IT Security News

Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks…

Read more →

A sophisticated phishing campaign targeting UK citizens has emerged, masquerading as official communications from the Department for Work and Pensions (DWP) to steal sensitive financial information. The campaign, which has been active since late May 2025, represents a significant escalation…

Read more →

A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework.  The issue affects all variants of Lenovo machines running default Windows…

Read more →

Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis.  This practice represents a significant departure from industry standards, where…

Read more →

Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving…

Read more →

Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage…

Read more →

The cybercriminal group known as Scattered Spider has significantly evolved its attack methodologies, demonstrating alarming sophistication in exploiting legitimate administrative tools to maintain persistent access to compromised networks. Also tracked under aliases including UNC3944, Scatter Swine, and Muddled Libra, this…

Read more →

Cybersecurity researchers have discovered a sophisticated attack technique that exploits Microsoft Azure Arc deployments to gain persistent access to enterprise environments. The research, conducted during recent red team operations, reveals how adversaries can leverage misconfigured Azure Arc installations to escalate…

Read more →

Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software…

Read more →

A new wave of cyberattacks is targeting organizations that inadvertently expose Java Debug Wire Protocol (JDWP) servers to the internet, with attackers leveraging this overlooked entry point to deploy sophisticated cryptomining malware. JDWP, a standard feature in the Java platform,…

Read more →

Key Takeaways1. Next.js versions 15.1.0-15.1.8 have a cache poisoning bug causing DoS attacks through blank page delivery.2. Needs affected Next.js version + ISR with cache revalidation + SSR with CDN caching 204 responses.3. Race condition allows HTTP 204 responses to…

Read more →