Apple Security Update Patches Critical Zero-Day Vulnerabilities
Apple has rolled out a series of software updates to patch several critical vulnerabilities, including a zero-day flaw that had been actively exploited in the…
Month: January 2025
Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild
Security researchers have raised alarms about active exploitation attempts targeting a newly discovered zero-day command injection vulnerability in Zyxel CPE Series devices, tracked as CVE-2024-40891. This…
AuthID PrivacyKey protects users’ biometric identities
authID released PrivacyKey, a solution for protecting user biometric data while also avoiding all the compliance issues and risks related to biometric information storage. With…
HackerOne and AWS on the Power of Ethical Hacking
In an era where data breaches and cyberattacks dominate headlines, a new and unconventional approach to cybersecurity has emerged, challenging traditional notions of protection. Ethical…
PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability
A Cross-Site Scripting (XSS) vulnerability has been identified in the TP-Link Archer A20 v3 router, specifically in firmware version 1.0.6 Build 20231011 rel.85717(5553). The issue…
Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware
Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups,…
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation…
Fighting Cyber Threats: Microsoft’s New Security Focus
The evolving cyber threat landscape of 2024 has highlighted the urgent need for a proactive and uncompromising security approach. As we transition into 2025, it…
Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands
A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers. This vulnerability enables attackers to execute arbitrary…
PoC Exploit Released for Critical Cacti Vulnerability Let Attackers Code Remotely
A critical vulnerability in the Cacti performance monitoring framework tracked as CVE-2025-22604, has been disclosed, with a proof-of-concept (PoC) exploit now publicly available. This vulnerability…
Why This Moment In Cybersecurity Needs Hackers To Protect All Software
Originally published in Security Magazine When the pandemic hurled us into a cybersecurity crisis, there were some who held out hope that things would eventually…
DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts
DeepSeek R1, the latest AI model from China, is making waves in the tech world for its reasoning capabilities. Positioned as a challenger to AI…