The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. Once considered a singular entity, Lazarus has evolved into a network of specialized subgroups with overlapping tactics,…
Tag: Cyber Security News
Cannon Printer Vulnerability Let Attackers Execute Arbitrary Code
Canon has issued a critical security advisory regarding a severe vulnerability detected in several of its printer drivers that could allow attackers to execute arbitrary code on affected systems. The flaw, identified as CVE-2025-1268, carries a high-severity CVSS base score…
Technical Analysis Published for OpenSSH’s Agent Forwarding RCE Vulnerability
Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH’s agent forwarding feature that was disclosed in July 2023. The Qualys Threat Research Unit discovered the vulnerability, which affected all OpenSSH…
New Ubuntu Security Bypasses Allow Attackers to Exploit Kernel Vulnerabilities
Three critical bypasses in Ubuntu Linux’s unprivileged user namespace restrictions allow local attackers to escalate privileges and exploit kernel vulnerabilities. These bypasses affect Ubuntu 23.10 and 24.04 LTS systems, where AppArmor-based protections were introduced to limit namespace misuse. While not…
Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System
Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform other malicious activities without authentication. Security…
CrushFTP Vulnerability Exploited to Gain Full Server Access
A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, which affects versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, received a CVSS score of…
ClickFake Interview – Lazarus Hackers Exploit Windows and macOS Users Fake Job Campaign
The Lazarus Group, a North Korean state-sponsored hacking collective, has launched a new campaign dubbed ClickFake Interview, targeting job seekers in the cryptocurrency industry. This malicious operation uses fake job interview websites to deploy a Go-based backdoor, known as GolangGhost,…
Earth Alux Hackers Employ VARGIET Malware to Attack Organizations
The cybersecurity landscape has been disrupted by Earth Alux, a China-linked advanced persistent threat (APT) group actively conducting espionage operations since the second quarter of 2023. Initially targeting the Asia-Pacific region, the group expanded its operations to Latin America by…
Hewlett Packard RCE Vulnerability Allows Attackers to Bypass Authentication and Execute Remote Commands
A critical unauthenticated remote code execution vulnerability (CVE-2024-13804) has been discovered in HPE Insight Cluster Management Utility (CMU) v8.2, enabling attackers to bypass authentication mechanisms and execute commands with root privileges on the backend server. This high-severity vulnerability affects a…
Microsoft Removes bypassnro.cmd in Windows 11 Insider To Stop Users from Installing OS Without MS Account
Microsoft has taken a decisive step in its latest Windows 11 Insider Preview Build 26200.5516 by removing the bypassnro.cmd script, effectively closing a loophole that allowed users to install Windows 11 without connecting to the internet or signing in with…
DarkCloud – An Advanced Stealer Malware Selling Via Telegram To Steal Data From Windows
DarkCloud is a sophisticated stealer malware that emerged in 2022, quickly positioning itself as one of the most prevalent threats in its category. This Windows-targeting malware has evolved significantly to extract sensitive information including browser data, FTP credentials, screenshots, keystrokes,…
Konni RAT Exploit Windows Explorer To Launches a Multi-Stage Attack in Windows
The notorious Konni RAT (Remote Access Trojan) has evolved to leverage a sophisticated Windows Explorer exploitation technique, enabling attackers to execute multi-stage attacks with enhanced stealth capabilities. This malware, historically linked to North Korean threat actors, has been observed targeting…
Threats Actors Hide Malware in WordPress Websites to Execute Code Remotely
Recent discoveries have uncovered a concerning trend where threat actors are strategically concealing malicious code within WordPress websites’ mu-plugins directory. This directory is particularly valuable for attackers as it loads automatically with WordPress, making detection and removal more challenging. The…
Russian Hackers Using Russia-Based Bulletproof Network to Switch Network Infrastructure
Russian-aligned hacking groups UAC-0050 and UAC-0006 have been observed switching their network infrastructure through bulletproof hosting providers, enabling persistent campaigns against Ukrainian entities and their international allies. These threat actors conducted financially-motivated and espionage operations throughout late 2024 and early…
Triton RAT Leveraging Telegram To Remotely Access & Control Systems
A sophisticated Python-based Remote Access Tool (RAT) named Triton has emerged as a significant threat, utilizing Telegram as its command and control infrastructure. This malware enables attackers to remotely access and control compromised systems, with particular emphasis on harvesting Roblox…
20 Best Remote Monitoring Tools – 2025
Remote monitoring tools are essential for managing and maintaining the health and performance of IT infrastructure and systems. Remote monitoring tools provide continuous oversight of network devices, servers, applications, and other critical components from a remote location. These tools help…
Daisy Cloud Hacker Group Exposed 30K Login Credentials Across a Wide Range of Services
