Tag: Cyber Security News

Zero Trust Architecture – A Step-by-Step Guide for CISOs

Zero Trust Architecture (ZTA) has emerged as a critical security framework for organizations facing sophisticated threats from both external and internal vectors. In today’s rapidly evolving digital landscape, traditional security perimeters have dissolved as cloud adoption accelerates and remote work…

Linux 6.15-rc3 Released With Fix for Multiple Kernel Fixes

Linus Torvalds has announced the availability of the third release candidate for Linux kernel 6.15, continuing the development cycle with a collection of incremental improvements and bug fixes across numerous subsystems.  This update brings stability enhancements while maintaining the regular…

Critical PyTorch Vulnerability Let Attackers Execute Remote Code

A critical vulnerability in PyTorch that allows attackers to execute malicious code remotely, even when using safeguards previously thought to mitigate such risks.  The vulnerability, identified as CVE-2025-32434, affects all PyTorch versions up to and including 2.5.1 and was patched…

Speed­i­fy VPN ma­cOS Vulnerability Let Attackers Escalate Privilege

A significant security vulnerability, tracked as CVE-2025-25364, was discovered in Speedify VPN’s macOS application, exposing users to local privilege escalation and full system compromise.  The flaw, uncovered by SecureLayer7, resides in the privileged helper tool me.connectify.SMJobBlessHelper, which is responsible for…

GitHub Enterprise Server Vulnerabilities Allows Arbitrary Code Execution

GitHub has issued urgent security updates for its Enterprise Server product after discovering multiple high-severity vulnerabilities, including a critical flaw (CVE-2025-3509) that allows attackers to execute arbitrary code and compromise systems. The vulnerabilities, which also expose sensitive repository data and…

The Impact of AI Regulations on Cybersecurity Strategy

Artificial Intelligence (AI) is transforming the cybersecurity landscape, offering both powerful tools for defense and new avenues for attack. As organizations increasingly adopt AI-driven solutions to detect threats, automate responses, and analyze vast amounts of data, governments and regulatory bodies…

New Gorilla Android Malware Intercept SMS Messages to Steal OTPs

A sophisticated new Android malware strain called “Gorilla” has emerged in the cybersecurity landscape, specifically designed to intercept SMS messages containing one-time passwords (OTPs). This malicious software operates stealthily in the background, exploiting Android’s permission system to gain access to…

How Companies Can Safeguard Against the Next Wave of Ransomware

Ransomware is not retreating it’s evolving. Once a niche cybercrime, ransomware has become a multibillion-dollar global threat that disrupts hospitals, banks, factories, and governments. In 2025, the threat continues to grow in scope and intensity, primarily driven by the ransomware-as-a-service…

Detecting And Responding To New Nation-State Persistence Techniques

Nation-state cyber threats have evolved dramatically over the past decade, with attackers employing increasingly sophisticated persistence techniques to maintain long-term access within targeted environments. These advanced persistent threats (APTs) are often orchestrated by government-backed groups with significant resources, making them…

How To Prioritize Threat Intelligence Alerts In A High-Volume SOC

In today’s rapidly evolving cyber threat landscape, Security Operations Centers (SOCs) face an unprecedented challenge: efficiently managing and prioritizing the overwhelming volume of security alerts they receive daily. SOC analysts often can’t read and respond to a significant portion of…

How to Implementing SOAR To Reduce Incident Response Time Effectively

In the modern digital landscape, organizations are constantly challenged by an ever-increasing volume of security alerts, sophisticated cyber threats, and the ongoing shortage of skilled cybersecurity professionals. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as a transformative solution…

How Generative AI is Changing Red Team Tactics

The rapid evolution of generative AI has fundamentally transformed the landscape of cybersecurity, especially in the context of red teaming. Traditionally, red teams have focused on simulating adversarial attacks to uncover vulnerabilities in networks, software, and infrastructure. However, the unpredictable…

Fortinet Ends SSL-VPN Support From 7.6.3 Onwards!

Fortinet has announced the complete removal of SSL VPN tunnel mode functionality in the upcoming FortiOS 7.6.3 release.  This change, affecting all FortiGate models regardless of size, marks the culmination of Fortinet’s gradual phase-out of SSL VPN that began with…

How To Use YARA Rules To Identify Financial Sector Targeted Attacks

The financial sector faces increasingly sophisticated cyber threats, with system intrusion remaining the leading attack pattern for the third consecutive year. Advanced Persistent Threat (APT) groups specifically target financial institutions using various tools, techniques, and procedures. YARA rules provide a…

Microsoft Vulnerabilities Hit Record High With 1,300+ Reported in 2024

Microsoft’s security landscape faced unprecedented challenges in 2024, with vulnerability reports soaring to an all-time high of 1,360 identified security flaws across the company’s product ecosystem. This alarming figure represents the highest number recorded since systematic tracking began, highlighting the…

Hackers Weaponize MMC Script to Deploy MysterySnail RAT Malware

A sophisticated cyberespionage campaign leveraging malicious Microsoft Management Console (MMC) scripts to deploy the stealthy MysterySnail remote access trojan (RAT).  First identified in 2021 during an investigation into the CVE-2021-40449 zero-day vulnerability, MysterySnail RAT had seemingly disappeared from the cyber…

