Cybersecurity News
-
“Siri Data Stays Private, Not Used for Ads: Apple Confirms
Apple Inc. says its commitment to user privacy, emphasizing that its products, such as the digital assistant Siri, are designed to safeguard personal data from the very beginning and not…
Read More » -
PowerSchool Hacked – Attackers Accessed Personal Data of Students and Teachers
Walker County Schools has reported that unauthorized access to personal data belonging to students and educators was achieved through the company’s student information system vendor, PowerSchool. Superintendent Damon Raines informed…
Read More » -
Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware
CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment branding to propagate malware disguised as an “employee CRM application.” This alarming attack vector begins with…
Read More » -
Juniper Networks Vulnerability Let Remote Attacker Execute Network Attacks
Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms. Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds…
Read More » -
Hackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit Card Data
Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints. Using Remote Access Software,…
Read More » -
New NonEuclid RAT Evades Antivirus and Encrypts Critical Files
A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat. The malware leverages a multifaceted approach…
Read More » -
Weaponized LDAP Exploit Deploys Information-Stealing Malware
Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept exploits for CVE-2024-49113 (dubbed “LDAPNightmare”). These malicious PoCs, often disguised as tools to demonstrate the…
Read More » -
Multi-Plugin Malware Framework Installs Backdoor on Windows
The QSC Loader service DLL named “loader.dll” leverages two distinct methods to obtain the path to the Core module code. It either extracts the path from the system directory “drivers\msnet”…
Read More » -
United Nations Aviation Agency Hacked Recruitment Data Exposed
The International Civil Aviation Organization (ICAO), a United Nations agency responsible for coordinating global aviation standards, has reported a significant information security incident that has exposed the personal data of…
Read More » -
Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace
Criminal IP, a globally recognized Cyber Threat Intelligence (CTI) solution by AI SPERA, has launched its Criminal IP Malicious Link Detector add-in on the Microsoft Marketplace. This cutting-edge tool provides real-time phishing…
Read More » -
Gravy Analytics Hit by Cyberattack, Hackers Allegedly Stole data
Gravy Analytics, a prominent player in location intelligence, has reportedly fallen victim to a significant cyberattack. Initial investigations suggest that hackers have exfiltrated sensitive data, raising concerns over consumer privacy…
Read More » -
Chrome Security Update – Patch for Multiple Security Vulnerabilities
Google has released an update for its Chrome web browser, advancing to version 131.0.6778.264/.265 for Windows and Mac, and 131.0.6778.264 for Linux. This update addresses a series of critical security…
Read More » -
New FireScam Android Malware Abusing Firebase Services To Evade Detection
FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and maintains persistence on compromised devices and leverages phishing websites to distribute its payload and infiltrate…
Read More » -
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or…
Read More » -
Patch for Critical RCE Vulnerabilities
The January 2025 Android Security Bulletin has issued important updates regarding critical vulnerabilities that affect Android devices. Users are urged to ensure their devices are updated to the latest security…
Read More » -
WordPress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks
A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites. This security flaw allows unauthenticated attackers to exploit…
Read More » -
Malicious EditThisCookie Extension Attacking Chrome Users to Steal Data
The popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their…
Read More » -
PoC Exploit Released for Critical OpenSSH Vulnerability (CVE-2024-6387)
An alarming new development emerged in the cybersecurity landscape with the release of a proof-of-concept (PoC) exploit targeting the critical vulnerability identified as CVE-2024-6387. This vulnerability, discovered by researchers at…
Read More »