A significant cybersecurity breach has been uncovered involving the hacker group known as “Daisy Cloud,” which has exposed more than 30,000 login credentials spanning numerous digital services. The threat actors have been operating a sophisticated credential marketplace on Telegram since…
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware
Cybercriminals recently leveraged a fake Zoom installer to deploy BlackSuit ransomware across an enterprise network. The attack began when an unsuspecting victim visited a malicious website mimicking Zoom’s official download page (zoommanager[.]com), where they downloaded what appeared to be a…
Critical PHP Vulnerability Let Hackers Bypass the Validation To Load Malicious Content
A critical vulnerability in PHP’s libxml streams has been identified, potentially impacting web applications that rely on the DOM or SimpleXML extensions for HTTP requests. The flaw, tracked as CVE-2025-1219, involves the incorrect handling of the content-type header when a…
TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials
A newly discovered Android banking malware named TsarBot is targeting over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce platforms. Identified by Cyble Research and Intelligence Labs (CRIL), TsarBot employs sophisticated overlay attacks and phishing techniques to intercept sensitive…
Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware
A sophisticated social engineering technique known as ClickFix has emerged, leveraging fake CAPTCHA verification processes to deceive users into executing malicious commands. This method exploits the trust users have in CAPTCHA systems, which are typically used to verify human identity…
Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers
A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers. This vulnerability affects versions 9.0.0-M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2 and has been resolved in…
CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). This vulnerability allows attackers to gain unauthorized access and deploy sophisticated malware variants,…
Lotus Blossom APT Exploits WMI for Post-Exploitation Activities
The Lotus Blossom Advanced Persistent Threat (APT) group, also known as Lotus Panda, Billbug, and Spring Dragon, has intensified its cyberespionage efforts with new variants of the Sagerunex backdoor. These developments highlight the group’s evolving tactics, including leveraging Windows Management…
RamiGPT – AI Tool To Escalate Privilege & Gain Root Access Within a Minute
A new AI-driven offensive security tool, RamiGPT, is known for its ability to autonomously escalate privileges and gain root access to vulnerable systems in under a minute. Developed by GitHub user M507, the tool leverages OpenAI’s API. It integrates proven…
46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings
Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the…
Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows
A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing…
ClickFix Captcha – A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows
A sophisticated social engineering technique has recently emerged in the cybersecurity landscape, rapidly gaining traction among threat actors seeking to distribute trojans, ransomware, and particularly Quakbot malware. This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements…
DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models
In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and…
Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence
Artificial intelligence has dramatically transformed the cybersecurity landscape, with red team activities increasingly leveraging sophisticated AI-driven techniques to simulate advanced persistent threats. These AI-enhanced red teams can now automate the process of penetrating targets and collecting sensitive data at unprecedented…
New Python-Based Discord RAT Attacking Users to Steal Login Credentials
A sophisticated Python-based Remote Access Trojan (RAT) leveraging Discord as its command and control infrastructure has been identified targeting users worldwide. This malware enables attackers to execute arbitrary system commands, capture screenshots, and most critically, steal saved login credentials from…
Russian Hackers Mimic as CIA to Steal Ukraine Defense Intelligence Data
In a sophisticated cyber espionage campaign recently uncovered, Russian hackers have been impersonating the U.S. Central Intelligence Agency (CIA) and other organizations to harvest sensitive information from Ukrainian sympathizers and potential Russian defectors. The operation utilizes carefully crafted phishing websites…
PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel
PJobRAT, an Android Remote Access Trojan (RAT) first observed in 2019, has recently resurfaced with enhanced capabilities and a refined targeting strategy. The malware, initially documented targeting Indian military personnel in 2021, has evolved to compromise users in Taiwan through…
SHELBY Malware Steal Data Abusing GitHub for Command-and-control Server
A sophisticated new data theft malware strain dubbed “SHELBY” has emerged in the cybersecurity landscape, targeting primarily financial institutions and healthcare organizations across North America and Europe. The malware employs a multi-stage infection process that begins with phishing emails containing…
Threat Actors Hacked 150,000 Sites to Link Chinese Gambling Sites
