Category: Cyber Security News

Cisco has issued security advisories for multiple vulnerabilities affecting its IOS XR Software, with particular emphasis on a significant memory corruption vulnerability in the Border Gateway Protocol (BGP) confederation implementation.  The vulnerability tracked as CVE-2025-20115, with a CVSS score of…

Read more →

Microsoft Threat Intelligence has identified an ongoing phishing campaign impersonating Booking.com to deliver credential-stealing malware. The campaign, which began in December 2024, targets hospitality organizations in North America, Oceania, Asia, and Europe. This sophisticated attack specifically aims at individuals in…

Read more →

Researchers have identified a series of sophisticated attacks by the notorious Lazarus group targeting South Korean web servers.  The threat actors have been breaching IIS servers to deploy ASP-based web shells, which are subsequently used as first-stage Command and Control…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued multiple Industrial Control Systems (ICS) advisories highlighting significant security vulnerabilities across various critical infrastructure sectors.  These advisories reveal several high-severity and critical vulnerabilities that demand immediate attention from organizations operating…

Read more →

Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been extradited to the United States on charges related to his alleged role as a developer for the notorious LockBit ransomware group.  The extradition, which took place on March 13,…

Read more →

Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python’s official third-party software repository.  This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive…

Read more →

Two sophisticated phishing campaigns were observed targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities combined with brand impersonation techniques.  Threat researchers are warning organizations about these highly targeted attacks designed to bypass traditional security controls and achieve account takeover…

Read more →

A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand.  The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher,…

Read more →

Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of…

Read more →

Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. These tools range from breach and attack simulation (BAS) platforms to adversary emulation frameworks. Here are some of the top…

Read more →

QR code Phishing, or “Quishing,” is a cyber threat that exploits the widespread use of QR (Quick Response) codes in phishing attacks.  Quishing takes advantage of the recent high-use volume and increasing popularity of QR codes. These codes, which can…

Read more →

Siemens has disclosed a critical security vulnerability affecting specific SINAMICS S200 drive systems that could allow attackers to compromise devices by exploiting an unlocked bootloader.  The vulnerability, tracked as CVE-2024-56336 and has received the highest severity ratings with a CVSS…

Read more →

As organizations increasingly integrate Microsoft Copilot into their daily workflows, cybercriminals have developed sophisticated phishing campaigns specifically targeting users of this AI-powered assistant.  Microsoft Copilot, which launched in 2023, has rapidly become an essential productivity tool for many organizations, integrating…

Read more →

A significant data breach involving sensitive healthcare worker information has been discovered, exposing over 86,000 records belonging to ESHYFT, a New Jersey-based HealthTech company.  Cybersecurity researcher Jeremiah Fowler identified an unprotected AWS S3 storage bucket containing approximately 108.8 GB of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited zero-day vulnerability in Apple’s WebKit browser engine, tracked as CVE-2025-24201. This vulnerability, an out-of-bounds write issue, could allow attackers to execute unauthorized code on vulnerable devices. The…

Read more →

CISA has issued a warning regarding a newly discovered vulnerability affecting Juniper Networks’ Junos OS. The vulnerability, identified as CVE-2025-21590, involves an improper isolation or compartmentalization issue within the operating system’s kernel. This flaw could allow a local attacker with…

Read more →

Microsoft has patched a critical Windows Kernel vulnerability that has been actively exploited for nearly two years.  The vulnerability, tracked as CVE-2025-24983, was included in the company’s March 2025 Patch Tuesday release in March. According to cybersecurity firm ESET, which…

Read more →

A significant security vulnerability has been identified in Apache NiFi, allowing potential attackers with specific access privileges to expose MongoDB authentication credentials.  The vulnerability, tracked as CVE-2025-27017 (NIFI-14272), affects multiple versions of the Apache NiFi data processing system and could…

Read more →

Bitdefender has disclosed two critical vulnerabilities affecting its BOX v1 device that could allow network-adjacent attackers to execute Man-in-the-Middle (MITM) attacks, potentially leading to remote code execution.  The vulnerabilities, assigned CVE-2024-13872 and CVE-2024-13871, both received a CVSS score of 9.4,…

