A sophisticated new cyberattack chain dubbed “KongTuke” has been uncovered by cybersecurity researchers, targeting unsuspecting internet users through compromised legitimate websites. Detailed in a report by Bradley Duncan of Palo Alto Networks’ Unit 42 team, this attack leverages malicious scripts…
Category: Cyber Security News
“IngressNightmare” Critical RCE Vulnerabilities in Kubernetes NGINX Clusters Let Attackers Gain Full Control
A recently discovered set of vulnerabilities, dubbed “IngressNightmare,” found in Ingress NGINX Controller, exposing clusters to unauthenticated remote code execution (RCE). Kubernetes dominates container orchestration, but its prominence has made it a target for exploitation. In Kubernetes, Ingress serves as…
Sec-Gemini v1 – Google Released a New AI Model for Cybersecurity
Google has made a big move to fight cyber threats by announcing Sec-Gemini v1, an experimental AI model designed to revolutionize cybersecurity. Elie Burzstein and Marianna Tishchenko from the Sec-Gemini team unveiled a new AI model designed to help cybersecurity…
Microsoft Celebrates 50th Anniversary!
Microsoft celebrated its 50th anniversary on April 4, 2025, reflecting on its journey since Bill Gates and Paul Allen founded the company in 1975. The milestone event, held at Microsoft’s Redmond, Washington headquarters, blended nostalgia with cutting-edge AI advancements, particularly…
CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, to its Known Exploited Vulnerabilities (KEV) Catalog. This stack-based buffer overflow, actively exploited since mid-March 2025, allows…
Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild – Apply Patch Now!
Ivanti has disclosed a critical vulnerability, CVE-2025-22457, affecting its Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products that are actively exploited in the wild. This stack-based buffer overflow flaw, with a CVSS score of 9.0, has…
Top 20 Best Endpoint Management Tools – 2025
Endpoint management tools are critical for organizations to efficiently manage and secure devices such as desktops, laptops, mobile devices, and IoT systems. These tools provide centralized control, allowing IT teams to enforce security policies, deploy software updates, and monitor device…
30 Best Cyber Security Search Engines In 2025
Cybersecurity search engines are specialized tools designed to empower professionals in identifying vulnerabilities, tracking threats, and analyzing data effectively. These platforms offer a wealth of information that generic search engines cannot provide, making them indispensable for cybersecurity researchers and professionals.…
EncryptHub Ransomware Unmasked Using ChatGPT & OPSEC Mistakes
A notorious threat actor operating under the alias “EncryptHub” has been exposed due to a series of operational security failures and unconventional use of AI tools. This Ukrainian cybercriminal, who fled his hometown approximately a decade ago, has been orchestrating…
10 Best IT Asset Management Tools In 2025
IT asset management (ITAM) software has become essential for businesses to efficiently track, manage, and optimize their hardware, software, and cloud resources. As we approach 2025, the landscape of ITAM tools continues to evolve, offering more advanced features and capabilities.…
Top 10 Best Password Managers in 2025
Password managers help to securely store and manage passwords, enhancing security and simplifying access across various platforms. Top password management solutions make password protection easy and effective for online security. These solutions securely store your passwords in a virtual safe…
Beware of Weaponized Recruitment Emails that Deliver BeaverTail and Tropidoor Malware
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors impersonate recruitment professionals to distribute dangerous malware payloads. On November 29, 2024, threat actors were found impersonating Dev.to, a popular developer community, to distribute malicious code hidden within project…
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials
A deceptive phishing campaign targeting mobile users with fake unpaid toll notifications has intensified significantly in recent months, evolving into one of the most sophisticated SMS-based credential theft operations currently active. This scheme represents a tactical shift in phishing methodology,…
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. The operation leverages compromised email infrastructure to distribute malicious content aimed at cryptocurrency wallet holders, particularly…
Hackers Leveraging URL Shorteners & QR Codes for Tax-Related Phishing Attacks
Cybercriminals are intensifying their efforts to exploit taxpayers through sophisticated phishing campaigns. These campaigns utilize tax-related themes as social engineering lures to steal credentials and deploy malware. What distinguishes this year’s attacks is the increased use of redirection methods such…
New Android Spyware That Asks Password From Users to Uninstall
