Cybersecurity News
-
Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS
A significant compatibility issue has been introduced by Microsoft’s December 2025 security update, affecting Message Queuing (MSMQ) functionality across Windows Server and client environments. The update in question, identified as…
Read More » -
NVIDIA Merlin Vulnerabilities Allows Malicious Code Execution and DoS Attacks
NVIDIA has issued urgent security patches for its Merlin machine learning framework, addressing two high-severity deserialization vulnerabilities that could allow attackers to execute malicious code, launch denial-of-service attacks, and compromise…
Read More » -
EDR Process Sideloading to Conceal Malicious Activity
Initial access broker Storm-0249 has undergone a significant transformation, evolving from a mass phishing operation into a sophisticated threat actor that leverages legitimate Endpoint Detection and Response (EDR) processes to…
Read More » -
MITRE Unveils 2025’s Top 25 Most Dangerous Software Weaknesses
MITRE has released its annual Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list for 2025, identifying the most critical vulnerabilities affecting software development worldwide. The comprehensive analysis…
Read More » -
Kali Linux 2025.4 Released Featuring 3 New Hacking Tools and Wifipumpkin3
The latest release of Kali Linux, version 2025.4, is a significant milestone for the ethical hacking distribution, introducing major architectural changes and a range of new tools. This update focuses…
Read More » -
Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users
Apple has recently released critical security patches to address two zero-day vulnerabilities that are being actively exploited on iPhone and iPad devices. According to the tech giant, both vulnerabilities were…
Read More » -
Researchers and Developers Targeted in AI-Driven GitHub Supply Chain Attack
A sophisticated AI-generated supply chain attack is targeting researchers, developers, and security professionals through compromised GitHub repositories, according to findings from Morphisec Threat Labs. The campaign leverages dormant GitHub accounts…
Read More » -
CISA Issues New Guidance for Securing UEFI Secure Boot on Enterprise Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued critical guidance on managing UEFI Secure Boot configurations across enterprise systems, addressing the growing concerns about boot-level security vulnerabilities that have…
Read More » -
Research Findings on the Fate of Data Stolen in Phishing Attacks
Recent research conducted by Kaspersky has shed light on the entire lifecycle of data stolen during phishing attacks, exposing a complex “shadow market conveyor belt” where victim information is quickly…
Read More » -
New JSCEAL Infostealer Malware Targets Windows Systems to Steal Login Credentials
A sophisticated information-stealing tool known as JSCEAL has undergone significant developments in recent months, incorporating advanced anti-analysis techniques and a hardened command-and-control infrastructure to target users of cryptocurrency applications on…
Read More » -
Surge in Attacks Targeting RSC-Enabled Services Worldwide
In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple security vendors reported scanning activity…
Read More » -
Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware
A critical security flaw in the popular text editor Notepad++ has been addressed with the release of version 8.8.9, which patches a vulnerability that could have allowed traffic hijacking. The…
Read More » -
New DroidLock Malware Locks Android Devices and Demands Ransom Payment
A new and sophisticated threat campaign has been identified by the zLabs research team, targeting Spanish Android users with a malware strain known as DroidLock. Unlike traditional ransomware, which encrypts…
Read More » -
644K+ Websites at Risk Due to Critical React Server Components Flaw
A critical vulnerability known as “React2Shell” has been identified by the Shadowserver Foundation, posing a significant threat to a massive attack surface that remains exposed to potential exploitation. Following enhancements…
Read More » -
New “Spiderman” Phishing Kit Lets Hackers Build Fake Bank Login Pages Instantly
A new and sophisticated phishing toolkit, known as “Spiderman,” has been identified as a significant threat to European banking customers. This toolkit enables cybercriminals to create convincing fake login pages…
Read More »