Splunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The […]
Category: Cyber Security News
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The […]
New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems
A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, […]
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
A formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as […]
53% of cyber department leaders eyeing the exit
Security department heads — those directly reporting to the CISO — are decidedly looking to leave their posts. But various factors, including a weak economy, […]
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript
A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered […]
Threat Actors Target PerimeterX CAPTCHA to Automate Microsoft Account Creation
A recent post on an underground forum has brought renewed attention to the escalating arms race between cybercriminals and anti-bot security vendors. The solicitation, offering […]
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the […]
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. […]
SolarWinds Dameware Vulnerability Could Let Attackers Gain Elevated Privileges
June 3, 2025 – SolarWinds Worldwide, LLC has announced the release of Dameware 12.3.2, a critical service update focused on bug fixes, security enhancements, and […]