ERMAC v3.0 Banking Malware Source Code Exposed via Weak Password
Researchers at Hunt.io have made a significant discovery in the cybersecurity field by obtaining and analyzing the complete source code of ERMAC V3.0. This advanced Android…
Category: CyberSecurityNews
F5 Fixes HTTP/2 Vulnerability Enabling Massive DoS Attacks
F5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow remote attackers to launch denial-of-service attacks against corporate networks. The…
Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery
Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture. The vulnerability…
Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code
A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems. The vulnerability, tracked as CVE-2025-53772,…
New Gmail Phishing Attack With Weaponized Login Flow Steals Login Credentials
A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login…
Multiple ImageMagick Vulnerabilities Cause Memory Corruption and Integer Overflows
Security researchers have uncovered four serious vulnerabilities in ImageMagick, one of the world’s most widely used open-source image processing software suites, potentially exposing millions of…
Hackers Mimic IT Teams to Exploit Microsoft Teams Request to Gain System Remote Access
A sophisticated social engineering campaign by the EncryptHub threat group that combines impersonation tactics with technical exploitation to compromise corporate networks. The Russian-linked cybercriminals are…
Fortinet FortiSIEM Command Injection Vulnerability (CVE-2025-25256)
Cybersecurity researchers from watchTowr Labs have published a comprehensive technical analysis of a critical pre-authentication command injection vulnerability affecting Fortinet FortiSIEM systems, designated as CVE-2025-25256.…
Palo Alto Networks Released A Mega Malware Analysis Tutorials Useful for Every Malware Analyst
Palo Alto Networks has published an extensive malware analysis tutorial detailing the dissection of a sophisticated .NET-based threat that delivers the Remcos remote access trojan…
Ransomware Actors Blending Legitimate Tools with Custom Malware to Evade Detection
The cybersecurity landscape faces a new sophisticated threat as the Crypto24 ransomware group demonstrates an alarming evolution in attack methodology, seamlessly blending legitimate administrative tools…
Google Requires Crypto App Developers to Have License or Certification From Relevant Authorities
Google Play has implemented comprehensive licensing requirements for cryptocurrency exchanges and software wallets, fundamentally reshaping the mobile app ecosystem for digital asset services. The policy…
Threat Actors Using CrossC2 Tool to Expand Cobalt Strike to Operate on Linux and macOS
A sophisticated threat campaign has emerged that leverages CrossC2, an unofficial extension tool that expands Cobalt Strike’s notorious capabilities beyond Windows systems to target Linux…