malicious
-
Apache Tomcat Flaws Allow Auth Bypass and DoS Attacks
The Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of…
Read More » -
Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms
The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected…
Read More » -
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to…
Read More » -
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via…
Read More » -
Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header
A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the…
Read More » -
Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware
Security researchers have uncovered a sophisticated malware campaign exploiting a little-known flaw in Discord’s invitation system, enabling cybercriminals to hijack…
Read More » -
Interpol Dismantles 20,000 Malicious IPs and Domains Tied to 69 Malware Variants
INTERPOL’s Operation Secure has seen the takedown of more than 20,000 malicious IP addresses and domains associated with infostealer malware.…
Read More » -
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025…
Read More » -
Microsoft Patch Tuesday June 2025 – 66 Vulnerabilities Patched Including 2 Zero-Day
Microsoft has released its June 2025 Patch Tuesday security updates, addressing a total of 66 vulnerabilities across its software ecosystem.…
Read More » -
Microsoft Windows WebDAV 0-Day RCE Vulnerability Actively Exploited in The Wild
A critical zero-day vulnerability in Microsoft Windows, designated CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group…
Read More » -
New Report Reveals Chinese Hackers Attempted to Breach SentinelOne Servers
SentinelLABS, a sophisticated reconnaissance operation targeting SentinelOne, a leading cybersecurity vendor, has been detailed as part of a broader espionage…
Read More » -
ClickFix Attack Uses Fake Cloudflare Verification to Silently Deploy Malware
A newly identified social engineering attack dubbed “ClickFix” has emerged as a significant threat, leveraging meticulously crafted fake Cloudflare verification…
Read More » -
Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User
Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated…
Read More » -
Hackers Leverage New ClickFix Tactic to Exploit Human Error with Deceptive Prompts
A sophisticated social engineering technique known as ClickFix baiting has gained traction among cybercriminals, ranging from individual hackers to state-sponsored…
Read More » -
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers
A newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of…
Read More » -
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert…
Read More »