Read more →

Mozilla has issued an urgent warning to Firefox users worldwide, emphasizing the critical need to update their browsers before March 14, 2025, when a vital root certificate will expire.  This expiration threatens to disable extensions, break DRM-protected content playback, and…

Read more →

A sophisticated new Android malware campaign linked to North Korean hackers has been discovered, posing a significant security threat that managed to infiltrate Google’s official Play Store. The spyware, dubbed “KoSpy,” targets Korean and English-speaking users by disguising itself as…

Read more →

A severe vulnerability in Tenda AC7 Routers running firmware version V15.03.06.44 allows malicious actors to execute arbitrary code and gain root shell access.  The flaw originates from a stack overflow vulnerability in the router’s formSetFirewallCfg function. Attackers can use a…

Read more →

A critical vulnerability in the widely used FreeType font rendering library has been discovered and is reportedly being exploited in the wild, posing a serious security threat to millions of devices across multiple platforms. Security researchers have identified the flaw,…

Read more →

The cybersecurity landscape has witnessed a concerning development as the threat actor group known as Blind Eagle (also tracked as APT-C-36) has launched a sophisticated campaign targeting organizations primarily in South America with a novel attack vector. The group, known…

Read more →

A sophisticated malware campaign targeting mobile users in South Korea has been uncovered, with clear links to North Korean threat actors. The malicious application, masquerading as a “Document Viewing Authentication App” (문서열람 인증 앱). This malicious app was identified through…

Read more →

A sophisticated malware campaign is targeting Windows users through deceptive CAPTCHA verification prompts that trick victims into executing malicious PowerShell scripts. This resurgence of fake CAPTCHA attacks, identified in early February 2025, represents a growing threat as attackers continue to…

Read more →

Cybersecurity researchers have identified a cluster of servers hosting JSPSpy, a Java-based webshell first observed in 2013, now being deployed alongside a rebranded file management tool. The webshell features a graphical interface enabling remote access and file management capabilities, making…

Read more →

GitLab has released critical security patches for multiple vulnerabilities that could potentially allow attackers to authenticate as legitimate users or even execute remote code under specific circumstances.  The company has urged all self-managed GitLab installations to immediately upgrade to versions…

Read more →

A highly sophisticated ransomware variant named Medusa has compromised over 300 organizations worldwide from critical infrastructure sectors. The attacks have targeted a wide array of industries including medical, education, legal, insurance, technology, and manufacturing sectors, demonstrating the threat actor’s broad…

Read more →

A sophisticated malware campaign, tracked as OBSCURE#BAT, has been identified using heavily obfuscated batch scripts to install stealthy rootkits, allowing attackers to maintain persistent access to compromised systems while avoiding detection. This campaign uses social engineering tactics and deceptive file…

Read more →

Fortinet has released a comprehensive security update addressing numerous vulnerabilities across its product portfolio, with particularly significant issues identified in FortiSandbox, FortiOS, and several other enterprise security solutions.  These vulnerabilities range from medium to high severity and could potentially allow…

Read more →

In a significant cybersecurity breach discovered in mid-2024, a sophisticated threat actor deployed custom backdoors on Juniper Networks’ Junos OS routers. The intrusion represents an alarming development in the targeting of critical network infrastructure by nation-state actors, with potential implications…

Read more →

The United States Department of Justice unveiled charges against twelve Chinese nationals on March 5, 2025, accusing them of orchestrating a sophisticated global cyber espionage campaign targeting critical American infrastructure, government agencies, and dissidents.  The indictments mark a significant escalation…

Read more →

Cisco has disclosed a high-severity privilege escalation vulnerability (CVE-2025-20138) in its IOS XR Software. This vulnerability enables authenticated local attackers to execute arbitrary commands as the root user on affected devices. The flaw, with a CVSS score of 8.8, impacts…

