spencer (M&S) has confirmed it is dealing with a significant cyber incident that has disrupted contactless payment systems and its Click and Collect service, leaving customers frustrated during the Easter holiday period. The attack, which…
Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents
Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Windows users. The attack exploits a well-known vulnerability to deploy FormBook, a dangerous malware variant designed…
Zyxel Patches Privilege Management Vulnerabilities in USG FLEX H Series Firewalls
Zyxel Networks has released critical security patches to address two high-severity vulnerabilities in its USG FLEX H series firewalls that could potentially allow attackers to escalate privileges and gain unauthorized access to affected devices. The security advisory, published on April…
From Response to Resilience – Shifting the CISO Mindset in Times of Crisis
In an era where cyber threats evolve faster than defense mechanisms, Chief Information Security Officers (CISOs) must transition their leadership approach from response to resilience. The traditional focus on prevention and rapid response is no longer sufficient; resilience has emerged…
Hackers Attacking Organization With New Malware Mimic as Networking Software Updates
A sophisticated backdoor targeting various large Russian organizations across government, finance, and industrial sectors has been uncovered during a cybersecurity investigation in April 2025. The malware, which masquerades as legitimate updates for ViPNet secure networking software, enables attackers to steal…
The Role of AI in Modernizing Cybersecurity Programs – Insights for Security Leaders
In the face of relentless cyber threats and an ever-expanding digital attack surface, security leaders are under growing pressure to modernize their cybersecurity programs by leveraging AI in cybersecurity to enhance detection, response, and overall resilience. Artificial Intelligence (AI) has…
CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB. These advisories, published on April 22, 2025, provide detailed information on security flaws, associated…
ChatGPT Creates Working Exploit for CVEs Before Public PoCs Released
In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…
New Cookie-Bite Attack Let Hackers Bypass MFA & Maintain Access to Cloud Servers
A sophisticated attack technique dubbed “Cookie-Bite” enables cybercriminals to silently bypass multi-factor authentication (MFA) and maintain persistent access to cloud environments. Varonis Threat Labs revealed that attackers leverage stolen browser cookies to impersonate legitimate users without requiring credentials, effectively rendering…
Google Cloud Composer Vulnerability Let Attackers Elevate Their Privileges
A critical privilege-escalation vulnerability in Google Cloud Platform (GCP), dubbed “ConfusedComposer,” could have allowed attackers to gain elevated permissions to sensitive cloud resources. The vulnerability, now patched, enabled attackers with minimal permissions to potentially gain control over a highly privileged…
ChatGPT Creates Working Exploit for CVE’s Before Public PoCs Released
In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…
How to Secure the Extended Enterprise – CISO Insights on Third-Party Risk
Modern organizations rely on a sprawling network of third-party vendors, suppliers, and partners to drive innovation and operational efficiency. However, this interconnected ecosystem introduces significant cybersecurity risks. As attack surfaces expand, malicious actors increasingly target weaker links in the supply…
Malicious npm Packages Attacking Linux Developers to Install SSH Backdoors
A concerning new supply chain attack has emerged targeting Linux developers who work with Telegram’s bot ecosystem. Discovered in early 2025, several malicious npm packages have been masquerading as legitimate Telegram bot libraries to deliver SSH backdoors and exfiltrate sensitive…
Hackers Abuse Cloudflare Tunnel Infrastructure to Deliver Multiple RATs
Cybersecurity experts have identified a sophisticated attack campaign exploiting Cloudflare’s tunnel infrastructure to distribute various remote access trojans (RATs). The infrastructure, which has demonstrated remarkable resilience since February 2024, serves as a distribution platform for malicious files and trojans that…
Beyond SSL: Advanced Cyber Security Tools Every eCommerce Site Needs
In an era where online shopping has become second nature and eCommerce revenues are breaking new records every year, the trust between customer and vendor is more than just a matter of reputation it’s a matter of survival. That trust…
New Magecart Attack With Malicious JavaScript Steals Credit Card Data
A sophisticated Magecart attack campaign has been discovered targeting e-commerce platforms, employing heavily obfuscated JavaScript code to harvest sensitive payment information. This latest variant of Magecart skimming attacks exhibits advanced techniques for evading detection while seamlessly capturing credit card details…
FBI Warns of Scammers Mimic as IC3 Employees to Defraud Individuals
The Federal Bureau of Investigation (FBI) has issued an urgent warning about a sophisticated phishing campaign where cybercriminals impersonate Internet Crime Complaint Center (IC3) employees to defraud individuals. This new threat emerged in early April 2025, targeting victims through convincing…
Cybersecurity Indicators: How IOCs, IOBs, and IOAs Empower Threat Detection & Prevention
In Cybersecurity indicators, three powerful tools Indicators of Compromise (IOCs), Indicators of Behavior (IOBs), and Indicators of Attack (IOAs) are helping organizations detect threats early and respond more effectively. These indicators offer crucial insights into malicious activity, empowering security teams…
Security Metrics Every CISO Needs to Report to the Board in 2025
In today’s rapidly evolving digital landscape, cybersecurity is no longer just a technical concern; it’s a strategic business priority. As organizations become more interconnected and cyber threats grow in complexity, boards of directors demand greater transparency and accountability from their…
Criminal IP Set to Unveil Next-Gen Threat Intelligence at RSAC™ 2025
Joining Criminal IP at Booth S-634 | South Expo, Moscone Center | April 28 – May 1, 2025 Criminal IP, the global cybersecurity platform specializing in AI-powered threat intelligence and OSINT-based data analytics, will exhibit at RSAC 2025 Conference, held…
Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials
In a concerning development for the open-source community, several malicious packages on npm and PyPI repositories have been discovered posing as legitimate developer tools while secretly harvesting cryptocurrency wallet credentials. These packages, which have accumulated thousands of downloads collectively, demonstrate…
Chrome To Add New “Protect your IP address” Settings With Incognito Tracking Protections
Google Chrome is preparing to roll out a major privacy update with the introduction of a new “Incognito tracking protections” page, designed to give users more control and transparency over their data while browsing privately. A recent update mentioned by…
Strategic Cybersecurity Budgeting – CISO Best Practices
In today’s rapidly evolving threat landscape, Chief Information Security Officers (CISOs) face the challenge of securing their organizations with finite resources against virtually unlimited threats. Strategic cybersecurity budgeting has emerged as a critical leadership function beyond simple cost allocation. Effective…
Samsung One UI Security Flaw Exposes Users Data in Plain Text With No Expiration!
