Tag: Cyber Security News

A cyber attack leveraging Check Point’s patched CVE-2024-24919 vulnerability has targeted organizations across Europe, Africa, and the Americas. Security analysts have observed direct linkages to Chinese state-sponsored threat actors.  The intrusion chain, which deploys the ShadowPad backdoor and NailaoLocker ransomware,…

Read more →

A critical vulnerability tracked as CVE-2024-48248, has been discovered in the Nakivo Backup & Replication tool, exposing systems to unauthenticated arbitrary file read attacks. Security researchers from watchTowr Labs disclosed the flaw, which affects version 10.11.3.86570 and potentially earlier versions…

Read more →

Ping Identity has issued an urgent security advisory for its PingAM Java Agent, revealing a critical severity vulnerability (CVE-2025-20059) that enables attackers to bypass policy enforcement mechanisms and gain unauthorized access to protected resources.  The flaw, classified as a Relative…

Read more →

A surge in “Pass-the-Cookie” (PTC) attacks is undermining multi-factor authentication (MFA), enabling cybercriminals to hijack session cookies and bypass security measures to access sensitive accounts. Recent advisories from the FBI and cybersecurity firms highlight how attackers exploit stolen browser cookies…

Read more →

Security researchers have uncovered a new campaign leveraging the Njrat remote access trojan (RAT) to abuse Microsoft’s developer-oriented Dev Tunnels service for covert command-and-control (C2) communications.  Historically associated with credential theft and USB-based propagation, the malware now utilizes Microsoft’s infrastructure…

Read more →

A new variant of the Poco RAT malware has emerged as a significant threat to Spanish-speaking organizations across Latin America, leveraging sophisticated PDF decoys and cloud-based delivery systems to infiltrate networks and exfiltrate sensitive data.  Linked to the cyber-mercenary group…

Read more →

Telegram remains the undisputed leader in cybercriminal communications, with recent analysis revealing over 80 million unique identifiers and links to Telegram channels shared across underground forums, a figure exceeding competitors like Discord (2.8 million links) and Session (450,000 IDs).  While…

Read more →

Lynx, a new ransomware variant, has been rising through the ranks of cyber threats since its initial release in mid-2024.   Operating under a Ransomware-as-a-Service (RaaS) model, Lynx targets organizations globally through double extortion campaigns, combining file encryption with systematic data…

Read more →

A sophisticated malware operation exploiting GitHub’s repository system has been uncovered, leveraging fake software cracks and gaming mods to deploy the Redox information stealer across 1,100+ repositories.  The campaign utilizes social engineering tactics and code obfuscation to harvest sensitive credentials,…

Read more →

A sophisticated botnet operation has compromised 1.6 million Android TV devices across 226 nations, leveraging advanced domain generation algorithms and cryptographic evasion techniques to create the largest known IoT threat since the 2016 Mirai attacks.  Dubbed Vo1d, this operation represents…

Read more →

Web filtering solutions involve monitoring and filtering internet traffic to prevent users from accessing specific websites, applications, or types of content that may be deemed inappropriate, unsafe, or non-compliant with organizational guidelines. Web filtering solutions are crucial in managing and…

Read more →

A study published ahead of NDSS 2025 revealed a critical vulnerability in China’s Great Firewall (GFW) DNS injection subsystem, called Wallbleed, which allowed sensitive memory data leaks for over two years before being patched in March 2024. The flaw exposed…

Read more →

Since late 2024, a sophisticated phishing operation leveraging 260 domains to host over 5,000 weaponized PDF files has targeted users across North America, Asia, and Southern Europe.  The campaign employs fake CAPTCHA screens, search engine optimization (SEO) poisoning, and PowerShell-based…

Read more →

A recent analysis uncovered 11,908 live DeepSeek API keys, passwords, and authentication tokens embedded in publicly scraped web data. According to cybersecurity firm Truffle Security, the study highlights how AI models trained on unfiltered internet snapshots risk internalizing and potentially…

Read more →

Dynamic malware analysis tools are critical for detecting and understanding modern cyber threats. These tools execute suspicious software in isolated environments to monitor its behavior, such as file modifications, network activity, or registry changes. Below is a list of the…

Read more →

Microsoft has addressed a significant issue affecting users of classic Outlook on devices running Windows 11, version 24H2. After installing recent Windows updates, including the January 2025 non-security preview update (KB5050094) and the February 11, 2025 update (KB5051987), many users…

