Cybersecurity News
-
BeyondTrust Tools RCE Vulnerability Allows Attackers Execute Arbitrary Code
A newly disclosed vulnerability in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) products has raised alarms across the cybersecurity community. The flaw, tracked as CVE-2025-5309 and detailed in…
Read More » -
Apache Tomcat Flaws Allow Auth Bypass and DoS Attacks
The Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of the world’s most widely used open-source Java servlet containers. These…
Read More » -
Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms
The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected this year, Katz Stealer combines aggressive data exfiltration with advanced…
Read More » -
Hackers Target and Hijack Washington Post Journalists’ Email Accounts
A targeted cyberattack has struck The Washington Post, compromising the email accounts of several of its journalists and raising new concerns about the digital security of newsrooms worldwide. The breach,…
Read More » -
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to privilege escalation risks through improper ACL policy enforcement. The vulnerability,…
Read More » -
Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens
A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow. Security experts, notably from Praetorian, have…
Read More » -
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on…
Read More » -
Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic
A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022. The flaw allows attackers to bypass SSL pinning during device…
Read More » -
Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access
A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments.…
Read More » -
Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header
A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the widely used Java framework. The flaw enables attackers to execute…
Read More » -
Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale
Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one…
Read More » -
New Tools, Smartwatch and Car Hacking Added
Kali Linux, the preferred distribution for security professionals, has launched its second major release of 2025, Kali Linux 2025.2, in June. This update introduces a restructured Kali Menu, upgraded desktop…
Read More » -
NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures
The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help organizations implement Zero Trust Architectures (ZTAs) using commercially available technologies. Implementing a Zero Trust Architecture (NIST…
Read More » -
Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware
Security researchers have uncovered a sophisticated malware campaign exploiting a little-known flaw in Discord’s invitation system, enabling cybercriminals to hijack expired or deleted invite links and redirect unsuspecting users to…
Read More » -
Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions
Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web interface of its PAN-OS operating system. The vulnerability enables authenticated…
Read More » -
Over 40,000 Internet-Connected Cameras Exposed, Streaming Live Online
Bitsight TRACE has uncovered more than 40,000 security cameras openly accessible on the internet—streaming live footage from homes, offices, factories, and even sensitive datacenter rooms. This widespread exposure, which Bitsight…
Read More » -
Interpol Dismantles 20,000 Malicious IPs and Domains Tied to 69 Malware Variants
INTERPOL’s Operation Secure has seen the takedown of more than 20,000 malicious IP addresses and domains associated with infostealer malware. Law enforcement across 26 countries collaborated to dismantle cybercriminal infrastructure,…
Read More » -
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals…
Read More » -
Microsoft Patch Tuesday June 2025 – 66 Vulnerabilities Patched Including 2 Zero-Day
Microsoft has released its June 2025 Patch Tuesday security updates, addressing a total of 66 vulnerabilities across its software ecosystem. This month’s updates include fixes for ten critical vulnerabilities and…
Read More » -
Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively Exploited in The Wild
A critical zero-day vulnerability in Microsoft Windows, designated CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon. The flaw, enabling remote code execution (RCE) through…
Read More »