A critical security vulnerability in Samsung’s One UI system has been discovered, exposing millions of users’ sensitive information through the clipboard functionality. Security researchers have identified that Samsung devices running Android 9 or later store all clipboard content—including passwords, banking…
Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation
Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. This latest iteration represents a significant evolution in the malware’s capabilities, with…
Hackers Leverage Windows MS Utility Tool to Inject Malicious DLL Payload
Threat actors are increasingly exploiting mavinject.exe, a legitimate Microsoft utility, to bypass security controls and compromise systems. This sophisticated attack technique allows hackers to hide malicious activity behind trusted Windows processes. Mavinject.exe is the Microsoft Application Virtualization Injector, designed to…
New Rust Botnet Hijacking Routers to Inject Commands Remotely
A sophisticated new botnet malware written in the Rust programming language has been discovered targeting vulnerable router devices worldwide. Dubbed “RustoBot” due to its Rust-based implementation, this malware exploits critical vulnerabilities in TOTOLINK and DrayTek router models to execute remote…
Microsoft Boosts MSA Signing Service Security on Azure Following Storm-0558 Breach
In a significant security enhancement following last year’s high-profile Storm-0558 breach, Microsoft has completed the migration of its Microsoft Account (MSA) signing service to Azure confidential VMs. This development, detailed in Microsoft’s April 2025 Secure Future Initiative (SFI) progress report,…
Sophisticated WordPress Ad-fraud Plugins Generated 1.4 Billion Ad Requests Per Day
A major ad fraud operation known as “Scallywag” has been generating a staggering 1.4 billion fraudulent ad requests daily at its peak through deceptive WordPress plugins designed to monetize piracy websites. The sophisticated scheme, recently disrupted by HUMAN’s Satori Threat…
CISA Warns Threat Hunting Staff to Stop Using Censys & VirusTotal
Hundreds of Cybersecurity and Infrastructure Security Agency (CISA) staff were notified this week that the organization is discontinuing critical cybersecurity tools used for threat hunting operations. Amid broader reductions across the cyber defense agency, CISA’s threat hunting division plans to…
HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication
A critical vulnerability in Hewlett Packard Enterprise‘s Performance Cluster Manager has been identified, enabling attackers to remotely bypass authentication safeguards. The flaw, formally documented as CVE-2025-27086 with a high severity CVSS 3.1 score of 8.1, affects all HPCM versions up…
Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation
A security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation. Tracked as CVE-2025-21204, this vulnerability allows local attackers to gain SYSTEM-level access by manipulating…
Why CISOs Are Betting Big on AI, Automation & Zero Trust
CISOs are betting big on modern defenses as hybrid work, cloud migration, and advanced threats make traditional security frameworks obsolete. Ransomware, phishing, and AI-powered attacks now threaten data integrity and organizational survival. With global cybercrime costs projected to exceed $10…
Patching Vulnerabilities Faster Reduces Risks & Lower Cyber Risk Index
A significant correlation between vulnerability patching speed and reduced cybersecurity risks has emerged according to groundbreaking research released on March 25, 2025. Organizations implementing rapid patching protocols experienced a measurable decrease in their Cyber Risk Index (CRI), demonstrating the critical…
MITRE Launches New D3FEND CAD Tool to Create Precise Cybersecurity Scenarios
MITRE has officially launched its innovative Cyber Attack-Defense (CAD) tool as part of the comprehensive D3FEND 1.0 release. This new tool enables security practitioners to create structured, detailed cybersecurity scenarios grounded in the D3FEND ontology, transforming how organizations model and…
Bridging the Gap – CISOs and CIOs Driving Tech-Driven Security
In today’s hyper-connected business landscape, the convergence of technology and security has never been more critical. As organizations accelerate digital transformation, the roles of Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) have become increasingly intertwined. CISOs are…
The Psychology of Social Engineering – What Security Leaders Should Know
The Psychology of Social engineering is a persistent cybersecurity threat because it exploits the most unpredictable element: human behavior. Unlike technical exploits that attack system vulnerabilities, social engineering bypasses sophisticated defenses by manipulating people into breaking standard security procedures. Understanding…
WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently
Cybersecurity researchers have discovered a critical vulnerability in WinZip that enables attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, potentially allowing malicious code to execute without warning on victims’ computers. This serious security flaw, tracked as CVE-2025-33028, affects WinZip installations…
Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users
Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of…