A massive website hijacking campaign has been uncovered, affecting approximately 150,000 websites with malicious full-page redirects to Chinese gambling platforms. The attack, which first emerged in February 2025 targeting around 35,000 sites, has rapidly expanded its reach, demonstrating the threat…
RansomHub’s EDRKillShifter Link With Other Well-Established Ransomware Gang’s – New Research
RansomHub emerged in February 2024, just as Operation Cronos dismantled major ransomware players BlackCat and LockBit. This new ransomware-as-a-service operation quickly attracted affiliates with generous terms—keeping 90% of ransom payments and offering direct wallet transfers. By July 2024, RansomHub had…
New FamousSparrow Malware Attacking Hotels & Engineering Companies to New Backdoor
In a recent discovery, cybersecurity experts have identified renewed activity from FamousSparrow, a China-aligned APT group previously thought to be inactive since 2022. The threat actor has resurfaced with two previously undocumented versions of its signature backdoor, SparrowDoor, targeting organizations…
PlayBoy Locker Ransomware Attacking Windows, NAS and ESXi Operating Systems
A new ransomware variant known as PlayBoy Locker has emerged, targeting multiple operating systems including Windows, NAS, and ESXi. First discovered in September 2024, this malware initially operated as a Ransomware-as-a-Service (RaaS) platform, offering cybercriminals a versatile tool for their…
Hackers Abuse MailChimp Email Marketing Platform via Phishing, and Social Engineering Tactics
Hackers have launched sophisticated attacks targeting MailChimp, one of the most widely used email marketing platforms. These attacks leverage advanced phishing techniques and social engineering tactics to gain unauthorized access to corporate MailChimp accounts, potentially exposing sensitive subscriber data and…
Redcurl Actors New Ransomware Exclusively Attacking Hyper-V Servers
A new ransomware strain has been discovered targeting virtualized environments, specifically Microsoft Hyper-V servers. This targeted approach marks a significant evolution in ransomware tactics, as the malware focuses exclusively on hypervisors rather than encrypting all endpoint devices, creating maximum damage…
Blacklock Ransomware Infrastructure Intruded to Uncover Their Planned Attacks
Blacklock ransomware, also known as “El Dorado” or “Eldorado,” emerged as one of the most aggressive ransomware-as-a-service (RaaS) operations in early 2025. The group rapidly accelerated attacks across multiple sectors including electronics, academia, religious organizations, defense, healthcare, technology, and government…
Cloudflare Announces OpenPubkey SSH to Integrate Single-Sign-on With SSH
Cloudflare announced the open-sourcing of OPKSSH (OpenPubkey SSH) on March 25, 2025. This technology integrates single sign-on (SSO) with SSH authentication, eliminating the need for manual SSH key management. Previously owned by BastionZero (acquired by Cloudflare), the code has been…
Meta AI Will Begin Rolling Out Across 41 European Countries
After nearly a year of regulatory hurdles, Meta has finally begun deploying its conversational AI assistant across the European Union and neighboring countries this week. The rollout, which covers 41 European countries and 21 overseas territories, marks Meta’s largest global…
GLPI Open-source ITSM Tool Vulnerability Let Attackers Inject Malicious SQL Queries
A critical vulnerability in GLPI, a widely-used open-source IT Service Management (ITSM) platform tracked as CVE-2025-24799, enables unauthenticated attackers to perform SQL injection attacks through the inventory endpoint. This flaw can lead to remote code execution (RCE), potentially resulting in…
Kuala Lumpur Airport Suffered Cyberattack – Hackers Demanded US$10 Million Ransom
Malaysia’s Prime Minister Anwar Ibrahim confirmed on Tuesday that hackers demanded a US$10 million ransom following a sophisticated cyberattack that disrupted critical systems at Kuala Lumpur International Airport (KLIA) over the weekend. The security breach, which occurred on March 23,…
Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware
Cybercriminals have launched a sophisticated attack campaign leveraging Google’s sponsored search results to target users searching for DeepSeek, the increasingly popular AI platform. The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking…
Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day
Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems. The patch comes shortly after Google…
New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections
A sophisticated new phishing platform named Lucid has emerged as a significant cybersecurity threat, targeting 169 entities across 88 countries globally. Developed by Chinese-speaking threat actors, this Phishing-as-a-Service (PhAAS) platform operates through 129 active instances and over 1,000 registered domains.…
Tor Browser 14.0.8 Released Emergency Update for Windows Users
The Tor Project has issued an emergency update for Windows users on March 27, 2025, releasing Tor Browser 14.0.8 with critical security patches. This Windows-only release addresses “very urgent” security vulnerabilities in Firefox, the browser framework underpinning Tor Browser, and…
CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, affects the Chromium-based browsers on Windows systems…
Arkana Ransomware Group Claims Compromise of US Telecom Companies
