CoinMarketCap Doodle Image Vulnerability Triggered Malicious Code Through an API Call
Summary 1. CoinMarketCap discovered a security flaw on June 20, 2025, in a homepage doodle image that executed malicious code through API calls, causing unwanted…
Category: CyberSecurityNews
Windows Screencast Snipping Tool Allow Users to Export Captures as GIF
Summary 1. Microsoft has begun distributing Snipping Tool version 11.2505.21.0 to Windows Insiders in Canary and Dev Channels, introducing GIF export capability for screen recordings.…
SparkKitty Attacks iOS and Android Devices in Wild Via App Store and Google Play
Cybersecurity researchers have uncovered a sophisticated new spyware campaign called SparkKitty that has successfully infiltrated both Apple’s App Store and Google Play Store, marking a…
BlueNoroff Hackers Weaponize Zoom App to Attack System Using Infostealer Malware
A sophisticated social engineering campaign leveraging the trusted Zoom platform has emerged as the latest weapon in the arsenal of North Korean state-sponsored hackers. The…
Amazon EKS Vulnerabilities Exposes Sensitive AWS Credentials and Escalate Privileges
Summary 1. Overprivileged containers can steal AWS credentials by targeting the 169.254.170.23:80 endpoint through packet sniffing and API spoofing attacks. 2. Attackers use tcpdump to…
NCSC Warns of ‘UMBRELLA STAND’ Malware Attacking Fortinet FortiGate Firewalls
The UK’s National Cyber Security Centre (NCSC) has issued a critical warning about a sophisticated malware campaign dubbed “UMBRELLA STAND” that specifically targets internet-facing Fortinet…
Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS
A threat actor has reportedly put up for sale a sophisticated FortiGate API exploit tool on a dark web marketplace, igniting significant concern within the…
CodeSign Secure v3.02: Future of Code Signing with PQC
In an era where cyber threats are becoming increasingly sophisticated and quantum computing looms on the horizon, traditional digital security measures must evolve. One of…
OpenVPN Driver Vulnerability Let Attackers to Crash Windows Systems
Summary 1. A critical OpenVPN Windows driver flaw (CVE-2025-50054) allowed local attackers to crash systems. 2. The vulnerability enabled denial-of-service attacks but did not expose…
DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats
DuckDuckGo has significantly upgraded its Scam Blocker feature to protect users against a broader range of digital threats, including sham e-commerce platforms, fake cryptocurrency exchanges,…
How Smart Timesheet Software Is Changing the Way of Work
As an employee have been managing projects in remote, hybrid, and traditional work environments, employees have always faced the same challenge: the inability to understand…
Threat Actors Leverage Hosting Platform Vercel to Deliver Remote Access Malware
Cybercriminals have discovered a sophisticated new method to distribute malicious remote access tools by exploiting Vercel, a legitimate frontend hosting platform, to host convincing phishing…