Category: CyberSecurityNews

Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools
18
Jul
2025

Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools

The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities…

Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon
18
Jul
2025

Threat Actors Exploiting Ivanti Connect Secure Vulnerabilities to Deploy Cobalt Strike Beacon

A sophisticated malware campaign targeting Ivanti Connect Secure VPN devices has been actively exploiting critical vulnerabilities CVE-2025-0282 and CVE-2025-22457 since…

Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands
18
Jul
2025

Ubiquiti UniFi Devices Vulnerability Allows Attackers to Inject Malicious Commands

A critical security vulnerability affecting multiple Ubiquiti UniFi Access devices could allow attackers to execute malicious commands remotely.  The vulnerability,…

Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins
18
Jul
2025

Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins

A sophisticated Malware-as-a-Service operation has emerged that exploits the trusted GitHub platform to distribute malicious payloads, representing a significant evolution…

New "Daemon Ex Plist" Vulnerability Gives Attackers Root Access on macOS
18
Jul
2025

New “Daemon Ex Plist” Vulnerability Gives Attackers Root Access on macOS

A critical vulnerability in macOS allows attackers to escalate privileges to root access through misconfigured daemon services.  The vulnerability, dubbed…

Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains
18
Jul
2025

Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains

In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest,…

CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits
18
Jul
2025

CISA Releases 3 ICS Advisories Covering Vulnerabilities and Exploits

CISA issued three significant Industrial Control Systems (ICS) advisories on July 17, 2025, addressing critical vulnerabilities affecting energy monitoring, healthcare…

Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It
18
Jul
2025

Signal App Clone TeleMessage Vulnerability May Leak Passwords; Hackers Exploiting It

A critical security vulnerability in TeleMessageTM SGNL, an enterprise messaging system modeled after Signal, has been actively exploited by cybercriminals…

New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs
18
Jul
2025

New WAFFLED Attack Exploits AWS, Azure, Cloud Armor, Cloudflare, and ModSecurity WAFs

WAFFLED is a recently disclosed technique that evades leading Web Application Firewalls (WAFs) by targeting subtle parsing inconsistencies rather than…

BIND 9 Vulnerabilities Expose Organizations to Cache Poisoning and DoS Attacks
18
Jul
2025

BIND 9 Vulnerabilities Expose Organizations to Cache Poisoning and DoS Attacks

Two critical vulnerabilities in the BIND 9 DNS resolver software are affecting organizations worldwide, with potential cache poisoning and denial-of-service…

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges
18
Jul
2025

Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges

A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation…

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier
17
Jul
2025

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier

Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The…