The largest US internet provider, WideOpenWest (WOW!), is allegedly compromised by Arkana Security, a recently discovered ransomware group. The attack, which security researchers trace to an infostealer infection from September 2024, has reportedly compromised over 403,000 customer accounts and granted…
Cloud Attacks Raises by Five Times Attacking Sensitive IAM Service Accounts
Organizations are facing an unbelievable surge in cloud-based security threats, with attacks nearly five times more frequent at the end of 2024 compared to the beginning of the year. Most concerning is the targeted attack on Identity and Access Management…
GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries
A new botnet named “GorillaBot,” has orchestrated over 300,000 attack commands across more than 100 countries within a span of just three weeks. Built on the infamous Mirai botnet framework, GorillaBot represents a sophisticated malware evolution. It leverages advanced encryption…
Windows Server 2025 Security Update Freezes Remote Desktop Sessions Connection
A recent security update for Windows Server 2025, released on February 11, 2025 (KB5051987), has caused a significant issue for users relying on Remote Desktop Protocol (RDP). The update, part of Microsoft’s February Patch Tuesday, has led to RDP sessions…
Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions
Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). Users have reported unexpected disconnections, particularly after the release of the March 2025…
Classiscam Actors Automate Malicious Websites To Steal Financial Data
Online marketplaces have become increasingly popular in developing countries since 2015, providing platforms for trading various goods from used electronics to brand-new items. This digitalization trend, however, has created fertile ground for sophisticated scam operations. Among these, Classiscam has emerged…
Hackers Abuse COM Objects for Fileless Malware Lateral Movements
A sophisticated technique was recently detected by researchers where attackers abuse Component Object Model (COM) objects to execute fileless malware for lateral movement across networks. This technique, detailed in research from March 2025, leverages legitimate Windows functionality to establish persistence…
CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities, CVE-2019-9874 and CVE-2019-9875, both affect the Sitecore.Security.AntiCSRF…
NSW Online Registry Website Breach – 9,000+ Files Stolen by Hackers
In a significant cybersecurity incident, approximately 9,000 sensitive court documents have been illegally downloaded from the NSW Online Registry Website (ORW), which authorities are calling a “major data breach.” The attack has triggered an immediate investigation by the NSW Police…
Synology Mail Server Let Remote Attackers Tamper System Configurations
A moderate-severity vulnerability has been identified in Synology Mail Server. It allows remote authenticated attackers to read and write non-sensitive settings and disable certain non-critical functions. The security flaw, tracked as CVE-2025-2848, affects multiple versions of the popular mail server software and…
Threat Actors Using Powerful Cybercriminal Weapon ‘Atlantis AIO’ to Automate Credential Stuffing Attacks
Credential stuffing has emerged as one of the most pervasive and effective attack vectors in today’s cybersecurity landscape. This technique, which leverages stolen username and password combinations across multiple platforms, has been significantly enhanced through a sophisticated automation tool called…
B1ack’s Stash MarketPlace Actors to Release 4 Million Stolen Credit Card Details for Free
Dark web carding marketplace B1ack’s Stash has announced the release of 4 million stolen credit card details at no cost to cybercriminals. This massive data leak, publicized on February 19, 2025, represents one of the largest freely distributed caches of…
PoC Exploit Released for Ingress-NGINX Remote Code Execution Vulnerabilities
A proof-of-concept (PoC) exploit for a critical remote code execution vulnerability in Kubernetes Ingress-NGINX controllers, tracked as CVE-2025-1974. The vulnerability uncovered by WiZ affects the validation webhook component and could allow attackers to execute arbitrary code on affected systems, potentially…
Pakistan APT Hackers Create Weaponized IndiaPost Website to Attack Windows & Android Users
Cybersecurity researchers have uncovered a sophisticated attack campaign leveraging a fraudulent website that impersonates the Indian Post Office to deliver malware to both Windows and Android users. The fake website, hosted at postindia[.]site, employs device detection techniques to serve tailored…
CodeQLEAKED – GitHub Supply Chain Attack Allows Code Execution Using CodeQL Repositories
A significant vulnerability in GitHub’s CodeQL actions could have permitted attackers to execute malicious code across hundreds of thousands of repositories. The vulnerability, assigned CVE-2025-24362, originated from a publicly exposed GitHub token in workflow artifacts that created a small but…
New Sophisticated Linux-Backdoor Attacking OT Systems Exploiting 0-Day RCE
A sophisticated Linux-based backdoor dubbed “OrpaCrab” has emerged as a significant threat to operational technology (OT) systems, particularly those managing gas station infrastructure. Security researchers discovered the malware after it was uploaded to VirusTotal in January 2024 from the United…