Read more →

Recent security disclosures reveal multiple high-severity vulnerabilities in Zoom’s client software, exposing millions of users to potential data breaches, privilege escalation, and unauthorized access.  The most critical flaws, patched in Zoom’s March 11, 2025, security bulletin, include CVE-2025-27440 (heap-based buffer…

Read more →

Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. Victims are tricked into clicking a fake company policy notice, leading them straight to a phishing…

Read more →

The National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a security advisory regarding an Advanced Persistent Threat (APT) attack campaign targeting organizations in Japan. The campaign, attributed to a threat actor…

Read more →

A new wave of cyberattacks utilizing the Dark Crystal RAT (DCRat) backdoor has been targeting users since early 2025 through YouTube distribution channels. Cybercriminals create or compromise YouTube accounts to upload videos advertising gaming cheats, cracks, and bots that appeal…

Read more →

NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms.  The update, detailed in a March 10, 2025 security bulletin, impacts…

Read more →

Security researchers have uncovered a sophisticated XML External Entity (XXE) injection vulnerability in PHP applications that could allow attackers to access sensitive configuration files and private keys. The vulnerability, discovered by researcher Aleksandr Zhurnakov, affects PHP applications using certain libxml…

Read more →

Microsoft has released its March security update, addressing 57 vulnerabilities across its product range, including six critical flaws. Among the critical vulnerabilities are CVE-2025-24035 and CVE-2025-24045, both Remote Code Execution (RCE) vulnerabilities in Windows Remote Desktop Services (RDS). Each vulnerability…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) escalated its cybersecurity alert, by adding six critical Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, with four directly impacting the New Technology File System (NTFS).  These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993,…

Read more →

A newly discovered Python-based backdoor called AnubisBackdoor is enabling threat actors to execute remote commands on compromised systems while completely evading detection by most antivirus solutions. Developed by the notorious threat group Savage Ladybug (also known as FIN7), this malware…

Read more →

A disturbing trend of sophisticated attacks recently detected by researchers specifically designed to evade multi-factor authentication (MFA) protections. These advanced techniques, which exploit vulnerabilities in authentication workflows rather than the authentication factors themselves, have enabled attackers to gain unauthorized access…

Read more →

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects and executes when developers build these projects. This is the first known XCSSET variant since 2022, featuring enhanced obfuscation methods, updated…

Read more →

A threat actor operating under the alias “Rey” has allegedly compromised the internal systems of Jaguar Land Rover (JLR), one of the United Kingdom’s most prominent automotive manufacturers, and leaked approximately 700 internal documents containing sensitive technical and operational data. …

Read more →

A critical security flaw in Apache Camel’s header validation mechanism allows attackers to execute arbitrary system commands by exploiting case-sensitive header injection.  A POC released for CVE-2025-27636, this vulnerability impacts Apache Camel versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3, exposing systems using…

Read more →

Google has issued an urgent advisory to owners of Chromecast 2nd Generation (2015) and Chromecast Audio devices, warning against factory resets as a global outage linked to an expired security certificate renders these devices inoperable.  The company confirmed that it…

Read more →

A sophisticated malware campaign leveraging artificial intelligence to create deceptive GitHub repositories has been observed distributing SmartLoader payloads that ultimately deploy Lumma Stealer, a dangerous information-stealing malware.  This operation exploits GitHub’s trusted reputation to bypass security defenses, targeting users seeking…

Read more →

Japanese telecommunications conglomerate NTT Communications (NTT Com) disclosed this week that threat actors infiltrated its internal systems in February, compromising sensitive data belonging to 17,891 corporate clients globally.  The breach, detected on February 5, marks the latest in a series…

Read more →

A critical security vulnerability (CVE-2024-56325) in Apache Pinot, the open-source distributed OLAP datastore used by LinkedIn, Uber, and Microsoft for real-time analytics, allows unauthenticated attackers to bypass authentication controls and gain full system access.  Rated 9.8 on the CVSS v3…

Read more →

A newly identified botnet, tracked as Eleven11bot, has compromised approximately 30,000 internet-connected devices—primarily security cameras and network video recorders (NVRs)—to launch distributed denial-of-service (DDoS) attacks against critical infrastructure.  Discovered by Nokia Deepfield’s Emergency Response Team (ERT) on February 26, 2025,…

