SAP’s July 2025 Patch Day
SAP has released its July 2025 Security Patch Day update, addressing a significant number of vulnerabilities across its enterprise software portfolio. The comprehensive security update…
Category: CyberSecurityNews
CISA Warns of PHPMailer Command Injection Vulnerability Exploited in Attacks
Key Takeaways1. CVE-2016-10033 in PHPMailer allows attackers to execute arbitrary code through command injection in the mail() function.2. The vulnerability is being exploited in live…
Atomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence
The notorious Atomic macOS Stealer (AMOS) malware has received a dangerous upgrade that significantly escalates the threat to Mac users worldwide. For the first time,…
Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results
A sophisticated SEO poisoning campaign targeting system administrators with malicious backdoor malware. Arctic Wolf security researchers have uncovered a dangerous search engine optimization (SEO) poisoning…
BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery
New ransomware group employs advanced virtualization attack tactics to maximize damage and hinder organizational recovery efforts. A newly emerged ransomware group known as BERT has…
Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators
Scattered Spider’s phishing domain patterns provide actionable insights to proactively counter threats from the notorious cyber group responsible for recent airline attacks. Scattered Spider, a…
New Linux EDR Evasion Tool Using io_uring Kernel Feature
A sophisticated new Linux evasion tool called RingReaper has emerged, leveraging the legitimate io_uring kernel feature to bypass modern Endpoint Detection and Response (EDR) systems. …
Linux Boot Vulnerability Allows Bypass of Secure Boot Protections on Modern Linux Systems
A significant vulnerability affecting modern Linux distributions that allows attackers with brief physical access to bypass Secure Boot protections through initramfs manipulation. The attack exploits…
1000+ New Fake Domains Mimic Amazon Prime Day Registered to Hunt Online Shoppers
As Amazon Prime Day 2025 approaches on July 8-11, millions of eager shoppers are preparing their wish lists and hunting for the best deals. However,…
Threat Actors Abusing Signed Drivers to Launch Modern Kernel Level Attacks on Windows
Cybercriminals are increasingly exploiting legitimate Windows driver signing processes to deploy sophisticated kernel-level malware, with new research revealing a concerning trend that has compromised over…
8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords, and Spy on Users
Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords,…
ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access
Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers. The vulnerabilities, tracked as…