CVE-2024-11859: ToddyCat Group Hides Malware in ESET’s Scanner to Bypass...
Advanced Persistent Threat (APT) groups are constantly evolving their techniques to evade detection. Kaspersky Labs has recently uncovered a sophisticated method employed by the ToddyCat group: hiding...
View ArticleCVE-2025-27520: Critical BentoML Flaw Allows Full Remote Code Execution,...
A severe security vulnerability has been identified in BentoML, a Python library used for building online serving systems optimized for AI applications and model inference. The vulnerability, tracked...
View ArticleWhatsApp for Windows Spoofing Vulnerability: Execute Code Risk (CVE-2025-30401)
A security advisory from Facebook details a spoofing vulnerability in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code. The...
View ArticleTop 5 VPN Vulnerabilities in 2025
I. Executive Summary The reliance on Virtual Private Networks (VPNs) has grown significantly as organizations embrace remote work and individuals seek enhanced online privacy and security. However,...
View ArticleTVT DVRs Under Siege: Massive Exploitation Attempts Expose Critical Flaw
A significant surge in malicious cyber activity has been detected, raising alarms for organizations utilizing TVT NVMS9000 DVRs. GreyNoise intelligence reports “a significant spike 3 times that of...
View ArticleNew Ransomware Tactics & Tools: An In-Depth Analysis of Emerging Threats
The digital landscape continues to be challenged by the persistent and evolving threat of ransomware. Organizations worldwide face an increasing risk of sophisticated cyberattacks that can disrupt...
View ArticleFortinet: Critical Unverified Password Change Flaw in FortiSwitch
Fortinet has released a security advisory addressing a critical vulnerability in FortiSwitch products. The vulnerability, identified as CVE-2024-48887 (CVSS 9.3), could allow attackers to gain...
View ArticleMalicious VSCode Extensions Caught Mining Crypto with XMRig
Visual Studio Code, Microsoft’s open-source and freely available code editor, offers a marketplace for a vast array of extensions—most of which are developed by third parties. As a result, the platform...
View ArticleApache mod_auth_openidc Vulnerability Exposes Protected Content
In a recently published security advisory, OpenIDC has revealed a vulnerability in mod_auth_openidc, the widely used OpenID Connect module for the Apache HTTP server. The flaw, tracked as...
View ArticleGrandoreiro Trojan Resurges in Phishing Attacks
Cybercriminals are actively distributing the Grandoreiro banking trojan through large-scale phishing campaigns, primarily targeting banking users in Latin America and Europe. According to a report by...
View ArticleSourceForge Used to Distribute ClipBanker Trojan and Cryptocurrency Miner
For many developers, SourceForge has long been a cornerstone of open-source collaboration — a trusted hub to host and distribute software. But for cybercriminals, it has recently become a platform to...
View ArticleVidar Stealer Hides in Legitimate BGInfo Tool
Vidar Stealer, a notorious information-stealing malware that first emerged in 2018, continues to pose a significant threat by employing new distribution methods and evasion techniques. G DATA Security...
View ArticleInaba Denki Sangyo Wi-Fi AP Units Affected by Critical Vulnerabilities
A recent security advisory from JPCERT/CC has highlighted multiple vulnerabilities in Inaba Denki Sangyo Co., Ltd.’s Wi-Fi AP UNIT ‘AC-WPS-11ac series’. These vulnerabilities affect several models...
View ArticleMicrosoft April 2025 Patch Tuesday: Critical Security Updates and Zero-Day...
This April, Microsoft’s Patch Tuesday release addresses a significant number of vulnerabilities, highlighting the ever-present need for robust cybersecurity practices. The tech giant rolled out fixes...
View ArticleRogue RDP: Abusing RDP for File Theft and Espionage
A recent report by Google Threat Intelligence Group (GTIG) has shed light on a sophisticated phishing campaign targeting European government and military organizations. This campaign, attributed to a...
View ArticleChrome Update Fixes High-Severity “Use After Free” Vulnerability
The Chrome Stable channel has been updated to version 135.0.7049.84/.85 for Windows and Mac, and to 135.0.7049.84 for Linux. This update will be rolling out to users over the coming days and weeks....
View ArticleNeptune RAT: Advanced Malware Targets Windows with Destructive Capabilities
CYFIRMA researchers have uncovered a new version of the Neptune RAT, a Remote Access Trojan (RAT) that poses a significant threat to Windows users. This malware is characterized by its advanced...
View ArticleKibana Code Injection Vulnerability: Prototype Pollution Threat (CVE-2024-12556)
A newly disclosed vulnerability in Kibana, the popular open-source data visualization front-end for Elasticsearch, has been rated CVSS 8.7 due to its potential to allow remote code injection under...
View ArticleSiemens Security Alert: Critical Vulnerabilities in SENTRON 7KT PAC1260 Data...
In a recent security advisory, Siemens ProductCERT has revealed multiple critical vulnerabilities affecting the SENTRON 7KT PAC1260 Data Manager. The advisory, published on April 8, 2025, warns that...
View ArticleWindows CLFS Zero-Day Exploited to Deploy Ransomware
Microsoft Threat Intelligence has disclosed active exploitation of a zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824. The exploit, used in the wild,...
View Article