Read more →

A cross-site scripting (XSS) vulnerability within the Krpano framework, a popular tool for embedding 360° images and creating virtual tours, has been exploited to inject malicious scripts into over 350 websites. This widespread campaign manipulates search engine results and spreads…

Read more →

A recent surge in user reports has revealed that Google’s Android System SafetyCore—a system service designed to enable on-device content scanning—has been silently installed on Android devices running Android 9 and later since October 2024.  The app, identified by the…

Read more →

The Open Source Security Foundation (OpenSSF) has launched the Open Source Project Security Baseline (OSPS Baseline), a tiered framework designed to standardize security practices for Linux and other open-source projects.  This initiative, aligned with global cybersecurity regulations like the EU…

Read more →

A new wave of phishing attacks impersonating Japanese electronics retail giant Yodobashi Camera has emerged, leveraging urgency and brand trust to steal customer credentials. Cybersecurity firm Symantec reported the campaign, which uses emails titled “Yodobashi.com: ‘Customer Information’ Change Request Notification”…

Read more →

A new attack dubbed nRootTag has exposed over 1.5 billion Apple devices, including iPhones, iPads, Apple Watches, and Macs, to covert tracking by malicious actors.  To be Detailed in a forthcoming USENIX Security Symposium 2025 paper by researchers Junming Chen,…

Read more →

Cisco Systems has issued a critical security advisory addressing a command injection vulnerability in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode.  Designated as CVE-2025-20161, the flaw allows authenticated local attackers with administrative privileges to execute…

Read more →

A major development in wireless security research has revealed a sophisticated Wi-Fi jamming technique capable of disabling individual devices with millimeter-level precision, leveraging emerging Reconfigurable Intelligent Surface (RIS) technology. Developed by researchers at Ruhr University Bochum and the Max Planck…

Read more →

Authorities arrested a prolific hacker responsible for over 90 data breaches across 65 organizations in the Asia-Pacific region and 25 additional global targets.  The cybercriminal, operating under aliases ALTDOS, DESORDEN, GHOSTR, and 0mid16B, exfiltrated 13 terabytes of sensitive data between…

Read more →

A North Korea-aligned cybercriminal campaign dubbed DeceptiveDevelopment has been targeting freelance software developers through fake job interviews since early 2024. Posing as recruiters on platforms like LinkedIn, Upwork, and cryptocurrency-focused job boards, attackers lure victims with promising job opportunities or…

Read more →

Enterprises require robust network security solutions to protect against evolving cyber threats and ensure the safety of sensitive data. Leading solutions include Palo Alto Networks, Fortinet, Cisco Secure, and Check Point, among others. Palo Alto Networks excels with its AI-driven…

Read more →

GitLab has issued a security advisory warning of multiple high-risk vulnerabilities in its DevOps platform, including two critical Cross-Site Scripting (XSS) flaws enabling attackers to bypass security controls and execute malicious scripts in user browsers.  The vulnerabilities – tracked as…

Read more →

A critical security vulnerability in LibreOffice (CVE-2025-0514) has been patched after researchers discovered that manipulated documents could bypass safeguards and execute malicious files on Windows systems. The flaw, rated 7.2 on the CVSS v4.0 scale, exposes users to potential remote…

Read more →

GreyNoise has confirmed active exploitation of 23 out of 62 vulnerabilities referenced in internal chat logs attributed to the Black Basta ransomware group. These vulnerabilities span enterprise software, security appliances, and widely deployed web applications, with several critical flaws exploited…

Read more →

Cisco has released a security advisory addressing a vulnerability in its Nexus 3000 and 9000 Series Switches that could allow attackers to trigger a denial-of-service (DoS) condition. The vulnerability found in the health monitoring diagnostics of the switches could lead…

Read more →

Phishing kit attacks have become a pervasive threat in cybersecurity landscapes, lowering the barrier to entry for cybercriminals and enabling even low-skilled actors to launch sophisticated campaigns. These kits contain pre-built templates, data-harvesting scripts, and evasion tools designed to mimic…

Read more →

Check Point Research (CPR) has uncovered a sophisticated cyber campaign exploiting a Windows driver signing policy loophole to disable security tools and deploy malware across thousands of systems since June 2024. Attackers leveraged 2,500+ modified variants of the vulnerable Truesight.sys…