A new type of Android spyware that requires a password for uninstallation has been identified, making it increasingly difficult for victims to remove the malicious software from their devices. A stealthy phone monitoring app that effectively blocks device owners from…
State Bar of Texas Confirms Data Breach Started Notifying Consumers
The State Bar of Texas has confirmed a significant data security incident that occurred in early 2025, compromising sensitive information of its members and clients. The breach, which was discovered on February 12, 2025, involved unauthorized access to the organization’s…
Top 10 Best XDR (Extended Detection & Response) Solutions – 2025
Extended Detection and Response (XDR) is a unified security incident platform that leverages AI and automation to protect organizations against advanced cyberattacks. XDR expands upon traditional endpoint detection and response (EDR) by integrating data from multiple sources, including endpoints, networks,…
Beware of Clickfix Lures ‘Fix Now’ & ‘Bot Verification’ That Downloads & Executes Malware
A sophisticated malware campaign dubbed “Clickfix” has emerged, targeting users through deceptive browser notifications and pop-ups that prompt immediate action through “Fix Now” and “Bot Verification” buttons. When triggered, these seemingly harmless prompts initiate a multi-stage infection chain that deploys…
Weaponized PDF-based Attacks Accounts 22% Out of 68% Malicious Attacks Via Email
A concerning trend in digital attacks: threat actors are weaponizing PDF files. According to CheckPoint Research, while 68% of all malicious attacks are delivered through email, PDF-based attacks now constitute 22% of all malicious email attachments, making them a significant security…
Critical Apache Parquet RCE Vulnerability Lets Attackers Run Malicious Code
A critical remote code execution (RCE) vulnerability has been discovered in Apache Parquet’s Java library, potentially affecting thousands of data analytics systems worldwide. The flaw, identified as CVE-2025-30065, carries the highest possible CVSS score of 10.0 and allows attackers to…
Malicious PyPI Package With Fully Automated Carding Script Attacking E-commerce Websites
A sophisticated malicious Python package named “disgrasya” has been discovered on the PyPI repository, containing a fully automated carding script specifically targeting WooCommerce stores. This package, whose name translates to “disaster” in Filipino slang, enables attackers to test stolen credit…
DeepSeek-R1 Prompts Exploited to Create Sophisticated Malware & Phishing Pages
A concerning security vulnerability has emerged in the AI landscape as researchers discover that DeepSeek-R1’s Chain of Thought (CoT) reasoning system can be exploited to create sophisticated malware and generate convincing phishing campaigns. The 671-billion-parameter model, designed to enhance reasoning…
New Credit Card Skimming Attack Leverages Chrome, Edge, & Firefox Extensions to Steal Financial Data
A sophisticated new credit card skimming operation dubbed “RolandSkimmer” has emerged, targeting users primarily in Bulgaria through malicious browser extensions. Named after the unique string “Rol@and4You” embedded in its payload, this attack represents a concerning evolution in web-based financial theft…
Australian Pension Funds Hacked – Members to LOSE Money from Their Accounts
Multiple major Australian superannuation funds have fallen victim to a sophisticated cyberattack that has compromised thousands of member accounts and resulted in confirmed financial losses. Cybersecurity experts have identified the attack as a coordinated OAuth token manipulation campaign coupled with…
React Router Flaw Exposes Web Apps to Cache Poisoning & WAF Bypass Attacks
A critical security vulnerability, CVE-2025-31137, has been identified in React Router, a popular library used by millions of developers for managing routing in React applications. Security researchers from zhero_web_security discovered this flaw, which affects both React Router 7 and Remix…
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has powerful new APIs specifically designed for advanced threat monitoring and security analysis. This major update, announced on March 13, 2025, introduces groundbreaking capabilities that significantly enhance the toolkit’s…
Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware
Security researchers have identified a critical vulnerability in Ivanti Connect Secure (ICS) VPN appliances that is being actively exploited by suspected Chinese threat actors. The vulnerability, tracked as CVE-2025-22457, is a buffer overflow flaw affecting ICS version 22.7R2.5 and earlier…
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
A critical security vulnerability in OpenVPN has been discovered that could allow attackers to crash servers, potentially disrupting secure communications for thousands of users worldwide. The vulnerability, identified as CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the…
