Cybersecurity News
-
Government Calls on Organizations to Adopt SIEM and SOAR Solutions
In a landmark initiative, international cybersecurity agencies have released a comprehensive series of publications to guide organizations through the implementation and prioritization of Security Information and Event Management (SIEM) and…
Read More » -
Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data
DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95% of Fortune 500 companies, and boasts a user base exceeding one billion. However, this widespread adoption…
Read More » -
Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches
At this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content process. The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript…
Read More » -
Hackers Reportedly Selling Over 500 Stolen Crypto Databases on Dark-Web Forums
A hackers has made news by allegedly selling a ZIP archive containing more than 500 compromised databases, which seems to be a serious blow to the cybersecurity of several cryptocurrency…
Read More » -
Meteobridge web interface Vulnerability Let Attackers Inject Commands Remotely
ONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect personal weather stations to public weather networks like Weather Underground.…
Read More » -
Severe vBulletin Flaw Allows Remote Code Execution by Attackers
A newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of relying on method visibility for security. The flaw, affecting vBulletin…
Read More » -
Hackers Expose 184 Million User Passwords via Open Directory
A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique logins and passwords—totaling 47.42 GB of raw credential data. The…
Read More » -
GenAI Assistant DIANNA Uncovers New Obfuscated Malware
Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This malware, reportedly crafted with the assistance of large language models (LLMs) such as ChatGPT and…
Read More » -
Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as an “uncensored” and “private” alternative to mainstream platforms like ChatGPT. Unlike conventional AI chatbots, Venice.ai…
Read More » -
EU Targets Stark Industries in Cyberattack Sanctions Crackdown
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing new restrictive measures against 21 individuals and 6 entities. This latest move, part of the…
Read More » -
Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application for managing crypto assets via Ledger cold wallets. Since August 2024, Moonlock Lab has been…
Read More » -
Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000
A threat actor known as #LongNight has reportedly put up for sale remote code execution (RCE) access to Burger King Spain’s backup system, leveraging vulnerabilities in the AhsayCBS platform. Priced…
Read More » -
Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity (NHI) secrets, and ultimately bypass zero-trust security frameworks. This research,…
Read More » -
TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks
The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium confidence by CERT-UA, has shifted tactics to target government, educational, and research entities in Tajikistan. According…
Read More » -
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware.…
Read More » -
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication
Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used by large enterprises, service providers, and government entities. Despite responsible…
Read More » -
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers…
Read More » -
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam. This attack, which redirects users…
Read More »