Category: Cyber Security News

Threat Actors Registered 26k+ Domains Mimic Brands to Trick Users

In a significant escalation of digital deception tactics, threat actors have registered over 26,000 domains in March 2025 alone, designed to impersonate legitimate brands and government services. These malicious domains serve as landing pages for sophisticated smishing (SMS phishing) campaigns,…

North Korean Hackers Using GenAI to Get Remote Jobs Around the Globe

In a sophisticated operation that blends social engineering with cutting-edge technology, North Korean operatives have been leveraging generative artificial intelligence tools to secure remote technical positions in companies worldwide. These individuals create compelling digital personas, complete with fabricated credentials and…

6 Best Security Awareness Training Platforms For MSPs in 2025

Managed service providers (MSPs) are increasingly popular cyberattack targets. These entities often have numerous endpoints and distributed networks that create many opportunities for adversaries seeking weaknesses to exploit. Security awareness training is just one aspect of defense efforts, but it…

Chrome Use-After-Free Vulnerabilities Exploited in the Wild

Google Chrome has faced a series of high-profile security incidents involving Use-After-Free (UAF) vulnerabilities, several of which have been actively exploited in the wild.  These flaws, rooted in improper memory management, have become a persistent threat vector for attackers seeking…

Microsoft’s Symlink Patch Created New Windows DoS Vulnerability

A recent Microsoft security update, intended to patch a critical privilege escalation vulnerability, has inadvertently introduced a new and significant flaw.  The fix now enables non-administrative users to effectively block all future Windows security updates, creating a denial-of-service condition.  This…

Lazarus APT Attacking Organizations by Exploiting One-Day vulnerabilities

Cybersecurity experts have identified a sophisticated campaign by the North Korean state-sponsored Lazarus APT group targeting critical infrastructure and financial organizations worldwide. The threat actor has shifted tactics to exploit recently patched vulnerabilities—known as one-day vulnerabilities—before organizations can implement necessary…

CISA Confirms Continued Support for CVE Program, No Funding Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed its strong commitment to the Common Vulnerabilities and Exposures (CVE) Program, following recent public reports that inaccurately suggested the program was in jeopardy due to funding shortages. CISA clarified that…

New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT

Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverages an older Microsoft Office vulnerability (CVE-2017-0199) to ultimately deliver AsyncRAT, a remote access trojan capable…

ToyMaker Hackers Compromised Multitude Hosts Using SSH & File Transfer Tools

In 2023, cybersecurity experts uncovered an extensive compromise in critical infrastructure enterprises by a sophisticated threat actor group. This initial access broker, dubbed “ToyMaker,” systematically exploited vulnerable internet-facing systems before deploying custom backdoors to extract credentials from victim organizations. Their…

Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released

A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue.  The proof-of-concept exploit code has been released, enabling attackers to create administrator accounts by exploiting an internal…

Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released

A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform.  The vulnerability, tracked as CVE-2025-34028, could allow attackers to compromise enterprise backup systems without requiring authentication, potentially putting organizations’ most critical data at risk. The…

Blue Shield Leaked Health Info of 4.7M patients with Google Ads

Blue Shield of California has disclosed a significant data breach affecting 4.7 million members, representing the majority of its nearly 6 million customers.  The health insurance provider revealed that protected health information (PHI) was inadvertently shared with Google’s advertising platforms…

Building a Cyber-Aware Culture – CISO’s Step-by-Step Plan

A cyber-aware culture is the backbone of any resilient organization in today’s digital world. As cyber threats become more advanced and frequent, safeguarding sensitive data and systems can no longer rest solely with IT departments. Chief Information Security Officers (CISOs)…

FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code

A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective. The vulnerability, tracked as CVE-2025-0618, was disclosed today and highlights the ongoing challenges in…

Synology Network File System Vulnerability Let Read Any File

A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization.  The vulnerability, tracked as CVE-2025-1021 and detailed in…

How Script-based Malware Attacks Work: Modern Examples

Script-based malware is malicious software written in scripting languages like JavaScript, Python, PowerShell, or VBScript. Unlike traditional malware that relies on compiled executables, script-based malware leverages scripts that execute as human-readable code interpreted at runtime  Scripts have become increasingly popular…

New Malware Hijacking Docker Images with Unique Obfuscation Technique

A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado Security Labs have analyzed this campaign, revealing both the technical…

Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents

Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Windows users. The attack exploits a well-known vulnerability to deploy FormBook, a dangerous malware variant designed…

CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB.  These advisories, published on April 22, 2025, provide detailed information on security flaws, associated…

ChatGPT Creates Working Exploit for CVEs Before Public PoCs Released

In a development that could transform vulnerability research, security researcher Matt Keeley demonstrated how artificial intelligence can now create working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are available. Keeley used GPT-4 to develop a functional exploit for…