Read more →

A cybercriminal operating under the alias “Vanger” has surfaced on underground forums, offering a purported zero-day exploit targeting VMware ESXi hypervisors. The exploit claimed to enable virtual machine escape (VME), is being marketed at a steep price of $150,000. If…

Read more →

A critical DNS misconfiguration in Microsoft Entra ID (formerly Azure Active Directory) disrupted authentication services globally for nearly 90 minutes on February 25, 2025, affecting organizations relying on Seamless Single Sign-On (SSO) and Microsoft Entra Connect Sync.  The outage stemmed…

Read more →

A critical set of 20 vulnerabilities in GRUB2, the ubiquitous bootloader underpinning most Linux distributions and Unix-like systems, has exposed millions of devices to potential secure boot bypass, remote code execution, and persistent firmware-level attacks.  These flaws (CVSS scores up…

Read more →

Genea, one of Australia’s largest IVF providers, has confirmed that an unauthorized third party accessed its systems, potentially compromising sensitive patient data.  The breach has left thousands of patients uncertain about their treatment schedules and medication plans, as critical digital…

Read more →

The MITRE Corporation has unveiled a groundbreaking evaluation framework designed to quantify the risks posed by large language models (LLMs) in offensive cyber operations (OCO).  Dubbed OCCULT (Operational Evaluation Framework for Cyber Security Risks in AI), the methodology aims to…

Read more →

Orange Communication data breach was claimed by a threat actor using the pseudonym “Rey,” who was responsible for leaking 380,000 email records and sensitive corporate data on a dark web forum.  The alleged breach, disclosed earlier this week, includes source…

Read more →

A sophisticated phishing campaign targeting Amazon Prime users has emerged, leveraging counterfeit renewal notifications to harvest login credentials, payment details, and personal verification data. Discovered by the Cofense Phishing Defense Center (PDC) on February 18, 2025, the attack employs multi-stage…

Read more →

Critical vulnerabilities in the Rsync file synchronization tool enable attackers to execute arbitrary code on vulnerable servers, exfiltrate sensitive data, and bypass critical security controls.  The vulnerabilities affect Rsync version 3.2.7 and earlier, with proof-of-concept exploits already demonstrating remote code…

Read more →

A critical security vulnerability in the Essential Addons for Elementor plugin (CVE-2025-24752) has put over two million WordPress websites at risk of cross-site scripting (XSS) attacks.  The vulnerability discovered in the plugin’s handling of user inputs allowed attackers to inject…

Read more →

Have I Been Pwned (HIBP) has incorporated 284 million email addresses compromised by information-stealer malware into its breach notification service. The data originates from a 1.5TB corpus of stealer logs dubbed “ALIEN TXTBASE”, marking one of the largest malware-related dataset…

Read more →

A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched and vulnerable to remote code execution (RCE) attacks. This flaw, with a CVSS score of 9.9, is categorized as a stack-based buffer overflow…

Read more →

DISA Global Solutions, a leading provider of employment screening services, has confirmed a massive data breach exposing sensitive information of approximately 3.3 million individuals.  The incident, classified as an external system breach (CVE pending), occurred between February 9 and April…

Read more →

A recent discovery has unveiled a sophisticated and fully undetected batch script capable of delivering the powerful malware families XWorm and AsyncRAT.  This script, which remained undetected on VirusTotal for over two days, employs advanced obfuscation techniques and leverages PowerShell…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on February 25, 2025, confirming that threat actors are actively exploiting a critical privilege escalation vulnerability in Microsoft’s Partner Center platform (CVE-2024-49035). The improper access control flaw, which…

Read more →

Cybersecurity companies are at the forefront of protecting digital systems, networks, and sensitive data from unauthorized access, malicious attacks, and other cyber threats. As technology continues to advance and the digital landscape expands, the importance of cybersecurity has grown exponentially.…

Read more →

A sophisticated malware campaign dubbed “GitVenom” has exploited GitHub’s open-source ecosystem to distribute malicious code through thousands of fraudulent repositories, targeting developers seeking automation tools, cryptocurrency utilities, and gaming hacks. The campaign, active since at least 2023, employs advanced social…

Read more →

A sophisticated threat cluster tracked as UAC-0212 has escalated efforts to compromise critical infrastructure systems in Ukraine, according to a recent advisory from CERT-UA (Government Computer Emergency Response Team of Ukraine). These attacks, active since July 2024, focus on energy,…

