Ransomware Attack on Romanian Waters Authority
Romania’s National Administration “Apele Române” (Romanian Waters) disclosed a severe ransomware attack on December 20, 2025. That compromised approximately 1,000 IT systems across the agency…
Category: CyberSecurityNews
Operation PCPcat Hacked 59,000+ Next.js/React Servers Within 48 Hours
A massive credential-theft campaign dubbed PCPcat compromised 59,128 Next.js servers in under 48 hours. The operation exploits critical vulnerabilities CVE-2025-29927 and CVE-2025-66478, achieving a 64.6%…
Microsoft Teams to Enforce Messaging Safety Defaults Starting January 2026
Microsoft is strengthening the security posture of enterprise collaboration by automatically enabling critical messaging safety features in Microsoft Teams. According to a new administrative update,…
PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution
Security researchers have released a Proof-of-Concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform. The flaw, tracked as CVE-2025-37164,…
Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios
A comprehensive analysis of CVE-2025-50165, a critical Windows vulnerability affecting the Windows Imaging Component (WIC). That could potentially enable remote code execution through specially crafted…
Threat Actors Poses as Korean TV Programs Writer to Trick Victims and Install Malware
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors impersonate writers from major Korean broadcasting networks to distribute malicious documents. The operation, tracked as…
University of Phoenix Data Breach
University of Phoenix, one of the largest for-profit educational institutions in the United States, disclosed a significant data breach affecting approximately 3.5 million individuals on…
HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access
HardBit ransomware continues to evolve as a serious threat to organizations worldwide. The latest version, HardBit 4.0, emerged as an upgraded variant of a strain…
Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain
Cybercriminals have increasingly weaponized the Income Tax Return (ITR) filing season to orchestrate sophisticated phishing campaigns targeting Indian businesses. By exploiting public anxiety surrounding tax…
Critical n8n Automation Platform Vulnerability Enables RCE Attacks
A critical remote code execution vulnerability has been discovered in n8n, the open-source workflow automation platform, exposing over 103,000 potentially vulnerable instances worldwide. Tracked as…
New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps
A new version of MacSync Stealer malware is targeting macOS users through digitally signed and notarized applications, marking a major shift in how this threat…
New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR
A new tool named GhostLocker has been released, demonstrating a novel technique to neutralize Endpoint Detection and Response (EDR) systems by weaponizing the native Windows…