New Cookie-Bite Attack Let Hackers Bypass MFA & Maintain Access to Cloud Servers

A sophisticated attack technique dubbed “Cookie-Bite” enables cybercriminals to silently bypass multi-factor authentication (MFA) and maintain persistent access to cloud environments. Varonis Threat Labs revealed that attackers leverage stolen browser cookies to impersonate legitimate users without requiring credentials, effectively rendering…

Google Cloud Composer Vulnerability Let Attackers Elevate Their Privileges

A critical privilege-escalation vulnerability in Google Cloud Platform (GCP), dubbed “ConfusedComposer,” could have allowed attackers to gain elevated permissions to sensitive cloud resources.  The vulnerability, now patched, enabled attackers with minimal permissions to potentially gain control over a highly privileged…

Hackers Abuse Cloudflare Tunnel Infrastructure to Deliver Multiple RATs

Cybersecurity experts have identified a sophisticated attack campaign exploiting Cloudflare’s tunnel infrastructure to distribute various remote access trojans (RATs). The infrastructure, which has demonstrated remarkable resilience since February 2024, serves as a distribution platform for malicious files and trojans that…

New Magecart Attack With Malicious JavaScript Steals Credit Card Data

A sophisticated Magecart attack campaign has been discovered targeting e-commerce platforms, employing heavily obfuscated JavaScript code to harvest sensitive payment information. This latest variant of Magecart skimming attacks exhibits advanced techniques for evading detection while seamlessly capturing credit card details…

FBI Warns of Scammers Mimic as IC3 Employees to Defraud Individuals

The Federal Bureau of Investigation (FBI) has issued an urgent warning about a sophisticated phishing campaign where cybercriminals impersonate Internet Crime Complaint Center (IC3) employees to defraud individuals. This new threat emerged in early April 2025, targeting victims through convincing…

Security Metrics Every CISO Needs to Report to the Board in 2025

In today’s rapidly evolving digital landscape, cybersecurity is no longer just a technical concern; it’s a strategic business priority. As organizations become more interconnected and cyber threats grow in complexity, boards of directors demand greater transparency and accountability from their…

Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials

In a concerning development for the open-source community, several malicious packages on npm and PyPI repositories have been discovered posing as legitimate developer tools while secretly harvesting cryptocurrency wallet credentials. These packages, which have accumulated thousands of downloads collectively, demonstrate…

Strategic Cybersecurity Budgeting – CISO Best Practices

In today’s rapidly evolving threat landscape, Chief Information Security Officers (CISOs) face the challenge of securing their organizations with finite resources against virtually unlimited threats. Strategic cybersecurity budgeting has emerged as a critical leadership function beyond simple cost allocation. Effective…

Hackers Leverage Windows MS Utility Tool to Inject Malicious DLL Payload

Threat actors are increasingly exploiting mavinject.exe, a legitimate Microsoft utility, to bypass security controls and compromise systems.  This sophisticated attack technique allows hackers to hide malicious activity behind trusted Windows processes. Mavinject.exe is the Microsoft Application Virtualization Injector, designed to…

New Rust Botnet Hijacking Routers to Inject Commands Remotely

A sophisticated new botnet malware written in the Rust programming language has been discovered targeting vulnerable router devices worldwide. Dubbed “RustoBot” due to its Rust-based implementation, this malware exploits critical vulnerabilities in TOTOLINK and DrayTek router models to execute remote…

CISA Warns Threat Hunting Staff to Stop Using Censys & VirusTotal

Hundreds of Cybersecurity and Infrastructure Security Agency (CISA) staff were notified this week that the organization is discontinuing critical cybersecurity tools used for threat hunting operations. Amid broader reductions across the cyber defense agency, CISA’s threat hunting division plans to…

Why CISOs Are Betting Big on AI, Automation & Zero Trust

CISOs are betting big on modern defenses as hybrid work, cloud migration, and advanced threats make traditional security frameworks obsolete. Ransomware, phishing, and AI-powered attacks now threaten data integrity and organizational survival. With global cybercrime costs projected to exceed $10…

Patching Vulnerabilities Faster Reduces Risks & Lower Cyber Risk Index

A significant correlation between vulnerability patching speed and reduced cybersecurity risks has emerged according to groundbreaking research released on March 25, 2025. Organizations implementing rapid patching protocols experienced a measurable decrease in their Cyber Risk Index (CRI), demonstrating the critical…

Bridging the Gap – CISOs and CIOs Driving Tech-Driven Security

In today’s hyper-connected business landscape, the convergence of technology and security has never been more critical. As organizations accelerate digital transformation, the roles of Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) have become increasingly intertwined. CISOs are…

The Psychology of Social Engineering – What Security Leaders Should Know

The Psychology of Social engineering is a persistent cybersecurity threat because it exploits the most unpredictable element: human behavior. Unlike technical exploits that attack system vulnerabilities, social engineering bypasses sophisticated defenses by manipulating people into breaking standard security procedures. Understanding…

WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently

Cybersecurity researchers have discovered a critical vulnerability in WinZip that enables attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, potentially allowing malicious code to execute without warning on victims’ computers. This serious security flaw, tracked as CVE-2025-33028, affects WinZip installations…