Read more →

A coordinated campaign involving at least 16 malicious Chrome extensions infected over 3.2 million users worldwide, leveraging browser security vulnerabilities to execute advertising fraud and search engine optimization manipulation. Discovered by GitLab Threat Intelligence in February 2025, these extensions, ranging…

Read more →

A recent study from a team of cybersecurity researchers has revealed severe security flaws in commercial-grade Large Reasoning Models (LRMs), including OpenAI’s o1/o3 series, DeepSeek-R1, and Google’s Gemini 2.0 Flash Thinking. The research introduces two key innovations: the Malicious-Educator benchmark…

Read more →

In an era where open-source collaboration drives software innovation, a sophisticated cyber campaign dubbed GitVenom has emerged as a critical threat to developers.  Security researchers have uncovered over 200 malicious GitHub repositories designed to distribute information stealers and remote access…

Read more →

A newly disclosed vulnerability in the GRUB2 bootloader’s read command (CVE-2025-0690) has raised concerns about potential Secure Boot bypasses and heap memory corruption in Linux systems.  Red Hat Product Security rates this integer overflow flaw as moderately severe. It could…

Read more →

In a transformative move for smartphone longevity, Qualcomm Technologies, Inc., and Google have announced a collaboration to enable eight years of Android software and security updates for devices powered by Snapdragon mobile platforms.  This initiative, targeting smartphones launching with the…

Read more →

A critical server-side request forgery (SSRF) vulnerability (CVE-2025-27090) has been identified in the Sliver C2 framework’s teamserver implementation, enabling attackers to establish unauthorized TCP connections through vulnerable servers. Affecting versions 1.5.26 through 1.5.42 and pre-release builds below commit Of340a2, this…

Read more →

A newly uncovered technique allows threat actors to bypass Microsoft Outlook’s spam filtering mechanisms, enabling the delivery of malicious ISO files through seemingly benign email links.  This vulnerability exposes organizations to increased risks of phishing and malware attacks, particularly when…

Read more →

Researchers have disclosed KernelSnitch, a novel side-channel attack exploiting timing variances in Linux kernel data structures, achieving covert data transmission rates up to 580 kbit/s and enabling website fingerprinting with 89% accuracy.  The attack targets four critical container types: fixed/dynamic…

Read more →

A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been identified in all versions of MITRE Caldera prior to commit 35bc06e, exposing systems to potential compromise via unauthenticated attackers.  The flaw resides in the dynamic compilation mechanism of Caldera’s Sandcat…

Read more →

Security researchers from MASSGRAVE have unveiled TSforge, a groundbreaking tool exploiting vulnerabilities in Microsoft’s Software Protection Platform (SPP) to activate every version of Windows from Windows 7 onward, including Office suites and add-ons. This exploit marks the first successful direct…

Read more →

Security researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated malware campaign distributing the LummaC2 information stealer disguised as a cracked version of Total Commander, a popular file management tool for Windows. The operation targets users seeking unauthorized…

Read more →

Event monitoring tools are software solutions designed to track, analyze, and manage events across various systems, applications, or environments. These tools are widely used in IT operations, security monitoring, application performance management, and even live event tracking. They help organizations…

Read more →

A malicious campaign targeting Cisco networking equipment through two critical vulnerabilities, with state-backed actors and other actors exploiting unpatched systems. GreyNoise Intelligence has identified 110 malicious IPs actively exploiting CVE-2023-20198, a privilege escalation flaw in Cisco IOS XE devices. There…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding CVE-2024-20953, a high-severity deserialization vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software that is being actively exploited in the wild. Added to CISA’s Known Exploited Vulnerabilities…

Read more →

A sophisticated cybercriminal campaign leveraging stolen browser fingerprints to bypass fraud detection systems and impersonate legitimate users has been uncovered by cybersecurity researchers. Dubbed ScreamedJungle, the threat actor has been exploiting vulnerabilities in outdated Magento e-commerce platforms since May 2024…

Read more →

The Australian government has mandated the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage.  Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the…

Read more →

A sophisticated Android malware campaign dubbed “SpyLend” has infiltrated the Google Play Store, masquerading as a financial utility app to target Indian users. Disguised as “Finance Simplified” (package: com.someca.count), the app has amassed over 100,000 downloads since February 2025, leveraging…

