Microsoft to Remove PowerShell 2.0 from Windows 11 Due to Security Risks
Microsoft has announced a significant change for Windows 11 users: the removal of Windows PowerShell 2.0, a legacy scripting platform, from upcoming builds. This move,…
Month: July 2025
8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords, and Spy on Users
Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords,…
ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access
Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers. The vulnerabilities, tracked as…
CitrixBleed 2 Vulnerability PoC Published
A newly published proof-of-concept (PoC) for the critical CitrixBleed 2 vulnerability (CVE-2025-5777) has sent shockwaves through the cybersecurity community, with experts warning of imminent mass…
NightEagle APT Attacking Industrial Systems by Exploiting 0-Days and With Adaptive Malware
A sophisticated APT group dubbed “NightEagle” (APT-Q-95) has been conducting targeted attacks against China’s critical technology sectors since 2023. The group has demonstrated exceptional capabilities…
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections
A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of…
Adware, Trojans and Crypto Theft Lead Q2 Threats
A series of malicious apps and stealthy spyware is targeting Android users worldwide, with new data showing how cybercriminals keep finding ways to slip threats…
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini July 07, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
New Linux EDR Evasion Tool Exploits io_uring Kernel Feature
A new tool named RingReaper is raising eyebrows among defenders and red teamers alike. By leveraging the legitimate, high-performance Linux kernel feature known as io_uring,…
New technique detects tampering or forgery of a PDF document
Researchers from the University of Pretoria presented a new technique for detecting tampering in PDF documents by analyzing the file’s page objects. The technique employs…
APT36 Attacking BOSS Linux Systems With Weaponized ZIP Files to Steal Sensitive Data
Pakistan-based threat actor APT36, also known as Transparent Tribe, has significantly evolved its cyber-espionage capabilities by launching a sophisticated campaign specifically targeting Indian defense personnel…
ScriptCase Vulnerabilities Allow Remote Code Execution and Full Server Compromise
Two critical vulnerabilities have been discovered in ScriptCase, a popular low-code PHP web application generator, which puts thousands of servers at risk of remote code…