Endgame Gear mouse config tool infected users with malware
Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official…
Author: Cybernoz
Uncovering Five Critical Vulnerabilities in Microsoft SharePoint
Security researchers from Kaspersky have detailed a sophisticated exploit chain dubbed “ToolShell,” actively targeting on-premise Microsoft SharePoint servers worldwide. The campaign, which began widespread exploitation…
Why business logic abuse is a major threat
Earlier this year one of the largest ever cases of business logic abuse was detected when a botnet across over 11 million unique IP addresses…
Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google
A highly “aggressive” cyber campaign, identified in mid-2025 by Google’s Threat Intelligence Group (GTIG), is posing a severe threat to major industries, including retail, airlines,…
macOS Sploitlight flaw leaks Apple Intelligence data
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence…
Chinese Hackers Exploit Software Vulnerabilities to Breach Targeted Systems
China’s Cyberspace Administration, Ministry of Public Security, and Ministry of Industry and Information Technology introduced the Regulations on the Management of Network Product Security Vulnerabilities…
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Jul 28, 2025Ravie LakshmananMalware / Developer Tools In what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s…
Kioxia launches 245TB LC9, the biggest flash drive on the market
Kioxia has launched solid-state drives of 245.76TB (terabytes), making them the largest capacity commodity flash drives currently on the market. The company said the new…
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity…
New SHUYAL Attacking 19 Popular Browsers to Steal Login Credentials
A sophisticated new information stealer named SHUYAL has emerged in the cybersecurity landscape, demonstrating unprecedented scope in its credential harvesting capabilities. The malware targets login…
UNC3886 Hackers Target Singapore’s Critical Infrastructure by Exploiting 0-Day Vulnerabilities
Singapore’s critical infrastructure sectors, including energy, water, telecommunications, finance, and government services, are facing an active cyberattack from UNC3886, a sophisticated China-linked advanced persistent threat…
macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers
A newly disclosed macOS vulnerability is allowing attackers to bypass Apple’s privacy controls and access sensitive user data, including files cached by Apple Intelligence. Tracked…