Read more →

A critical vulnerability in SolarWinds’ Web Help Desk software (CVE-2024-28989) allowed attackers to decrypt sensitive credentials, including database passwords and LDAP/SMTP authentication secrets, through cryptographic weaknesses in its AES-GCM implementation.  Patched in version 12.8.5, the flaw stemmed from predictable encryption…

Read more →

Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March update included fixes for: In addition to the…

Read more →

SIM swap attacks have emerged as a growing cybersecurity threat, with security researchers documenting a 38% increase in successful attacks during the first quarter of 2025. These sophisticated attacks involve criminals convincing mobile carriers to transfer a victim’s phone number…

Read more →

A series of ongoing, targeted cyber campaigns by Blind Eagle (APT-C-36), one of Latin America’s most dangerous threat actors primarily targeting Colombia’s justice system, government institutions, and private organizations were recently unveiled by Check Point Research (CPR). The group has…

Read more →

Artificial intelligence has emerged as a formidable weapon in the cybercriminal arsenal, enabling attacks with unprecedented precision, speed, and scale. Security experts warn that cybercriminals are increasingly leveraging automated AI systems to penetrate networks, steal data, and deploy intelligent viruses…

Read more →

Mandiant researchers, part of Google’s cybersecurity division, have uncovered several critical security bugs in Microsoft’s Time Travel Debugging (TTD) framework. The findings reveal significant instruction emulation inaccuracies that could potentially compromise security analyses and incident response investigations, leading analysts to…

Read more →

In a rapidly evolving digital landscape where cyber threats emerge daily, ANY.RUN is empowering Security Operations Centers (SOCs) worldwide with its cutting-edge Threat Intelligence (TI) Feeds. These continuously updated streams of Indicators of Compromise (IOCs) are designed to help organizations…

Read more →

Multiple critical vulnerabilities in ICONICS SCADA systems were uncovered recently by the researchers from Palo Alto Networks’ Unit 42, widely deployed across government, military, manufacturing, and utility sectors. The security flaws, discovered in ICONICS Suite versions 10.97.2 and 10.97.3 for…

Read more →

A sophisticated new ransomware strain dubbed “Ebyte” targeting Windows systems across North America and Europe. The ransomware has compromised thousands of systems since its detection three weeks ago, utilizing advanced encryption tactics that have challenged security experts. Initial infection vectors…

Read more →

A large-scale malware campaign targeting Android users through fraudulent Google Play Store download pages has been uncovered recently by CTM360. The sophisticated operation, which they’ve named ‘PlayPraetor,’ has infected thousands of devices across South-East Asia, particularly targeting financial institutions and…

Read more →

FortiGuard Labs has recently uncovered more than 5,000 malicious software packages designed to compromise Windows systems. These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data…

Read more →

Cybersecurity researchers have identified intensified activity from the SideWinder APT group throughout 2024, with significant updates to their toolset and expanded targeting beyond traditional military and government entities. Recent findings reveal that SideWinder has developed a massive new infrastructure to…

Read more →

The historical vulnerability of NULL pointer dereferences in macOS that previously allowed attackers to execute arbitrary code with kernel privileges has been unveiled recently by security analysts. Despite modern systems having robust mitigations, understanding these historical attack vectors provides valuable…

Read more →

A critical security vulnerability in Apache Tomcat (CVE-2025-24813) has exposed servers to remote code execution (RCE), information disclosure, and data corruption risks.  The flaw, rooted in improper handling of partial HTTP PUT requests, affects Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1…

Read more →

The Linux kernel has taken a significant step toward improved security with the growing adoption of Rust programming language components aimed at eliminating memory safety bugs. The Rust for Linux project has reached a critical tipping point, with multiple drivers…

Read more →

A critical security flaw in Veritas’ Arctera InfoScale product line has exposed enterprise systems to remote code execution (RCE) attacks, underscoring persistent risks in disaster recovery infrastructure.  Tracked as CVE-2025-27816, the vulnerability (CVSS v3.1 score: 9.8) resides in the Windows…

