Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code
Cisco has disclosed a severe vulnerability in its widely used IOS and IOS XE Software, potentially allowing attackers to crash devices or seize full control…
Category: CyberSecurityNews
New Phishing Attack Uses Basic Auth URLs to Trick Users and Steal Login Credentials
Early October 2025 witnessed the resurgence of a retro phishing technique that exploits legacy Basic Authentication URLs to deceive users into divulging sensitive credentials. Threat…
Senate Investigates Cisco Over Zero-Day Firewall Vulnerabilities
U.S. Senator Bill Cassidy, Chairman of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has demanded answers from Cisco Systems regarding recent zero-day vulnerabilities…
Mysterious Elephant APT Hackers Infiltrate Organization to Steal Sensitive Information
In recent months, a new advanced persistent threat (APT) group known as Mysterious Elephant has emerged as a formidable adversary targeting government and diplomatic institutions…
North Korean Hackers Using Malicious Scripts Combining BeaverTail and OtterCookie for Keylogging
A new information-stealer has emerged targeting job seekers with a trojanized Node.js application named Chessfi. Delivered via a modified npm package hosted on the official…
Operation Silk Lure Weaponizing Windows Scheduled Tasks to Drop ValleyRAT
Over the past month, a targeted campaign dubbed Operation Silk Lure has surfaced, exploiting the Windows Task Scheduler to deploy a novel variant of ValleyRAT.…
Beware of Fake ‘LastPass Hack’ Emails Trying to Trick Users Into Installing Malware
Cybersecurity professionals are raising alarms over a new wave of phishing emails masquerading as breach notifications from LastPass. These messages warn recipients of an urgent…
Qilin Ransomware Using Ghost Bulletproof Hosting to Attack Organizations Worldwide
The Qilin ransomware group has emerged as one of the most prolific and dangerous threat actors in the cybersecurity landscape, exploiting sophisticated bulletproof hosting infrastructure…
Beware of Malicious Ivanti VPN Client Sites in Google Search That Delivers Malware
An aggressive SEO poisoning campaign has surfaced in early October 2025, preying on users searching for the legitimate Ivanti Pulse Secure VPN client. Attackers have…
PhantomVAI Loader Attacking Organizations Worldwide to Deliver AsyncRAT, XWorm, FormBook and DCRat
A sophisticated multi-stage malware campaign is targeting organizations globally, utilizing the PhantomVAI Loader to distribute dangerous information-stealing malware. The attack chain, which begins with carefully…
CISA Warns Of Windows Improper Access Control Vulnerability Exploited In Attacks
CISA has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities catalog, warning organizations that threat actors are actively exploiting it in real-world…
Capita To pay £14 Million For Data Breach Exposes 6.6 Million Users Personal Data
The UK’s Information Commissioner’s Office (ICO) has imposed a £14 million fine on outsourcing giant Capita following a major cyber attack in 2023 that exposed…