Read more →

When it comes to protecting your website from cyber threats, Web Application Firewalls (WAF) are an essential part of the security infrastructure. Two popular options in the market are SafeLine and CloudFlare, each with its own strengths and weaknesses. In…

Read more →

A new malware strain dubbed GhostSocks is leveraging SOCKS5 backconnect proxies to bypass anti-fraud mechanisms and geographic restrictions, according to a report by cybersecurity firm Infrawatch. The Golang-based malware, first advertised on Russian-language forums in October 2023, has recently expanded…

Read more →

Apple has taken the unprecedented step of disabling its Advanced Data Protection (ADP) feature for UK users after the British government invoked surveillance laws to demand access to encrypted iCloud data.  The move, effective on 21 February 2025, marks the…

Read more →

Security researchers have uncovered alarming vulnerabilities in Eight Sleep’s internet-connected smart beds that could allow attackers to infiltrate home networks and compromise connected devices.  According to cybersecurity expert Dylan Ayrey, the $2,000 temperature-regulating sleep system has a Secure Shell (SSH)…

Read more →

A significant cybersecurity threat has emerged as the BIG SHARK Android Remote Access Trojan (RAT), a cracked version of the infamous Craxs 7.6 RAT, has been leaked online.  This development highlights the evolving risks posed by malicious actors exploiting Android…

Read more →

A sophisticated cyberespionage campaign leveraging the FatalRAT remote access trojan (RAT) is targeting industrial organizations across the Asia-Pacific (APAC) region, according to a Kaspersky ICS CERT report. The attackers, suspected to be Chinese-speaking threat actors, employ a multi-stage infection chain…

Read more →

A sophisticated phishing operation leveraging OpenAI’s ChatGPT branding has targeted over 12,000 users across North America and Europe.  The campaign impersonates ChatGPT subscription renewal notices to harvest login credentials and payment details, exploiting the platform’s restricted access model for GPT-4…

Read more →

In a high-profile security breach, decentralized finance protocol @0xinfini suffered a $49.5 million USDC theft, marking one of the largest stablecoin exploits of the year.  The attacker executed a multi-stage laundering operation, converting stolen USDC to DAI, purchasing 17,696 ETH…

Read more →

The Wireshark Foundation has released version 4.4.4 of its widely used network protocol analyzer, addressing a high-severity vulnerability that could allow attackers to trigger denial-of-service (DoS) conditions by injecting malicious packets. The update resolves CVE-2025-1492, a flaw in the Bundle…

Read more →

DeepSeek has launched FlashMLA, a groundbreaking Multi-head Latent Attention (MLA) decoding kernel optimized for NVIDIA’s Hopper GPU architecture, marking the first major release of its Open Source Week initiative. This innovative tool achieves unprecedented performance metrics of 3000 GB/s memory…

Read more →

A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems.  All versions of Parallels Desktop, including the most recent 20.2.1 (55876), are vulnerable to the…

Read more →

A sophisticated ransomware attack leveraging a critical Atlassian Confluence vulnerability (CVE-2023-22527, CVSS 10.0) has been uncovered, culminating in the deployment of LockBit Black ransomware across enterprise networks within two hours of initial compromise. The attackers orchestrated a multi-stage intrusion involving…

Read more →

Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.  The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN…

Read more →

The term “DevOps” is a combination of the words “development” and “operations.” Promoting the development and operation processes collectively is a cultural requirement. A single team can now manage the entire application lifecycle, including development, testing, deployment, and operations.  System…

Read more →

Ubiquiti Networks has issued an urgent security advisory addressing five critical vulnerabilities in its UniFi Protect camera ecosystem, including two flaws enabling unauthenticated remote code execution (RCE) attacks.  The vulnerabilities, discovered during the 2025 Pwn2Own Toronto hacking competition and disclosed…

Read more →

Attackers infiltrated Bybit Exchange’s Ethereum cold wallet infrastructure to steal $1.46 billion in digital assets through sophisticated interface manipulation and social engineering tactics. The incident represents the largest theft from a centralized crypto exchange since Mt. Gox’s 2014 collapse, exposing…

Read more →

Ransomware is essential to stay vigilant and protect your devices and systems by keeping software up to date, using anti-virus software, avoiding opening attachments or links from unknown sources, and regularly backing up important data. Ransomware is malware that encrypts…