Read more →

A critical Android vulnerability identified as CVE-2024-31317 has been discovered that allows attackers to execute arbitrary code with system privileges. The “Zygote Injection” vulnerability affects devices running Android 11 or older and enables attackers to escalate privileges from a shell…

Read more →

A sophisticated malware toolkit known as Ragnar Loader has been identified as a critical component in targeted ransomware attacks. The loader, also known as Sardonic Backdoor, serves as the primary infiltration mechanism for the Monstrous Mantis ransomware group, formerly known…

Read more →

A sophisticated cybercriminal group known as EncryptHub has successfully compromised approximately 600 organizations through a multi-stage malware campaign. The threat actor exploited operational security mistakes, inadvertently exposing critical elements of their infrastructure, which allowed researchers to map their tactics with…

Read more →

Google has rolled out a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could enable arbitrary code execution and sandbox escapes.  The Stable Channel Update 134.0.6998.88/.89 for Windows and Mac, and 134.0.6998.88 for Linux, released on…

Read more →

Passwordless authentication tools are revolutionizing digital security by eliminating the reliance on traditional passwords. Instead, they use advanced technologies such as biometrics (fingerprints, facial recognition), hardware tokens, or one-time passcodes to verify user identities. This approach significantly enhances security by…

Read more →

CISA has likely added two VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by the XE Group. These vulnerabilities impact VeraCore, a warehouse management software by Advantive, critical for supply chains in…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) updated its KEV catalog on March 10, 2025, to include three newly identified vulnerabilities in Ivanti Endpoint Manager (EPM), a widely used enterprise software for managing endpoints. The KEV catalog tracks vulnerabilities actively…

Read more →

Security researchers have identified a sophisticated attack campaign attributed to APT37, a North Korean state-sponsored hacking group also known as ScarCruft, Reaper, and Red Eyes. The group, active since 2012, has expanded its targets from South Korea to include Japan,…

Read more →

A security researcher known as newp1ayer48 has successfully demonstrated a method to extract firmware from IoT and embedded devices using direct Flash Memory dumps, providing valuable insights for security professionals and bug bounty hunters. The technique, while potentially risky for…

Read more →

Apple has taken another step toward the official release of iOS 18.4 by seeding the third developer beta of the update to testers late on March 10, 2025. This latest beta, identified by build number 22E5222f, arrives just one week…

Read more →

IT systems management tools are essential for organizations to monitor, manage, and optimize their IT infrastructure effectively. These tools provide comprehensive solutions for handling networks, servers, applications, and devices, ensuring seamless operations and improved productivity. SolarWinds stands out with its…

Read more →

A two-year coordinated effort by cybersecurity firms and law enforcement agencies has significantly reduced the illicit use of Cobalt Strike, a legitimate penetration testing tool frequently weaponized by ransomware operators and nation-state actors.  According to Fortra, Microsoft’s Digital Crimes Unit…

Read more →

Multiple US organizations reported receiving suspicious physical letters claiming to be from the BianLian ransomware group. These letters have been delivered via regular mail to executive team members, falsely asserting that the recipient’s corporate IT network has been compromised and…

Read more →

X (formerly Twitter) experienced a global outage today, March 10, 2025, leaving many users unable to access the platform. The disruption, which affected both the app and website, sparked frustration and confusion among users worldwide. Reports of the outage began…

Read more →

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity.  Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects nine PT switch models and stems from weaknesses in the…

Read more →

A critical security vulnerability (CVE-2024-13918) in the Laravel framework allows attackers to execute arbitrary JavaScript code on websites running affected versions of the popular PHP framework.  The flaw, discovered in Laravel’s debug-mode error page rendering, exposes applications to reflected cross-site…

Read more →

Cybersecurity researchers at Trustwave have discovered a sophisticated malware campaign targeting Microsoft Outlook users to steal their login credentials. The Strela Stealer, named after the Russian word for “Arrow,” has been actively targeting systems since late 2022, with a precise…