OpenAI Offering Up to $100,000 for Critical Vulnerabilities in its Infrastructure
OpenAI has dramatically increased its maximum bug bounty reward to $100,000 for exceptional critical security vulnerabilities, up from the previous cap of $20,000. This fivefold increase highlights the AI leader’s growing emphasis on cybersecurity as its models advance toward artificial…
Exim Use-After-Free Vulnerability Allows Privilege Escalation
A critical security vulnerability has been identified in the widely used Exim mail transfer agent (MTA), potentially allowing attackers with command-line access to escalate privileges on affected systems. The vulnerability, tracked as CVE-2025-30232, affects Exim versions 4.96 through 4.98.1 and…
12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform
Irish and Spanish law enforcement authorities have successfully apprehended 12 members of a high-risk criminal network in a coordinated operation spanning both countries. The arrests, announced on March 26, 2025, included six suspects in Ireland and six in Spain, all…
Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload
Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. The vulnerability…
Production Line Cameras Vulnerabilities Let Attackers Stop The Recordings
Critical security vulnerabilities have been identified in industrial camera systems widely deployed across Japanese manufacturing facilities, allowing malicious actors to remotely access live footage and disrupt essential production monitoring. These flaws, present in the Inaba Denki Sangyo Co., Ltd. IB-MCT001…
SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users
A sophisticated new malware strain dubbed SectopRAT has emerged, leveraging Cloudflare’s Turnstile challenge system as part of its attack methodology. This Remote Access Trojan specifically targets Windows users through a multi-staged infection process that begins with seemingly legitimate CAPTCHA verification…
YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique
A sophisticated phishing campaign dubbed the “Clickflix Technique” has emerged targeting YouTube content creators through seemingly legitimate brand collaboration requests. This new attack vector exploits creators’ eagerness to secure sponsorship deals by disguising malware payloads as partnership documentation. Cybercriminals initiate…
Top 3 Cyber Attacks In March 2025
March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back.…
3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys
In a startling revelation, a new report indicates that three out of four enterprise users are uploading data to generative AI (genAI) applications, including sensitive information such as passwords and keys. This alarming trend highlights the growing risks associated with…
New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload
The NPM package repository remains active, and despite a decline in malware numbers between 2023 and 2024, this year’s numbers don’t seem to continue that downward trend. Recently, security researchers discovered two intriguing packages ethers-provider2 and ethers-providerz, which employed sophisticated…
Windows 11 24H2 Update Breaks Connection to the Veeam Backup Server
A critical issue affecting Windows 11 24H2 users has emerged, disrupting the connection between Veeam Recovery Media and backup servers. The problem, linked to Microsoft’s February update (KB5051987), is preventing organizations from performing data recovery operations, potentially compromising business continuity…
North Korean Kimsuky Hackers New Tactics & Malicious Scripts in Latest Attacks
A sophisticated cyberattack campaign attributed to the North Korean Advanced Persistent Threat (APT) group Kimsuky has been observed utilizing new tactics and malicious scripts. The attack revolves around a ZIP file containing multiple components designed to steal sensitive information from…
Your Smart TV May Bring Down the Entire Network
CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks. This discovery was made possible by their groundbreaking OmniSec vCISO platform, the first GenAI-powered autonomous security and compliance agent. During the implementation of OmniSec, CYFOX…
Operation ForumTroll – APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections
In mid-March 2025, cybersecurity researchers uncovered “Operation ForumTroll,” targeting Russian media outlets and educational institutions. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy…
CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access
Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures. Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927,…
Clevo Devices Boot Guard Private Key Exposed Via Firmware Update Packages
Researchers have discovered a major security vulnerability affecting multiple gaming laptop models using Clevo hardware. Boot Guard private keys were found exposed within firmware update packages, potentially allowing attackers to bypass critical security protections in affected devices. Researchers at Binary…
200 Unique Domains Used by Raspberry Robin Unveiled
Raspberry Robin, a complex and evolving malware threat, has been operating since 2019, initially spreading through infected USB drives at print and copy shops. This sophisticated malware has transformed from a simple worm into a full-fledged initial access broker (IAB)…
Cloudflare Attributes Recent Service Outage to Password Rotation Error