Read more →

Penetration testing, or “pentesting,” is a cybersecurity practice where ethical hackers simulate cyberattacks to identify vulnerabilities in systems, networks, or applications. It helps organizations uncover weaknesses before malicious actors exploit them, enhancing their security posture. Penetration testing includes various types…

Read more →

Email is one of the most widely used forms of online communication. It is sent and received through a client program, such as Microsoft Outlook, Gmail, or a web-based interface.  Email is a popular communication technique, but it may not…

Read more →

A new AI-powered chatbot, BlackBastaGPT, trained on over 1 million leaked internal messages from the Black Basta ransomware gang. Hudson Rock released the tool just days after the unprecedented data breach. It enables researchers to dissect the group’s operations, financial…

Read more →

Cisco Talos has uncovered a sophisticated cyberespionage campaign by the state-aligned “Salt Typhoon” group targeting U.S. telecommunications infrastructure since late 2024. While credential theft remains their primary entry method, researchers confirmed exploitation of Cisco’s CVE-2018-0171 Smart Install Remote Code Execution…

Read more →

A critical security flaw in Sitevision CMS versions 10.3.1 and older has exposed SAML authentication signing keys, enabling potential authentication bypass and session hijacking. The vulnerability, tracked as CVE-2022-35202, stems from weak auto-generated passwords protecting Java keystores, which could be…

Read more →

A newly identified malware variant dubbed ACRStealer has been observed leveraging Google Docs as a command-and-control (C2) server to bypass traditional security defenses and harvest sensitive login credentials. This sophisticated attack vector exploits the trusted reputation of Google’s infrastructure to…

Read more →

Chinese cybersecurity authorities have alleged that the U.S. National Security Agency (NSA) breached Northwestern Polytechnical University (NPU), a leading institution in aerospace and defense research, in a multi-year cyber espionage campaign. According to joint reports published on February 18, 2025,…

Read more →

The darcula phishing group has escalated cybercrime capabilities with its newly unveiled “darcula-suite 3.0,” a phishing-as-a-service (PhaaS) platform enabling criminals to automatically generate counterfeit websites for any brand within minutes. This tool represents a paradigm shift in cybercrime efficiency, leveraging…

Read more →

The CL0P ransomware group has intensified attacks on critical infrastructure sectors, with telecommunications and healthcare organizations worldwide reporting mass data breaches and system encryption. Leveraging a zero-day vulnerability in Cleo integration software (CVE-2024-50623), the threat actors have compromised over 80…

Read more →

The financial sector remains a prime target for cybercriminals and state-sponsored groups, with 2024 witnessing a surge in sophisticated attacks exploiting zero-day vulnerabilities, supply chain weaknesses, and advanced malware. Threat actors are increasingly adopting collaborative models, including Initial Access Brokers…

Read more →

Security researchers at Palo Alto Networks’ Unit 42 have uncovered a resurgence of the modular Bookworm malware in cyberattacks targeting government and diplomatic entities across Southeast Asia. The activity, attributed to the Chinese state-aligned threat actor Stately Taurus (also tracked…

Read more →

Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-0282) affecting its Connect Secure VPN appliances. This vulnerability, caused by improper handling of the strncpy function in the web server component, allowed attackers to execute arbitrary code remotely. JPCERT/CC confirmed multiple exploitation…

Read more →

Pegasus spyware, once considered a tool for targeting journalists and activists—is now being deployed against executives in the private sector, including finance, real estate, and logistics.  In a December 2024 investigation, 11 new Pegasus infections were detected among 18,000 devices…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) issued seven Industrial Control Systems (ICS) advisories detailing critical vulnerabilities in widely used systems.  These advisories highlight critical vulnerabilities in ICS products from major vendors such ABB, Carrier, Siemens and Mitsubishi Electric, providing…

Read more →

Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw allows authenticated administrators to execute arbitrary commands on…

Read more →

RedTeamPentesting has unveiled a new tool, keycred, which offers a robust solution for managing KeyCredentialLinks in Active Directory (AD) environments. This command-line interface (CLI) tool and library implements the KeyCredentialLink structures as defined in section 2.2.20 of the Microsoft Active…

Read more →

A GitHub repository titled Windows-WiFi-Password-Stealer has surfaced, raising concerns among cybersecurity professionals.  This repository, hosted by the user “cyberthirty,” provides a Python-based script capable of extracting saved WiFi credentials from Windows systems and saving them to a text file.  While…

Read more →