PDVSA Cyberattack Hits Administrative Systems
Venezuela’s state-run oil company, Petróleos de Venezuela (PDVSA), has confirmed that a cyberattack on PDVSA’s administrative systems caused widespread disruptions, even as the company publicly…
Month: December 2025
New GhostPoster Attack Leverages PNG Icon to Infect 50,000 Firefox Users
A sophisticated new malware campaign dubbed “GhostPoster” has been uncovered, leveraging a clever steganography technique to compromise approximately 50,000 Firefox users. The attack vector primarily…
Parked Domains Emerge as a Primary Channel for Malware and Phishing
The landscape of domain parking has transformed dramatically over the past decade, shifting from a relatively benign monetization strategy to a sophisticated vector for cybercrime.…
Why vulnerability reports stall inside shared hosting companies
Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into…
Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution
Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling…
Zabbix: Open-source IT and OT observability solution
Zabbix is an open source monitoring platform designed to track the availability, performance, and integrity of IT environments. It monitors networks along with servers, virtual…
CSF 2.0 Guidance For AI Security
Artificial intelligence is increasingly embedded in enterprise environments, creating new cybersecurity risks alongside operational benefits. To address this shift, the National Institute of Standards and…
BlindEagle Hackers Attacking Organization to Abuse Trust and Bypass Email Security Controls
In a sophisticated cyberespionage campaign, the BlindEagle threat actor has once again targeted Colombian government institutions. This latest operation specifically zeroed in on an agency…
AI breaks the old security playbook
AI has moved into enterprise operations faster than many security programs expected. It is embedded in workflows, physical systems, and core infrastructure. Some AI tools…
Telcos argue ACMA’s $2.3bn spectrum fee-hike will crush investment
Australia’s mobile network operators have expressed disappointment universally at the prospect of paying up to $2.3 billion more than expected for spectrum they need to…
GhostPairing Attack Exposes WhatsApp Accounts to Full Takeover via Phone Numbers
A novel WhatsApp account-takeover campaign dubbed “GhostPairing Attack” has emerged, enabling threat actors to gain complete access to victim accounts without stealing passwords or conducting…
Microsoft Outlines Mitigation for React2Shell RCE Vulnerability in React Server Components
Microsoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a…