Apache Traffic Server Vulnerability Let Attackers Smuggle Requests
A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks. The vulnerability, tracked as CVE-2024-53868, affects multiple versions of this high-performance HTTP proxy server…
Oracle Acknowledges Data Breach and Starts Informing Affected Clients
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking the second cybersecurity incident disclosed by the company in recent weeks. The breach, initially reported by a threat actor on Breachforums on March 20, 2025, has…
Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers
CISA warns of threat actors’ increasing adoption of the fast flux technique to evade detection and conceal malicious server infrastructures. As cybercriminal operations grow increasingly sophisticated, threat actors adopt advanced techniques like fast flux to mask malicious infrastructure, evade defensive measures, and…
New Phishing Campaign Attacking Investors to Steal Login Credentials
A sophisticated phishing campaign has emerged targeting users of Monex Securities, one of Japan’s largest online brokerage platforms formed through the merger of Monex, Inc. and Nikko Beans, Inc. Since early April 2025, attackers have deployed a series of fraudulent…
Hunters International Overlaps Hive Ransomware Attacking Windows, Linux, and ESXi Systems
A sophisticated ransomware operation known as Hunters International emerged in October 2023, with strong evidence suggesting connections to the formerly dismantled Hive ransomware group. The initial attack was documented on October 13, 2023, when the group disclosed their first victim—an…
DarkCloud Stealer Attacking Organizations with Weaponized .TAR Archive to Steal Passwords
A sophisticated cyber campaign leveraging the DarkCloud information stealer has targeted Spanish organizations across multiple critical sectors since early April 2025. The malware, distributed via weaponized .TAR archives embedded in phishing emails, exploits billing-themed lures to compromise technology, legal, financial,…
New Web Skimming Attack Uses Legacy Stripe API to Validate Stolen Card Details
A sophisticated web skimming campaign that employs a novel technique leveraging Stripe’s legacy API to validate payment card details before exfiltration. This tactic ensures attackers collect only valid payment information, making their operation more efficient while reducing the chances of…
Russian Seashell Blizzard Attacking Organizations With Custom-Developed Hacking Tools
A highly sophisticated Russian threat actor known as Seashell Blizzard (also tracked as APT44, Sandworm, and Voodoo Bear) has been conducting extensive cyber operations against organizations worldwide. Linked to Russian Military Intelligence Unit 74455 (GRU), this adversary has targeted critical…
Qilin Operators Mimic ScreenConnect Login Page to Deliver Ransomware & Gain Admin Access
A sophisticated ransomware attack targeted Managed Service Providers (MSPs) through well-crafted phishing emails designed to appear as authentication alerts for their ScreenConnect Remote Monitoring and Management (RMM) tool. This attack resulted in the deployment of Qilin ransomware across multiple customer…
Operation HollowQuill Weaponizing PDF Documents to Infiltrate Academic & Government Networks
A sophisticated cyber espionage campaign dubbed “Operation HollowQuill” has been uncovered targeting academic institutions and government agencies worldwide through weaponized PDF documents. The operation employs social engineering tactics, disguising malicious PDFs as research papers, grant applications, or government communiqués to…
AI-based Gray Bots Targeting Web Application, with Request of 17,000+ Per Hour
A new generation of sophisticated AI-powered Gray Bots has emerged, targeting web applications with unprecedented intensity. These bots utilize machine learning to mimic human behavior while generating over 17,000 requests per hour. Unlike traditional attacks, they adjust traffic patterns to…
SonicWall Firewall Vulnerability Exploited to Gain Unauthorized Network Access
Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access. The vulnerability tracked as CVE-2024-53704, with a critical CVSS score of 9.8, allows remote attackers to hijack active SSL VPN sessions without requiring…
EvilCorp & RansomHub Working Together to Attack Organizations Worldwide
A dangerous partnership has emerged in the cybercriminal landscape, as EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has begun working with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This collaboration, identified through shared indicators of compromise (IOCs) and tactics,…
Cisco AnyConnect VPN Server Vulnerability Let Attacker Trigger DoS Condition
Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks. The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger denial of service (DoS) conditions…
Hackers Leveraging DeepSeek & Remote Desktop Apps to Deliver TookPS Malware
