Chrome Extensions Flaw Exposes Sensitive API Keys, secrets and Tokens
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys,…
Month: June 2025
New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. “The…
Zaporizhzhia Cyber Police Arrest Crypto Hacker
For years, he stayed under the radar. No ransomware, no flashy data leaks, no digital fingerprints loud enough to cause alarm. Just a quiet tapping…
HPE Patches Critical Vulnerability in StoreOnce
Hewlett Packard Enterprise (HPE) this week announced fixes for multiple vulnerabilities in StoreOnce software, including a critical flaw leading to authentication bypass. The StoreOnce software…
JWT-HACK | HAHWUL
JSON Web Token Hack Toolkit # Cargo cargo install jwt-hack # Brew brew tap hahwul/jwt-hack brew install jwt-hack JWT-HACK is a CLI tool for analyzing…
New pathWiper Malware Targets Critical Infrastructure to Deploy Admin Tools
Cisco Talos has uncovered a sophisticated and destructive cyberattack targeting a critical infrastructure entity in Ukraine, deploying a previously unknown wiper malware dubbed “PathWiper.” This…
Play ransomware group hit 900 organizations since 2022
Play ransomware group hit 900 organizations since 2022 Pierluigi Paganini June 06, 2025 A joint advisory from the US and Australian authorities states that Play…
XWorm and AsyncRAT Delivered by Malicious Actors
The widespread text-sharing website Paste.ee has been used as a weapon by bad actors to spread powerful malware strains like XWorm and AsyncRAT, which is…
AI becomes key player in enterprise ransomware defense
Ransomware breaches continue to rise even as fewer victims pay, according to a Delinea report. 69% of organizations globally have fallen victim to ransomware, with…
BidenCash Marketplace Domains Seized In U.S. Crackdown
The U.S. government has seized approximately 145 domains associated with the BidenCash marketplace and other criminal marketplaces, effectively dismantling one of the most notorious darknet…
PoC Exploit Released for Apache Tomcat DoS Vulnerability
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service attacks through malformed priority headers. The flaw affects…
June 2025 Patch Tuesday forecast: Second time is the charm?
Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of…