A disturbing trend of sophisticated attacks recently detected by researchers specifically designed to evade multi-factor authentication (MFA) protections. These advanced techniques, which exploit vulnerabilities in […]
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB)…
‘Fog’ Hackers Troll Victims With DOGE Ransom Notes
Since January, threat actors distributing the malware have notched up…
‘Elusive Comet’ Attackers Use Zoom to Swindle Victims
The threat actor uses sophisticated social engineering techniques to infect…
Nation-State Threats Put SMBs in Their Sights
Cyberthreat groups increasingly see small and medium-sized businesses, especially those…
Infostealer Attacks Surge 84% Weekly Through Phishing Emails
The volume of infostealer malware distributed through phishing emails has…
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan The original article found on The Hacker News Read More
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB)…
‘Fog’ Hackers Troll Victims With DOGE Ransom Notes
Since January, threat actors distributing the malware have notched up…
‘Elusive Comet’ Attackers Use Zoom to Swindle Victims
The threat actor uses sophisticated social engineering techniques to infect…
Nation-State Threats Put SMBs in Their Sights
Cyberthreat groups increasingly see small and medium-sized businesses, especially those…
Nation-State Threats Put SMBs in Their Sights
Cyberthreat groups increasingly see small and medium businesses, especially those…
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
AI agents have rapidly evolved from experimental technology to essential…
ZITADEL IDOR Vulnerabilities Let Attackers Modify Sensitive Settings
A critical Insecure Direct Object Reference (IDOR) vulnerability chain in…
46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings
Researchers have uncovered critical security flaws in global solar power…
PoC Exploit Released for Yelp Flaw that Exposes SSH Keys on Ubuntu Systems
A proof-of-concept (PoC) exploit has been released for CVE-2025-3155, a…
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Cybersecurity researchers have detailed four different vulnerabilities in a core…
Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks
Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in […]
.webp)
Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations
A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for […]
Apache Pinot Vulnerability Let Attackers Bypass Authentication
A critical security vulnerability (CVE-2024-56325) in Apache Pinot, the open-source distributed OLAP datastore used by LinkedIn, Uber, and Microsoft for real-time analytics, allows unauthenticated attackers […]
New Botnet Dubbed “Eleven11bot” Hacked 30,000 Webcams
A newly identified botnet, tracked as Eleven11bot, has compromised approximately 30,000 internet-connected devices—primarily security cameras and network video recorders (NVRs)—to launch distributed denial-of-service (DDoS) attacks […]
SolarWinds Web Help Desk Vulnerability Let Hackers Access Stored Passwords – PoC Released
A critical vulnerability in SolarWinds’ Web Help Desk software (CVE-2024-28989) allowed attackers to decrypt sensitive credentials, including database passwords and LDAP/SMTP authentication secrets, through cryptographic […]
Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days
Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft […]
Apache Camel Vulnerability Let Attackers Inject Arbitrary Headers – PoC Exploit Released
A critical security flaw in Apache Camel’s header validation mechanism allows attackers to execute arbitrary system commands by exploiting case-sensitive header injection. A POC released […]
Google Warned Chromecast Owners Not to Hit Factory Reset
Google has issued an urgent advisory to owners of Chromecast 2nd Generation (2015) and Chromecast Audio devices, warning against factory resets as a global outage […]
Beware! AI-Assisted Fake GitHub Repositories Steal Sensitive Data Including Login Credentials
A sophisticated malware campaign leveraging artificial intelligence to create deceptive GitHub repositories has been observed distributing SmartLoader payloads that ultimately deploy Lumma Stealer, a dangerous […]