Top Security Frameworks Used by CISOs in 2025

In today’s rapidly evolving digital landscape, Chief Information Security Officers (CISOs) face unprecedented challenges as cyber threats grow in sophistication and frequency. The year 2025 has witnessed a significant shift in how organizations approach cybersecurity, with CISOs stepping out of…

The Future of GRC – Integrating ESG, Cyber, and Regulatory Risk

The future of GRC (Governance, Risk, and Compliance) is being reshaped as organizations navigate complex challenges at the crossroads of sustainability, digital security, and regulatory oversight. Traditional GRC frameworks that treated these domains as separate functions are rapidly becoming obsolete.…

Why Threat Modeling Should Be Part of Every Security Program

In today’s hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology that helps organizations systematically identify, evaluate, and prioritize potential security threats before they manifest. This…

LummaStealer Abuses Windows Utility to Execute Remote Code Mimic as .mp4 File

LummaStealer, a sophisticated information-stealing malware distributed as Malware-as-a-Service (MaaS), has evolved with new evasion techniques that abuse legitimate Windows utilities. Originally observed in 2022 and developed by Russian-speaking adversaries, this malware has demonstrated remarkable agility in evading detection while targeting…

China Plans to Strengthen Its Cybersecurity Cooperation With Russia

Chinese Ambassador to Russia Zhang Hanhui has officially announced Beijing’s intention to strengthen strategic cooperation with Moscow in cybersecurity, signaling a significant expansion of the two nations’ digital partnership.  The announcement comes as both countries seek to counter what they…

Security Teams Shrink as Automation Rises—Is This the Future?

In today’s fast-evolving cybersecurity landscape, a significant shift is taking place. As organizations adopt automation to manage traditional security tasks, security teams are noticeably shrinking; automation trims security teams. This shift represents more than cost-cutting; it reflects a fundamental reimagining…

How to Prepare for Your Next Cybersecurity Audit

In today’s hyper-connected business world, cybersecurity audits are not just a regulatory requirement but a vital component of organizational risk management and digital trust. The frequency and sophistication of cyber threats are rising, as are customers’, partners’, and regulators’ expectations.…

Hackers Attacking Investors Via Fraud Networks to Steal Financial Data

A sophisticated cybercriminal campaign targeting Indian investors through fraudulent stock and cryptocurrency schemes has escalated, with hackers leveraging social engineering, fake mobile applications, and compromised government websites to steal financial data. These attacks exploit the rapid growth of digital investment…

The Psychology of Social Engineering – What Security Leaders Should Know

Social engineering remains one of the most persistent threats to organizational security because it targets human psychology rather than technological vulnerabilities. Unlike conventional cyber threats that exploit technical weaknesses, social engineering manipulates the fundamental psychological traits that make us human.…

Securing Digital Identities – Best Practices for CISOs

In the digital age, the security of digital identities has become a defining challenge for organizations worldwide. As businesses embrace cloud computing, remote work, and interconnected ecosystems, digital identities representing users, devices, and applications have become prime targets for cybercriminals.…

CISA Provides Last-Minute Support to Keep CVE Program Running

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with MITRE Corporation, ensuring the uninterrupted operation of the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of global cybersecurity that was hours away from losing federal funding.…

Securing SaaS Applications – Best Practices for CISO Oversight

As organizations increasingly migrate to cloud-based software solutions, Chief Information Security Officers (CISOs) face the complex challenge of securing Software as a Service (SaaS) applications across their enterprise. The rapid adoption of SaaS has created a dynamic security landscape in…

Automating Threat Intelligence: Tools And Techniques For 2025

As cyber threats continue to grow in both scale and sophistication, organizations in 2025 are increasingly relying on automation to transform their threat intelligence (TI) operations. Automated threat intelligence leverages artificial intelligence (AI), machine learning (ML), and orchestration platforms to…

CVE Foundation Launched To Ensure Long-term Vulnerability Tracking

The newly established CVE Foundation has been formally launched to safeguard the long-term continuity, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. This move comes as the CVE Program, a 25-year foundational pillar of cybersecurity, faces unprecedented…

Hackers Abuse Node.js to Deliver Malware – Microsoft Warns

Attackers are increasingly exploiting Node.js, a widely trusted, open-source JavaScript runtime, to deliver sophisticated malware, steal sensitive data, and compromise entire systems.  Recent campaigns observed since late 2024 have showcased a shift in attacker tactics. They leverage Node.js both for direct script…

Why Phishing Remains the #1 Cyber Threat & How to Stop It

Phishing is the most prevalent and damaging cyber threat facing organizations and individuals worldwide. Despite technological advancements in cybersecurity, phishing attacks have persisted and evolved, exploiting human psychology and digital defense gaps. Phishing’s simplicity, adaptability, and high success rate make…

Motorious 4chan Forum Hacked and the Internal Data Leaked

The notorious online message board 4chan experienced a significant security breach, with hackers reportedly accessing and leaking sensitive internal data including source code, moderator information, and administrative tools.  The site was taken offline for several hours as administrators attempted to…

Why Threat Intelligence is Crucial for Modern Cyber Defense

As cyberattacks become more sophisticated and frequent, organizations face unprecedented risks to their digital assets, reputations, and operational continuity. Cybercrime costs are rising rapidly, underscoring the urgent need for proactive defense mechanisms. Threat intelligence has emerged as a critical tool…