Cybersecurity experts have uncovered a sophisticated malware campaign that initially exploited the popular DeepSeek LLM as a lure but has now expanded significantly. In early March 2025, researchers identified malicious operations using DeepSeek as bait, but subsequent telemetry analysis has…
Hackers Actively Scanning for Juniper’s Smart Router With Default Password
Recent network monitoring data from SANS reveals a significant spike in targeted scans seeking to exploit default credentials in Juniper Networks’ Session Smart Router (SSR) platform. Security researchers have observed a massive coordinated campaign attempting to identify and compromise vulnerable…
Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control
A new sophisticated attack campaign targeting Apache Tomcat servers has emerged, with attackers deploying encrypted and encoded payloads designed to run on both Windows and Linux systems. The attack chain begins with brute-force attempts against Tomcat management consoles using commonly…
Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums
A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments. The malware advertisement, discovered on Thursday,…
New Malware Attacking Magic Enthusiasts to Steal Login Credentials
A sophisticated new malware campaign targeting the magic community has emerged. Dubbed “AbracadabraStealer,” this malware steals login credentials from magic forums, online shops, and streaming platforms where enthusiasts store payment information. The attackers have crafted a particularly deceptive operation that…
Multiple Jenkins Plugins Vulnerability Let Attackers Access Sensitive Information
The Jenkins project has disclosed multiple security vulnerabilities affecting its core platform and several plugins, exposing organizations to potential data breaches and code execution attacks. Eight distinct vulnerabilities observed across Jenkins core and various plugins that could allow attackers to…
Google’s Quick Share for Windows Vulnerability Let Attackers Remote Code
Critical vulnerabilities in Google’s Quick Share file transfer utility for Windows allowed attackers to achieve remote code execution (RCE) without user interaction. The flaws exposed millions of Windows users to potential attacks through this peer-to-peer data transfer application. Ten unique…
SmokeLoader Malware Using Weaponized 7z Archive to Distribute Infostealers
A sophisticated malware campaign leveraging SmokeLoader has been identified targeting the First Ukrainian International Bank. Attackers are using weaponized 7z archives as the initial attack vector, leading to the deployment of infostealer malware through a complex infection chain. The attack…
Hackers Exploit Default Voicemail Passwords to Hijack Telegram Accounts
A sophisticated attack campaign targeting Telegram users has emerged, with cybercriminals exploiting a commonly overlooked vulnerability: default voicemail passwords. Security experts have identified a surge in account hijacking incidents, particularly in Israel, where attackers leverage voicemail systems to intercept authentication…
1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack
A widespread cryptojacking campaign targeting poorly secured PostgreSQL database servers has impacted over 1,500 victims globally. The attack leverages fileless execution techniques and credential brute-forcing to deploy Monero (XMR)-mining malware while evading traditional cloud workload protection (CWPP) tools. Security analysts…
Verizon Call Filter App Vulnerability Let Attackers Access Call History Logs
A critical security vulnerability in the Verizon Call Filter iOS app exposed the incoming call records of potentially millions of Verizon Wireless customers, allowing unauthorized access to sensitive communication metadata without device compromise or user notification. Independent security researcher Evan…
39M Secret API Keys & Credentials Leaked from GitHub – New Tools to Revamp Security
GitHub has revealed that over 39 million secrets were leaked across its platform in 2024 alone, prompting the company to launch new security tools to combat this persistent threat. The exposed secrets include API keys, credentials, tokens, and other sensitive…
GoResolver – A New Tool to Analyze Golang Malware & Extract Obfuscated Functions
GoResolver, a ground-breaking open-source tool, was unveiled to address one of the most persistent issues in malware analysis: deobfuscating Golang binaries. Developed by Volexity, this innovative solution employs control-flow graph similarity techniques to recover obfuscated function names, significantly enhancing reverse…
Authorities Taken Down Child Abuse Platform “Kidflix” With 2M+ Users
In one of the largest coordinated law enforcement operations against online child exploitation, authorities have dismantled Kidflix, a major streaming platform for child sexual abuse material (CSAM) that had amassed 1.8 million users worldwide. The international operation codenamed “Operation Stream,”…
10 Best Open-Source Blue Team Tools – 2025
