CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated…
Category: CyberSecurityNews
Threat Actors Abuse Windows Run Prompt to Execute Malicious Command and Deploy DeerStealer
Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits Windows’ built-in Run prompt to deliver DeerStealer, a powerful information stealer designed to harvest cryptocurrency…
Apache Tomcat Vulnerabilities Let Attackers Bypass Authentication & Trigger DoS Attacks
Multiple critical security vulnerabilities affecting Apache Tomcat web servers, including two high-severity flaws enabling denial-of-service (DoS) attacks and one moderate-severity vulnerability allowing authentication bypass. These…
Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet
Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy…
Microsoft Investigating Teams and Exchange Online Services Disruption Impacting Users
Microsoft experienced a significant service disruption affecting multiple Microsoft 365 services, including Teams and Exchange Online, impacting users globally whose requests were routed through the…
Gunra Ransomware Group Leaks 40TB of Data from American Hospital
The Gunra ransomware group escalated its attack on American Hospital Dubai (AHD), a premier healthcare facility in Dubai, UAE, by releasing new evidence of a…
46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks
A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable to complete account takeover attacks. The newly…
20+ Malicious Apps on Google Play Actively Attacking Users to Steal Login Credentials
A sophisticated phishing operation involving more than 20 malicious applications distributed through the Google Play Store, specifically designed to steal cryptocurrency wallet credentials from unsuspecting…
Katz Stealer Enhances Credential Theft Capabilities with System Fingerprinting and Persistence Mechanisms
A sophisticated new information-stealing malware known as Katz Stealer has emerged in 2025, demonstrating advanced credential theft capabilities combined with innovative persistence mechanisms that target…
Washington Post Journalists’ Microsoft Accounts Hacked in Targetetd Cyberattack
The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal…
Microsoft Purview DLP to Restrict Microsoft 365 Copilot in Processing Emails With Sensitive Labels
Microsoft has announced a significant enhancement to its data protection capabilities with the introduction of a new Data Loss Prevention (DLP) feature that will prevent…
Darknet Market Archetyp Dismantled by Authorities in Joint Action ‘Operation Deep Sentinel’
International law enforcement agencies have successfully dismantled one of the world’s largest darknet marketplaces, “Archetyp Market,” in a coordinated operation that resulted in multiple arrests…