A credential rotation error led to widespread service disruptions across multiple Cloudflare products on March 21, 2025, affecting customers globally for over an hour. The company disclosed that 100% of write operations and approximately 35% of read operations to their…
Critical NetApp SnapCenter Server Vulnerability Let Attackers Become an Admin User
A high-severity security vulnerability discovered in NetApp SnapCenter could allow authenticated users to gain administrative privileges on remote systems, posing significant risks to organizational data and infrastructure security. Security researchers have identified this vulnerability, CVE-2025-26512, which carries a critical CVSS…
New Chrome Installer Breaks With Error “This App can’t Run on your PC” on Windows 10 & 11
Google’s Chrome browser installation process has been disrupted by a significant technical error affecting Windows users worldwide. Users attempting to install Chrome on Intel or AMD-based Windows 10 and 11 systems are encountering an error message stating “This app can’t…
DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop
Multiple internet service providers worldwide are reporting widespread disruptions as DrayTek routers enter continuous reboot loops, affecting businesses and consumers alike. Security intelligence firm GreyNoise has identified the active exploitation of several DrayTek vulnerabilities, which could be linked to these…
New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control
A newly identified malware strain dubbed “IOCONTROL” has emerged as a critical threat to operational technology (OT) and Internet of Things (IoT) systems, particularly targeting fuel-management infrastructure in the United States and Israel. First observed in December 2024, this Linux-based…
New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch
A critical vulnerability affecting all Windows operating systems from Windows 7 and Server 2008 R2 through the latest Windows 11 v24H2 and Server 2025. This zero-day flaw enables attackers to capture users’ NTLM authentication credentials simply by having them view…
CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS
The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo. These vulnerabilities, with CVSS v4 scores ranging from 5.1…
Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code
Security researchers have uncovered multiple critical vulnerabilities in Appsmith, a popular open-source developer platform for building internal applications. Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20…
Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild
Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors. The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through…
Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code
A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC). The vulnerability, CVE-2025-26633, allows attackers to bypass security features and execute malicious code on targeted systems. Trend Research identified the Russian hacking…
VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication
VMware addressed a significant authentication bypass vulnerability in its VMware Tools for Windows suite. The vulnerability, CVE-2025-22230, could allow malicious actors with non-administrative privileges on a Windows guest virtual machine to perform high-privilege operations within that VM. VMware has classified…
248,000 Mobile Users Infected by Banking Malware With Social Engineering Techniques
Mobile banking malware has seen an alarming surge in 2024, with nearly 248,000 users encountering these dangerous threats—a staggering 3.6 times increase compared to the 69,000 users affected in 2023. This dramatic uptick, particularly pronounced in the second half of…
Microsoft Unveils New Security Copilot Agents & Protections for AI
Microsoft has announced a significant expansion of its AI-powered security capabilities, introducing autonomous security agents and enhanced protections for artificial intelligence systems. The new offerings aim to address the exponential growth in cyberattacks, which now include more than 30 billion…
ARACNE – LLM-based Pentesting Agent To Execute Commands on Real Linux Shell Systems
Cybersecurity researchers have unveiled a new autonomous penetration testing agent that leverages large language models (LLMs) to execute commands on real Linux shell systems. ARACNE, as the agent is called, represents a significant advancement in automated security testing, demonstrating the…
Security Onion 24.10 Released – What’s New
Security Onion 2.4.140 has been officially released, featuring significant upgrades to core components including Suricata 7.0.9, Zeek 7.0.6, and a host of improvements to the Security Operations Center (SOC) configuration interface. This release focuses on enhancing security, fixing bugs, and…
Researchers Compared Malware Development in Rust vs C & C++ Languages
In recent years, malware authors have increasingly turned to emerging programming languages like Rust, Nim, and Go for their nefarious creations. This shift represents a tactical evolution as threat actors seek to bypass modern security solutions and complicate reverse engineering…
Microsoft Announces New Enhanced Protection Against AI & BYOD for Edge Business Users
Microsoft has unveiled significant new data protection capabilities for its Edge for Business browser, specifically targeting the challenges posed by Bring Your Own Device (BYOD) environments and the growing integration of AI in daily workflows. Announced on March 24, 2025,…