Read more →

A federal jury convicted Davis Lu, a 55-year-old former software developer at Eaton Corp., on charges of intentionally crippling the company’s internal computer systems through malicious code designed to activate upon his termination.  The verdict, delivered Friday after a six-day…

Read more →

Medusa ransomware attacks have surged by 42% between 2023 and 2024, with activity continuing to escalate into 2025. Almost twice as many Medusa attacks were observed in January and February 2025 compared to the first two months of 2024, indicating…

Read more →

The Socket Research Team has discovered a sophisticated malicious PyPI package named ‘set-utils’ designed to steal Ethereum private keys from unsuspecting developers. This package, which has been downloaded over 1,000 times since January 29, 2025, disguises itself as a simple…

Read more →

A threat actor has surfaced on underground forums, allegedly offering tools designed to exploit Cisco VPNs via brute force and credential-checking attacks.  These tools, marketed as a “checker” and “bruteforcer,” are tailored to target Cisco VPN services, raising significant cybersecurity…

Read more →

A comprehensive study by Palo Alto Networks’ Unit 42 has revealed that 17 popular generative AI web applications remain vulnerable to various jailbreaking techniques. These vulnerabilities potentially allow malicious actors to bypass AI safety mechanisms to extract sensitive information or…

Read more →

Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated malware operation named ‘Phantom Goblin’ that employs deceptive social engineering techniques to distribute information-stealing malware. The attack begins with RAR file attachments containing malicious shortcut (LNK) files disguised as legitimate…

Read more →

SquareX’s research team has recently uncovered a sophisticated browser attack technique that allows malicious extensions to impersonate any extension installed on a victim’s browser. This newly discovered “polymorphic extension attack” creates pixel-perfect replicas of legitimate extensions’ icons, HTML popups, and…

Read more →

Cisco Talos recently uncovered a series of sophisticated cyberattacks exploiting a critical PHP vulnerability to compromise Windows machines. The malicious activities conducted by unknown attackers have been ongoing since January 2025, predominantly targeting organizations in Japan across various business sectors…

Read more →

A series of critical vulnerabilities in Thinkware’s F800 Pro dashcam has revealed systemic security flaws, including the exposure of user credentials in plain text, default authentication bypasses, and insecure data storage practices.  These issues, disclosed between November 2024 and March…

Read more →

A sophisticated information stealer known as Peaklight is actively targeting Windows users worldwide. This malware, identified on March 6, 2025, is designed to harvest sensitive information from compromised endpoints, creating significant risks for both individuals and organizations. Peaklight utilizes a…

Read more →

Cybersecurity researchers have identified a sophisticated ransomware campaign attributed to a North Korean threat actor dubbed “Moonstone Sleet.” The group has deployed an advanced custom ransomware strain targeting financial institutions and cryptocurrency exchanges across Southeast Asia and Europe, demonstrating evolving…

Read more →

The Apache Software Foundation has issued urgent patches for multiple high-severity vulnerabilities in Apache Traffic Server (ATS), its enterprise-grade caching proxy server. Four distinct flaws (CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, and CVE-2024-56202) enable threat actors to execute request smuggling attacks, bypass access…

Read more →

A sophisticated ransomware group called Akira has been responsible for approximately 15% of cybersecurity incidents in 2024. The threat actor has deployed novel techniques to bypass security defenses, most notably by exploiting unsecured webcams to circumvent Endpoint Detection and Response…

Read more →

Commvault, a global leader in enterprise data protection and management solutions, has urgently patched a high-severity webserver vulnerability that enables attackers to compromise systems by creating and executing malicious webshells.  The flaw affects multiple versions of Commvault’s software across Linux…

Read more →

A high-severity vulnerability CVE-2025-24043, remote code execution (RCE) through improper cryptographic signature validation in the SOS debugging extension.  The vulnerability affects critical .NET diagnostic packages including dotnet-sos, dotnet-dump, and dotnet-debugger-extensions, which are integral to .NET Core application debugging workflows. According…

Read more →