Companies evaluate their cybersecurity posture and protect network infrastructure implementations by employing cybersecurity experts to undertake security assessments. The organization may engage penetration testers to conduct offensive attacks against the established security measures for the infrastructure. The company will concurrently…
Sophisticated QR Code Phishing Attack Targeting Microsoft 365 Users to Steal Logins
A new sophisticated phishing campaign leveraging QR codes to steal Microsoft 365 login credentials has emerged in the cybersecurity landscape. This attack represents a significant evolution in phishing tactics, combining social engineering with technical sophistication to bypass traditional email security…
WinRAR “Mark of the Web” Bypass Vulnerability Let Attackers Arbitrary Code
A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has been assigned a CVSS score…
Prince Ransomware – An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub
Cybersecurity experts observed the emergence of a concerning trend in which ransomware attacks leveraging malware created with an open-source tool called “Prince Ransomware.” This Go-language builder was freely available on GitHub, significantly lowering the technical barrier for attackers to launch…
Cisco Smart Licensing Utility Vulnerabilities Let Attackers Gain Admin Access
Two critical vulnerabilities were actively exploited in Cisco Smart Licensing Utility, potentially allowing attackers to gain administrative access to affected systems. Organizations running vulnerable software versions are urged to apply patches immediately as exploitation attempts continue to increase. According to…
Gootloader Malware Attacking Users Via Google Search Ads Using Weaponized Documents
The notorious Gootloader malware has reemerged with evolved tactics, now leveraging Google Search advertisements to target users seeking legal document templates. This sophisticated campaign specifically promotes “free” legal templates, primarily non-disclosure agreements, through sponsored search results that appear legitimate to…
ChatGPT Down For Thousands Of Users Worldwide – Latest Outage Updates
ChatGPT, the popular AI chatbot developed by OpenAI, experienced a significant outage on April 2, 2025. The outage impacted thousands of users globally and left many users unable to access the service. Users in India, the United States, and other…
New Outlaw Linux Malware Leveraging SSH Brute-Forcing & Corn Jobs to Maintain Persistence
Outlaw has emerged as a persistent Linux malware that continues to infect systems worldwide despite its relatively unsophisticated techniques. This malware has demonstrated remarkable longevity in the threat landscape by leveraging simple yet effective tactics such as SSH brute-forcing, strategic…
20,000 WordPress Sites Vulnerable to Arbitrary File Upload and Deletion Attacks
Critical security vulnerabilities discovered in a popular WordPress plugin have placed more than 20,000 websites at risk of complete site takeover. Security researchers identified two high-severity flaws in the WP Ultimate CSV Importer plugin that could allow even low-privileged users…
Apple Fined $162 Million by French Authorities for Mobile App Advertising Dominance
French antitrust regulators have imposed a €150 million ($162.4 million) fine on Apple for abusing its dominant market position through its App Tracking Transparency (ATT) framework, marking the first regulatory penalty specifically targeting this privacy control mechanism. The French Competition…
Google Cloud Platform Privilege Escalation Vulnerability Allows Access to Sensitive Data
A significant security vulnerability in Google Cloud Platform (GCP) that could have allowed attackers to access private container images stored in Google Artifact Registry and Google Container Registry. The vulnerability, dubbed “ImageRunner,” has been fixed but highlights a concerning privilege…
Firefox 137 Released With Fix for Multiple High Severity Vulnerabilities
Mozilla has officially released Firefox 137, addressing multiple high-severity security vulnerabilities that could potentially allow remote attackers to execute arbitrary code, trigger denial of service conditions, or elevate privileges on affected systems. This critical security update, announced on April 1,…
Top Ten Passwords Used by Hackers to Attack the RDP Servers
The most common passwords hackers are using in attacks against Remote Desktop Protocol (RDP) services, highlighting critical vulnerabilities in many organizations’ security postures. The Specops research team analyzed 15 million passwords used in live attacks against RDP ports, revealing that…
Attackers Leveraging JavaScript & CSS to Steal User Browsing History
Web browsing history, a feature designed to enhance user convenience by styling visited links differently, has inadvertently become a privacy vulnerability exploited by attackers. While this functionality helps users navigate websites by visually distinguishing visited links, it also opens the…
