Cybersecurity News
-
Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums
Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal underground, revealing the intricate web of tools, techniques, and cultural elements defining this notorious cybercrime…
Read More » -
Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed
Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit, a cutting-edge DDoS protection and acceleration feature, designed to safeguard enterprise infrastructure while delivering lightning-fast…
Read More » -
Kibana Releases Security Patch to Fix Code Injection Vulnerability
Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability identified as CVE-2024-12556. The flaw, referred to as “Kibana Prototype Pollution,” could allow attackers to…
Read More » -
PoC Exploit Reveals SSH Key Exposure via Yelp Vulnerability on Ubuntu
Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys. The flaw impacts Ubuntu desktop installations…
Read More » -
Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering defenders with advanced threat analysis, vulnerability assessment, and incident response capabilities. The experimental system, developed…
Read More » -
Hack The box “Ghost” Challenge Cracked
Cybersecurity researcher “0xdf” has cracked the “Ghost” challenge on Hack The Box (HTB), a premier platform for honing penetration testing skills, and shared an exhaustive technical breakdown on their GitLab…
Read More » -
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part…
Read More » -
PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
A sophisticated phishing campaign, dubbed “PoisonSeed,” has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate cryptocurrency-related scams. The threat actors behind this campaign are leveraging…
Read More » -
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor…
Read More » -
Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The attackers impersonated Dev.to,…
Read More » -
Ivanti Fully Patched Actively Exploited Connect Secure RCE Vulnerability
April 5, 2025 – Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. Rated…
Read More » -
Vite Development Server Flaw Allows Attackers Bypass Path Restrictions
A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper path verification during URL request processing, attackers can bypass path restrictions and gain unauthorized access…
Read More » -
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to crash servers and potentially execute remote code under certain conditions.…
Read More » -
Secure Ideas Achieves CREST Accreditation and CMMC Level 1 Compliance
Secure Ideas, a premier provider of penetration testing and security consulting services, proudly announces its recent achievements of CREST accreditation and CMMC Level 1 compliance, reinforcing its commitment to delivering…
Read More » -
Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS
Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series devices, allowing authenticated attackers to trigger denial-of-service (DoS) conditions. The flaw (CVE-2025-20212) stems from an uninitialized variable…
Read More » -
Brinker Named Among “10 Most Promising Defense Tech Startups of 2025”
Brinker, an innovative narrative intelligence platform dedicated to combating disinformation and influence campaigns, has been recognized as one of the “10 Most Promising Defense Tech Startups of 2025” by Défense…
Read More » -
Google Cloud Platform Vulnerability Exposes Sensitive Data to Attackers
A privilege escalation vulnerability in Google Cloud Platform (GCP), dubbed “ImageRunner,” was recently discovered and fixed. The flaw, which Tenable Research brought to light, potentially allowed attackers to exploit Google…
Read More » -
Ransomware Threatens 93% of Industries— Resilience Is Critical
Ransomware continues to be one of the most disruptive cyber threats, with recent data revealing that it affects 93% of industries globally. According to Verizon’s 2024 Data Breach Investigations Report,…
Read More »