Grafana warns of max severity admin spoofing vulnerability
Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or…
Month: November 2025
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According…
Out-of-band update fixes Windows 11 hotpatch install loop
Microsoft has released the KB5072753 out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems…
North Korean Kimsuky and Lazarus Join Forces to Exploit Zero-Day Vulnerabilities Targeting Critical Sectors Worldwide
Two of North Korea’s most dangerous hacking groups have joined forces to launch a coordinated attack campaign that threatens organizations worldwide. The Kimsuky and Lazarus…
Dark Web Job Market Evolved
The underground labor market has undergone a significant transformation. According to new research analyzing 2,225 job-related posts collected from shadow forums between January 2023 and…
‘Scattered Spider’ teens plead not guilty to UK transport hack
Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of…
Hackers Using New Matrix Push C2 to Deliver Malware and Phishing Attacks via Web Browser
A new command-and-control platform called Matrix Push C2 has emerged as a serious threat to web users across all operating systems. This browser-based attack framework…
AI-Driven Obfuscated Malicious Apps Bypassing Antivirus Detection to Deliver Malicious Payloads
Cybersecurity researchers have identified a sophisticated malware campaign leveraging artificial intelligence to enhance obfuscation techniques, enabling malicious applications to circumvent traditional antivirus detection systems. The…
New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse
Cybersecurity researchers have discovered a new, highly dangerous Android banking malware called Sturnus, named after the common starling or ‘songbird’ because of its complex and…
CrowdStrike catches insider feeding information to hackers
American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with unnamed threat actors. However, the company noted that its…
Advanced Features Bypass AI Detection and Steal Password Manager Data
The Python-based information-stealing tool Xillen Stealer has reached versions 4 and 5, significantly expanding its targeting capabilities and functionality across platforms. Documented initially by Cyfirma…
Android Malware Records Encrypted Messages, Hijacks Devices
Security researchers have identified a new Android banking trojan that does much more than steal banking credentials. It can also record encrypted messages and essentially…