Google Brings End-to-End Encryption for Gmail Business Users
Google has launched a new end-to-end encryption (E2EE) model for Gmail enterprise users, marking a significant advancement in email security that allows business customers to send fully encrypted emails to any recipient with minimal technical complexity. Announced on April 1,…
New Android Malware ‘Salvador Stealer’ That Phish & Steals Your Banking Details & OTPs
Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. This multi-stage malware masquerades as legitimate banking applications to trick users into revealing sensitive financial…
Multiple Chrome Vulnerabilities Let Attackers Execute Arbitrary Code
Google has rolled out a critical security update for Chrome 135 across all desktop platforms. The update addresses fourteen vulnerabilities, including high-severity flaws that could enable remote code execution. The stable channel update (135.0.7049.52 for Linux, 135.0.7049.41/42 for Windows/macOS) comes…
Channel Triggered Backdoor Attack in Wireless Channels Let Attackers Read Passwords
Cybersecurity researchers have uncovered a sophisticated new attack method that exploits wireless communication channels to create covert backdoors, enabling threat actors to capture sensitive credentials without detection. This technique, dubbed “Channel Triggered Backdoor Attack,” manipulates subtle variations in wireless signals…
Hackers Actively Targeting SonicWall, Zoho, F5 & Ivanti Systems to Exploit Vulnerabilities
A significant surge in cyberattacks targeting enterprise network appliances and remote access tools has put global organizations on high alert. On March 28, 2025, GreyNoise observed a 300% increase in malicious activity directed at SonicWall firewalls, Zoho ManageEngine platforms, F5…
Exploiting Side-Channel Leakage Enable Successful Exploitations on The Latest Linux Kernel
In a concerning development for Linux kernel security, researchers have demonstrated how side-channel leakage in kernel defenses can be exploited to compromise even the latest Linux kernels. The technique, detailed in a USENIX Security paper, reveals how certain kernel defenses…
CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS
The Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories on April 1, 2025, highlighting significant vulnerabilities in critical infrastructure components. These advisories, ICSA-25-091-01 and ICSA-24-331-04, address security flaws in Rockwell Automation and Hitachi Energy products…
Sliver Framework Customized to Boost Evasion & Bypass EDR Detections
Sliver, a multi-platform Command & Control framework written entirely in Go, has gained significant traction in offensive security since its 2020 release. The framework provides red teams with powerful post-exploitation capabilities, but as its user base has expanded, detection has…
Python Officially Unveils New Standard Lock File Format to Improve Security
Python has officially standardized a lock file format with the acceptance of PEP 751 marking a significant milestone for the Python packaging ecosystem. The new format, named pylock.toml, addresses long-standing issues with dependency management by providing a standardized way to…
Ransomware Is a Core Threat Across 93% of Industries – Resilience Key
Ransomware has emerged as one of the most devastating cyberthreats facing organizations today, capable of bringing even thriving businesses to their knees within hours. As digital transformation accelerates across sectors, the attack surface for these malicious campaigns continues to expand,…
New Wave of IRS Attacks Targeting Tax Payers Mobile Devices
Cybersecurity experts have identified a sophisticated phishing campaign specifically targeting taxpayers through their mobile devices. The attacks leverage the heightened anxiety of last-minute tax filers, creating a perfect storm for cybercriminals looking to harvest sensitive personal and financial information. These…
CISA Warns of Apache Tomcat Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Apache Tomcat vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-24813, allows remote attackers to execute arbitrary…
New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload
Cybersecurity researchers identified a sophisticated malware campaign leveraging a new variant of KoiLoader, a modular payload delivery system notorious for distributing information stealers like Koi Stealer. This updated strain employs PowerShell scripts embedded within Windows shortcut (LNK) files to bypass…
Hackers Leverage Microsoft Teams Message to Drop Malicious Payload
A sophisticated multi-stage attack where threat actors leverage Microsoft Teams to deliver malicious payloads, establishing persistence and remote access to corporate networks. This new attack vector exploits Teams’ perceived security as an internal business application, allowing attackers to bypass traditional…
APT34 hackers Using New Custom Malware to Attack Finance & Telecomm Industries
