Cybersecurity News
-
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt
The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This…
Read More » -
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections
A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of Secure Boot, full-disk encryption, and…
Read More » -
Writable File in Lenovo Path Lets Attackers Evade AppLocker Restrictions
A security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directory that can be exploited to bypass AppLocker restrictions. The file in question,…
Read More » -
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed to simplify software deployment on…
Read More » -
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and Vercel. CVE ID Affected Versions Severity Impact…
Read More » -
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence
Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known…
Read More » -
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely tofall…
Read More » -
Instagram Now Rotating TLS Certificates Daily with 1-Week Validity
Instagram has begun rotating its TLS certificates on a daily basis, with each certificate valid for just over a week. This approach, which goes far beyond current industry standards, was…
Read More » -
Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations
A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could allow attackers to gain unauthorized…
Read More » -
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise…
Read More » -
Multiple PHP Vulnerabilities Enables SQLi and DoS Attacks – Update Now
Security researchers have disclosed two significant vulnerabilities in PHP, the popular server-side scripting language, that could allow attackers to launch SQL injection (SQLi) and Denial of Service (DoS) attacks. According…
Read More » -
Citrix Alerts on Authentication Failures After NetScaler Update to Resolve Auth Vulnerability
Citrix has issued an urgent advisory for NetScaler users following the release of builds 14.1.47.46 and 13.1.59.19, warning of potential authentication disruptions stemming from a 16c3 a newly implemented security…
Read More » -
Surge in LNK File Weaponization by 50%, Fueling Four Major Malware Types
The weaponization of Windows shortcut (LNK) files for malware distribution has increased by an astounding 50%, according to telemetry data, with dangerous samples rising from 21,098 in 2023 to 68,392…
Read More » -
Chinese Student Charged in Mass Smishing Campaign to Steal Victims’ Personal Information
Ruichen Xiong, a student from China, has been sentenced to over a year in prison at Inner London Crown Court for orchestrating a large-scale smishing (SMS phishing) campaign. Xiong deployed…
Read More » -
Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability
A critical security flaw in the popular Forminator WordPress plugin has put more than 600,000 websites worldwide at risk of remote takeover, according to recent disclosures from security firm Wordfence and independent…
Read More » -
New DEVMAN Ransomware by DragonForce Targets Windows 10 and 11 Users
A new ransomware variant, dubbed DEVMAN, has surfaced in the cyberthreat landscape, showcasing a complex lineage tied to the notorious DragonForce family. Built on a foundation of DragonForce and Conti…
Read More » -
Critical Vulnerability in Microsens Devices Exposes Systems to Hackers
A series of critical vulnerabilities have been discovered in MICROSENS NMP Web+, a widely used network management platform for industrial and critical manufacturing environments, putting thousands of organizations worldwide at…
Read More » -
Europol Dismantles Massive Crypto Investment Scam Targeting 5000+ victims Worldwide
Europol and international law enforcement have dismantled a sprawling cryptocurrency investment fraud network that allegedly defrauded more than 5,000 victims globally, laundering at least €460 million ($540 million) in illicit…
Read More »