Cybersecurity News
-
New Starkiller Phishing Framework Uses Real Login Pages to Bypass MFA Security
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date.…
Read More » -
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks
Google Chrome’s Secure Web and Networking Team has announced a new effort to protect HTTPS traffic from upcoming quantum‑computing attacks. This initiative stems from the IETF’s “PKI, Logs, And Tree…
Read More » -
AuraStealer Infostealer Targeting Users with 48 C2 Domains in Ongoing Campaigns
Threat actors are actively deploying a new infostealer dubbed “AuraStealer,” backed by a growing customer base, 48 identified command‑and‑control (C2) domains, and multiple ongoing campaigns abusing popular platforms like TikTok…
Read More » -
React2Shell Vulnerability Exploited in the Wild, Analysts Warn
A critical vulnerability, known as React2Shell (CVE-2025-55182), has been discovered in React Server Components, affecting multiple React versions across the React 19 ecosystem. This pre-auth remote code execution weakness poses…
Read More » -
Hackers Weaponize 7-Zip Downloads to Turn Home PCs Into Proxy Nodes
A fake website impersonating the popular 7-Zip file archiver has been distributing malicious software that secretly converts infected computers into residential proxy nodes. The counterfeit site has been operating undetected…
Read More » -
Docker Releases Free, Production-Grade Hardened Container Images
In a significant move to enhance software supply chain security, Docker has made its production-grade hardened container images available as a free, open-source offering, accessible to all 26 million developers…
Read More » -
Sleeping Bouncer Vulnerability Impacts Gigabyte, MSI, ASRock, and ASUS Motherboards
A critical vulnerability in motherboard firmware has been identified by Riot Games’ Vanguard anti-cheat team, affecting major manufacturers such as Gigabyte, MSI, ASRock, and ASUS. The vulnerability, dubbed “Sleeping Bouncer,”…
Read More » -
PoC Exploit Released for Use-After-Free Vulnerability in Linux Kernel POSIX CPU Timers
A newly discovered vulnerability in the Linux kernel’s POSIX CPU timers has been exposed, with a detailed proof-of-concept demonstrating one of the most sophisticated kernel exploits targeting Android devices. The…
Read More » -
Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation
Microsoft has recently patched a critical vulnerability in its Brokering File System (BFS) driver, which could have allowed attackers to escalate privileges on Windows systems, potentially gaining unauthorized access to…
Read More » -
Nissan Discloses Data Breach Linked to Compromised Red Hat Infrastructure
Nissan Motor Co., Ltd. has revealed a significant data breach impacting around 21,000 customers of Nissan Fukuoka Sales Co., Ltd. due to unauthorized access to a Red Hat-managed server used…
Read More » -
Bangladeshi Operator of Fake ID Marketplaces Charged in International Fraud Case
A 29-year-old Bangladeshi man, Zahid Hasan of Dhaka, Bangladesh, has been indicted on federal charges for operating online marketplaces that sold fraudulent identity document templates to customers worldwide, according to…
Read More » -
Microsoft Teams Outage Causes Global Messaging Delays and Service Interruptions
A global outage of Microsoft Teams occurred on December 20, 2025, causing significant disruptions to the collaboration platform’s messaging functionality and other critical operations, affecting users worldwide. The company has…
Read More » -
25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote Exploitation
The Shadowserver Foundation has discovered over 25,000 internet-facing Fortinet devices globally with FortiCloud Single Sign-On (SSO) functionality enabled, raising concerns about potential exposure to critical authentication bypass vulnerabilities. Recently, the…
Read More » -
Apache Log4j Flaw Enables Interception of Sensitive Logging Data
The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered vulnerability, tracked as CVE-2025-68161, allows attackers to intercept or redirect…
Read More » -
Mapping the Emerging Alliance Between Qilin, DragonForce, and LockBit
In mid-September 2025, the ransomware landscape witnessed a significant development when DragonForce announced an alliance with Qilin and LockBit on a Russian underground forum. The announcement, posted on September 15,…
Read More » -
Roundcube Flaws Let Attackers Execute Malicious Scripts
Roundcube, a widely used open-source webmail platform, has released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS versions, posing a risk to organizations and…
Read More » -
Microsoft Patches MSMQ Flaw That Affects IIS Web Servers
Microsoft has issued an emergency security update to fix a critical vulnerability in the Message Queuing (MSMQ) feature, which affects Windows 10 systems that run IIS web servers and are…
Read More »