A sophisticated cyber espionage campaign attributed to Iranian state-sponsored group APT34 (OilRig) has targeted Iraqi governmental entities and critical infrastructure sectors since late 2024, leveraging new malware variants designed to evade conventional security measures. The group, active since 2012, has…
Top 3 Techniques To Improve Threat Hunting In Your Company
Threat hunting isn’t just a job — it’s an adventure. There’s a thrill in proactively chasing down adversaries who think they’ve outsmarted your defenses. It’s this blend of challenge, creativity, and impact that makes threat hunting not only fun but…
Kentico Xperience CMS XSS Vulnerability Let Attackers Execute Remote Code
A critical security flaw in Kentico Xperience CMS, a widely used enterprise content management system (CMS), has been uncovered. By exploiting a Cross-Site Scripting (XSS) vulnerability, attackers can execute remote code. This vulnerability, tracked as CVE-2025-2748, affects versions of Kentico…
EncGPT – AI-agent that Dynamically Generates Encryption & Decryption Rules
Researchers from Xi’an Jiaotong University have introduced EncGPT, an AI-powered multi-agent framework that dynamically generates encryption and decryption rules. This innovation addresses critical challenges in communication security, balancing cost-efficiency and high-level encryption reliability. EncGPT leverages large language models (LLMs) to…
VMware Aria Operations Vulnerability Exposes Systems to Privilege Escalation Attacks
VMware has issued a critical security advisory (VMSA-2025-0006) addressing a high-severity local privilege escalation vulnerability (CVE-2025-22231) in its Aria Operations platform. The flaw, rated 7.8 on the CVSSv3 scale, allows attackers with local administrative access to gain root-level control over…
Plantronics Hub Vulnerability Let Attackers Escalate Privileges
A critical security vulnerability in Plantronics Hub software enables attackers to escalate privileges through an unquoted search path weakness. Affecting versions 3.24.5 through 3.25.2, this vulnerability becomes particularly dangerous when installed alongside OpenScape Fusion for MS Office, which is often…
HijackLoader With New Modules to Hide Functions & Detect Malware Analysis
HijackLoader, a sophisticated malware loader initially discovered in 2023, has evolved with new advanced modules designed to evade security detection and analysis. Also known as IDAT Loader and GHOSTPULSE, this modular malware not only delivers second-stage payloads but also employs…
Samsung Data Leak – Threat Actors Leak 270,000 Customers Tickets Data
A significant data breach has hit Samsung Germany as threat actor “GHNA” has released 270,000 customer support tickets for free on hacking forums. The breach, which occurred in March 2025, exposes extensive personal and transactional data from Samsung’s German operations…
Rockwell Automation Vulnerability Let Attackers Gain Access to Run Arbitrary Commands
A high-severity security vulnerability (CVE-2025-1449) affecting its Verve Asset Manager product could allow attackers with administrative access to execute arbitrary commands. The vulnerability, discovered in versions 1.39 and earlier, has been assigned a CVSS Base Score of 9.1 (v3.1), indicating…
Top 30 Best Penetration Testing Tools – 2025
Penetration testing, also known as ethical hacking, is a critical process in cybersecurity aimed at identifying and addressing vulnerabilities within systems, networks, and applications. By simulating real-world attacks, penetration testing helps organizations uncover weaknesses before malicious actors can exploit them.…
Check Point Acknowledges Data Breach, Claims Information is ‘Old
Check Point Software Technologies has confirmed a data breach following claims by threat actor CoreInjection on March 30th, 2025, but insists the incident is an “old, known and very pinpointed event” from December 2024 that had already been addressed. The…
Linux Lite 7.4 Final Released with GUI Updates & Bug Fixes
Linux Lite 7.4 Final has officially been released and is now available for download. This latest iteration of the lightweight Linux distribution brings several GUI improvements, bug fixes, and code updates while maintaining its focus on user-friendly computing for both…
Microsoft Uncovers Several Vulnerabilities in GRUB2, U-Boot, Barebox Bootloaders Using Copilot
Microsoft has discovered multiple critical vulnerabilities affecting widely used bootloaders including GRUB2, U-Boot, and Barebox. These security flaws potentially expose systems to sophisticated boot-level attacks that could compromise devices before operating systems even initialize, allowing attackers to gain persistent and…
CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild. The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU)…
CrushFTP Vulnerability Exploited in Attacks Following PoC Release
Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code. Based on Shadowserver Foundation’s most recent monitoring data, approximately 1,512 unpatched instances remain vulnerable globally as…